Trojan.Win32.Scar.hskr (Kaspersky), Gen:Trojan.Heur.PT.SmW@aOAD21fi (B) (Emsisoft), Gen:Trojan.Heur.PT.SmW@aOAD21fi (AdAware), GenericAutorunWorm.YR, GenericInjector.YR, BankerGeneric.YR (Lavasoft MAS)Behaviour: Banker, Trojan, Worm, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 51bd6e8e95bba41a4697a101b2d6a187
SHA1: 65789c6261342acf1c47551b88f33e712685e661
SHA256: f059350004859eca7def5e834ca31cade5160afb7fb92053c3805a834c16403a
SSDeep: 12288:todAI3o7QvJ/RGtBp9T9e3dr1/qbio1NcTUrz7Ly/rqNDiS4Rn4xsluubAJsEEd:DWSi/Rim3z/qJ1sUbLy/rODGBHukAG
Size: 722432 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: AirInstaller
Created at: 2011-03-25 15:17:42
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Banker. Steals data relating to online banking systems, e-payment systems and credit card systems.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Trojan creates the following process(es):
SACBENTP285944DEFB2A.exe:892
%original file name%.exe:1700
mofcomp.exe:372
mofcomp.exe:776
The Trojan injects its code into the following process(es):
WRSA.exe:2008
WRSA.exe:352
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process SACBENTP285944DEFB2A.exe:892 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Webroot\WRSA.exe (3785 bytes)
The process %original file name%.exe:1700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\3F.tmp\SACBENTP285944DEFB2A.exe (3825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3F.tmp\wsa.bat (52 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\3F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3F.tmp\SACBENTP285944DEFB2A.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3F.tmp\wsa.bat (0 bytes)
The process mofcomp.exe:372 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\wbem\Logs\mofcomp.log (1587 bytes)
%WinDir%\Temp\tmp41.tmp (2 bytes)
%System%\wbem\AutoRecover\3FB02EC54EF11291FA75FBAC8D6B80D4.mof (4 bytes)
The Trojan deletes the following file(s):
%WinDir%\Temp\tmp41.tmp (0 bytes)
The process mofcomp.exe:776 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\wbem\Logs\mofcomp.log (1291 bytes)
%WinDir%\Temp\tmp40.tmp (2 bytes)
%System%\wbem\AutoRecover\3FB02EC54EF11291FA75FBAC8D6B80D4.mof (6 bytes)
The Trojan deletes the following file(s):
%WinDir%\Temp\tmp40.tmp (0 bytes)
The process WRSA.exe:2008 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\drivers\WRkrn.sys (112 bytes)
%Documents and Settings%\All Users\Application Data\WRData\~tmp.hiv (33604 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Webroot SecureAnywhere\Webroot SecureAnywhere.lnk (629 bytes)
%System%\WRusr.dll (149 bytes)
%WinDir%\Temp\perflib_perfdata_7a8.dat (4 bytes)
%Program Files%\Internet Explorer (4 bytes)
%Documents and Settings%\All Users\Application Data\WRData\dbi.db (714 bytes)
C:\$Directory (1732 bytes)
%Documents and Settings%\All Users\Application Data\WRData\WR.mof (1 bytes)
%Documents and Settings%\All Users\Application Data\WRData\dbg.db (1636 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\WRData\~tmp.hiv (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Webroot SecureAnywhere\Webroot SecureAnywhere.lnk (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Webroot SecureAnywhere (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs (0 bytes)
Registry activity
The process SACBENTP285944DEFB2A.exe:892 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 B7 66 87 0E A3 C6 6D F4 78 90 9A A5 C8 C7 35"
[HKLM\SOFTWARE\WRData]
"InstalledVersion" = "134218217"
[HKCU\Software\WRData]
"InstallOpt" = "38498"
[HKLM\SOFTWARE\WRData]
"InstallDir" = "%Program Files%\Webroot\WRSA.exe"
"nid" = "134218217"
[HKCU\Software\WRData]
"LIC" = "SACBENTP285944DEFB2A"
"3" = "0"
The process %original file name%.exe:1700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 16 14 CF 70 C7 B4 82 4B E1 CA B9 35 C9 EE EF"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Temp\3F.tmp]
"wsa.bat" = "wsa"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process mofcomp.exe:372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 6D D8 C2 37 4B 59 07 E6 B7 6A 25 6C 4D 6A 3E"
[HKLM\SOFTWARE\Microsoft\WBEM\CIMOM]
"Autorecover MOFs timestamp" = "130558497636928750"
The process mofcomp.exe:776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF FF D5 E1 55 5D 92 38 15 B4 47 61 57 0D B4 BE"
[HKLM\SOFTWARE\Microsoft\WBEM\CIMOM]
"Autorecover MOFs timestamp" = "130558497636303750"
"Autorecover MOFs" = "%System%\WBEM\cimwin32.mof, %System%\WBEM\cimwin32.mfl, %System%\WBEM\system.mof, %System%\WBEM\wmipcima.mof, %System%\WBEM\wmipcima.mfl, %System%\WBEM\regevent.mof, %System%\WBEM\regevent.mfl, %System%\WBEM\ntevt.mof, %System%\WBEM\ntevt.mfl, %System%\WBEM\secrcw32.mof, %System%\WBEM\secrcw32.mfl, %System%\WBEM\dsprov.mof, %System%\WBEM\dsprov.mfl, %System%\WBEM\msi.mof, %System%\WBEM\msi.mfl, %System%\WBEM\policman.mof, %System%\WBEM\policman.mfl, %System%\WBEM\subscrpt.mof, %System%\WBEM\wmi.mof, %System%\WBEM\wmi.mfl, %System%\WBEM\scm.mof, %System%\WBEM\fevprov.mof, %System%\WBEM\fevprov.mfl, %System%\WBEM\wmitimep.mof, %System%\WBEM\wmitimep.mfl, %System%\WBEM\wmipdskq.mof, %System%\WBEM\wmipdskq.mfl, %System%\WBEM\wmipicmp.mof"
The process WRSA.exe:2008 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = ""
[HKLM\System\CurrentControlSet\Services\WRkrn\Instances]
"DefaultInstance" = "WRkrn"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = ""
[HKCR\CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32]
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}]
"(Default)" = "WRShellExt"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\System\CurrentControlSet\Control]
"CloneTimeStampFlags" = "432977565"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
"NoModify" = "1"
[HKCR\*\shellex\ContextMenuHandlers\WRShellExt]
"(Default)" = "{69D72956-317C-44bd-B369-8E44D4EF9802}"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
"InstallLocation" = "%Program Files%\Webroot\"
[HKLM\SOFTWARE\WRData]
"GWord" = "WSASME.EXE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\WRData]
"CTX" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn]
"(Default)" = "Driver"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
"UninstallString" = "%Program Files%\Webroot\WRSA.exe -uninstall"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
"EstimatedSize" = "695"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\WRData]
"rCV" = "1"
[HKLM\System\CurrentControlSet\Services\WRSVC]
"Description" = "Webroot SecureAnywhere Endpoint Protection v8.0.1.233"
[HKLM\SOFTWARE\WRData]
"InstalledVersion" = "134218217"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCR\Folder\shellex\ContextMenuHandlers\WRShellExt]
"(Default)" = "{69D72956-317C-44bd-B369-8E44D4EF9802}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
"VersionMajor" = "8"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
"Publisher" = "Webroot"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 06 A0 92 1A FA 49 B5 0B D6 F1 22 6B 35 DB EB"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\System\CurrentControlSet\Services\WRkrn\Instances\WRkrn]
"Altitude" = "321611"
[HKLM\SOFTWARE\WRData]
"InstallDir" = "%Program Files%\Webroot\WRSA.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Services\WRkrn]
"MSvc" = "WRSVC"
[HKLM\System\CurrentControlSet\Services\WRkrn\Instances\WRkrn]
"Flags" = "0"
[HKCR\CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32]
"(Default)" = "%System%\WRusr.dll"
[HKLM\System\CurrentControlSet\Services\WRSVC]
"CSD" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
"VersionMinor" = "0"
"DisplayName" = "Webroot SecureAnywhere"
"DisplayVersion" = "8.0.1.233"
"DisplayIcon" = "%Program Files%\Webroot\WRSA.exe"
"NoRepair" = "1"
The Trojan deletes the following registry key(s):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\WRkrn]
"DeleteFlag"
"WOW64"
The process WRSA.exe:352 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 36 18 BD B7 72 4A 75 F8 3D C5 A9 67 F9 2B F2"
[HKLM\SOFTWARE\WRData]
"BLV" = "E3 17 B9 E7 73 89 DF 89 C8 2C 84 9F 37 2F F2 EC"
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"wInstallTime" = "1411376161"
[HKCU\Software\WRData]
"LIC" = "SACBENTP285944DEFB2A"
"17" = "1927995897"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC]
"(Default)" = "Service"
[HKCU\Software\WRData]
"5" = "ivTHbMBs"
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\WRSVC]
"WOW64"
"DeleteFlag"
Dropped PE files
MD5 | File path |
---|---|
cbe1be460b6da29669169379afe61720 | c:\Program Files\Webroot\WRSA.exe |
b666f9ae523f9150e1ee1f6c8242441c | c:\WINDOWS\system32\WRusr.dll |
8570519458afa754d99292a815bc49b9 | c:\WINDOWS\system32\drivers\WRkrn.sys |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\drivers\WRkrn.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\drivers\WRkrn.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\drivers\WRkrn.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
Using the driver "%System%\drivers\WRkrn.sys" the Trojan controls operations with a system registry by installing the registry notifier.
The Trojan installs the following kernel-mode hooks:
ZwAllocateVirtualMemory
ZwAssignProcessToJobObject
ZwCreateThread
ZwDebugActiveProcess
ZwDeleteKey
ZwDeleteValueKey
ZwDuplicateObject
ZwOpenProcess
ZwOpenSection
ZwOpenThread
ZwProtectVirtualMemory
ZwSetContextThread
ZwSetValueKey
ZwSystemDebugControl
ZwTerminateProcess
ZwTerminateThread
ZwWriteVirtualMemory
Using the driver " %System%\drivers\WRkrn.sys" the Trojan attaches its filter-device object to the Volume Device Object (VDO) of the file system driver.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
SACBENTP285944DEFB2A.exe:892
%original file name%.exe:1700
mofcomp.exe:372
mofcomp.exe:776 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\Webroot\WRSA.exe (3785 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3F.tmp\SACBENTP285944DEFB2A.exe (3825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3F.tmp\wsa.bat (52 bytes)
%System%\wbem\Logs\mofcomp.log (1587 bytes)
%WinDir%\Temp\tmp41.tmp (2 bytes)
%System%\wbem\AutoRecover\3FB02EC54EF11291FA75FBAC8D6B80D4.mof (4 bytes)
%WinDir%\Temp\tmp40.tmp (2 bytes)
%System%\drivers\WRkrn.sys (112 bytes)
%Documents and Settings%\All Users\Application Data\WRData\~tmp.hiv (33604 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Webroot SecureAnywhere\Webroot SecureAnywhere.lnk (629 bytes)
%System%\WRusr.dll (149 bytes)
%WinDir%\Temp\perflib_perfdata_7a8.dat (4 bytes)
%Program Files%\Internet Explorer (4 bytes)
%Documents and Settings%\All Users\Application Data\WRData\dbi.db (714 bytes)
C:\$Directory (1732 bytes)
%Documents and Settings%\All Users\Application Data\WRData\WR.mof (1 bytes)
%Documents and Settings%\All Users\Application Data\WRData\dbg.db (1636 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.MPRESS1 | 4096 | 765952 | 718848 | 5.54368 | ab7a591948a0dfb81c8e9d20364bd65c |
.MPRESS2 | 770048 | 1228 | 1536 | 3.48797 | bb1c5ba93743189ec186fa9dce165a49 |
.rsrc | 774144 | 1040 | 1536 | 2.62402 | b9520c33f1e3aea0922a32485ebeba1f |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://ronb1-1759004122.us-east-1.elb.amazonaws.com/arm.asp | |
hxxp://g74.p4.webrootcloudav.com/arm.asp | 50.16.211.74 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST /arm.asp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Host: g74.p4.webrootcloudav.com
Content-Length: 1141
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
TV=1&TT=AWARE&SV=134218217&InstanceMID=19ceb69d6a09dedff47750851539a8874a1a04894327bb608db5179dd6a9ae21&HEADERS=$$$01$$$314F04E9OLCKIKPLHKHRNEMEPDQDLGQRNFNHPHFIOIIGNQIHJPHDMIIPEKECMGJLRKHLHHOCOPDOLFJEEJRNGJNRMIKPCCHGRIEEEQQNRHHJNLFGFPDCNLNLMMQMNLGDCEHHPKIIIGCMCJFHJHRLHJHPHECDMQHCDEGIJQONJNCGONLJHKFINLGEOEPQJPKEOMKMNKDOLCNGGGNKOLENDRMNOLRKEPIPMLRQJNQKMLGIHDQEECPHMGNFMHKJQHOHGMKNDLEMQLNFLRFCNKMNOLKDNJQQKHJIFQIJERKCMOCFPGCJKMLQEQHLDLHQPMEJLQNMHQPQKNHENNCEDDQGHKMKMPLLGODPFJQLJRMMNREHCKMOMMINLQLFOKKMRCCPOHOQLKIQMCOJOFMNRJRICCCORNMFPJEDFIENHOOHIPFQRLIPQMOFIHLQKEKMKDEIMROIRQGFONPHJPKINQHEEQKIPQLJCFHNLLJERNJCJLPJOLJCEROIMNMGNIOPMEORHCOREHLEDLGRHNRGJGFRLJJEHHPEMLPRMQRQGMQMDLQEQQJHNKLHEIRQMERQJEKGHGJOGHLLKJCIQPHMGRLIFMOHLKQCOPLKCQOOHJPMKEDCEJEPFFCQRFRIDHHREKNHRMDKOENMJKCEIIDKQPQMLELMLDMHDGHNCFNDOLELRPLPLFGOJHHLNEFPNPIOQKDCLLILGLLNKMHJLFIMQKCKFGMGNNCMLRMPINNFQFERGLQNRRGQGCNDDPFNFOMKORJDMJRJQHGJDCFENOFNJFNCCQEDIEJPPREDNLQLPHCPFFGDKOOKDNDLMMHHECFHPIEPQJKFFCGHPLOCFOKNLQRJMEDCMEPRCLEOICNMEEMIRRDCENDMLPINLRLOPFKHQPLLDJGPKRRGGEDFMQDEMLNENLMHDDCPJKKIPEKPQDKQIEOFDOOFEDDLMOHLDJGQOMCLCGMPPHGCQLDCLKIHFRHIQKJIIRCEKNHIOKDENMJNJIOKIFQMQPGFDLQLCFDH&
HTTP/1.1 200 OK
Cache-Control: private,no-cache
Content-Type: application/octet-stream
Date: Mon, 22 Sep 2014 13:58:15 GMT
Expires: Sun, 21 Sep 2014 13:58:16 GMT
Pragma: no-cache
Server: Microsoft-IIS/7.5
Set-Cookie: errtext=; path=/
X-Powered-By: ASP.NET
Content-Length: 2530
Connection: keep-alive
<?xml version='1.0' encoding='UTF-8' ?>.<pvx_com_xml><![CDATA[.TT=AWARE.TV=1.SV=134218217.InstanceMID=19ceb69d6a09dedff47750851539a8874a1a04894327bb608db5179dd6a9ae21.$$^^URL=156A21CCKFQTKNGRFQMNSPQROJGHUIRLFRQSJQSMOFNFHJJJKLSHQTJPOPQUPTQSQKHQPTNKKGIKGLNTNIPLNHMKURFRGPUHQQNGILGFQLQUIUGONTSOTLMSTJOPFINQHFRSMNHUMJPIISMIRKTHOPHGTLFNKUSUFIUOSUQJOUQMUQOISQJNFGNULIRMNNGGJFPOFFJSJRILFURGMOHJNURGITHJLMTTRSRJRPGHRNSOHJLRLMTOQKSNKQUFFHFSGMFNKIOGRQHLMOIUSMQRRPUKKUIFSMGROHMGQTPQIFIRNHPTQHKTMFJSOGHQHLPMNMGMTUSLPTNTQMHLPNPGOQPJLOHGITSNNSPNUHNRRPNPFGSQKKRTQGNQKQTIPIHJJFPGPGNTSMLSUMUHGFHIMIFSIISKHRURIORPHRLQKFRGSGIMGMNHSMJMMLOLNUHUIOINOSNQNPLKMJUNQSTRHQIOUIOGOHRLUUTOUQJGUHTIGIJOPRMTFKFGNUHNRKPGSMIHUFQGUJFMUOTUFKGLHGMGRLJMUJMNRUHFJIJRPRQNHMRHOOFQHPRNFRHUIPQHLQUHQGSJGPHIKULLUQRMQGIFRJRPHOSJRQOHSRTQHKPPIIRKJIJNSTPKQPGFKGQLTPNHRNITMSPUHKLJLUGPUIOSLFOPIFFORGJSQMFLMSLPNITRFHNLIJURPLJUKJIQIIMGQNSQJIHKSNKFFOPUFBKM.$$^^UPD=9FE3A845OEOCEAJHMFCKNIOLLBICBFDMEHCAKDKFHGLPDGIKKGPPGHDOFFFNDEHJNNNLNCKCCLNLDFDAELBBMPBCDIECHIEDJGDNLHFJDAPFMMCGAJBDNBOENCPHEBFCCEFOLGGNMFOOANJKINCCPJJONCKBCMDEBGHBGCKFDOACKKJAGMCMIAJJDFAIMGNLLINFIHHLMCNMMCJFNLNCKOHDBLFFKHPJGFHMAKJDPNHNOEDINGAADIACPDKMCCLMBKKGAJBNICPIIDFJFEKLOJOCPMAGJKHMBHCHJMBIGCLKKJAJCCADNPHOBDFFCEPJDFHFOFJIPPEDAOHDEEKHHGPBMDOCGPAGPP.$$^^HDR=09703BD6AAMBOHJPCIOHEDJFCONIGFNAMLIKKNIJLONDEGNCIFOBFJNNFAJAFMEPIIGACFHJLNKFODMLNGEDLGAHNGDFPAOPHHHILPLBGEANJJNPJOPIBKNAAJAAJJKLKCLMPIAOMFGCCBNKKEOAAHMDAEJJPOMGMLNAKHNNKCBKJCIJABCHOPFDBLMPCEBNBLBCGJAEEBKMJFKAJJDCEPLCBIOBHMHHIJAFELBDJJLNNAKICCJMKG
<<< skipped >>>
POST /arm.asp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Host: g74.p4.webrootcloudav.com
Content-Length: 1206
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
Cookie: errtext=
TV=1&TT=WALL&SV=134218217&InstanceMID=19ceb69d6a09dedff47750851539a8874a1a04894327bb608db5179dd6a9ae21&HEADERS=$$$01$$$F38AC12CNSJRNKOGNOLNHEGOFRKHFKKNPPFDRNJGSMSRDFSSDFDPQQOGMHSRQLFGHLPORIIFGQLJFORDIJFMOKJQEJISKDDJGNIDKRQMNINLQMSMEEQEINGHHMFKINLDFQMHOKFKHOHORSKDNMDOLOROLNOGGFRFHNSHJJOMJGOEIDFFDDHPRQOOIMFKFJSKIIGKFKNEHSDEQGDIMKQJPDIJIJDIKFEDHFNGDHSIQJMRERDLFOGOJLEMJMJQFMFOHFJIIEHHREQQILIFHGKJGFEDHDKGGRROHMSNELQQMOMEJDMISQPOIQLSNQLLNRKIFJFDRJHHKGPDDOMLJLGRNDKFEIHGGHHKSGMGFKMDRKQFJDJMLRNFKIEJFGHSEOPHRFDKSSFKLKLRFGRJFGDPQHOFFOEMHGMOJJMEHPOSKQLGJNQDONOEGMJSEEKOQFIOGLKGJMSJEPJLRFGGRLNKSMKGHMJFIHFRKNFKLPJIDRDKLRMFFPFDJSDJKFFSJJFMIDFMJISHEMFMMHMRLKRNJHRONNHKENHNQEJOKIOSFJKLIFRSPKPLIQFDERFDDRQRRHRRSIDOKKMPIIPLGRHHPNEKFLGFOQPNPFORDKRLQFRSHKRDESPSEDKOSJMFPOKHQIQMNQSOIKHGLRIQGEELHRFPHMEKLLRMIODGQEIORIFLDLSMFQFGRJPHFJMIOGJIDJQHQJFJIIRFDHQKOJSIROIMFHSKPDQDLDRRMPGFGJGGODNHHOISQEMESDHFDGMSNSEMNQFMELIPKOIMLLJQSIODMIRDJHOPPRKHRFIDDHQGGLINJPHPQMLGMHRGNFKSISEMLLQSFEIFLPEERKFQINPNENDIKEKJNHPDKNMPNKRKHGQSOMNFKHEMGLHDDJIDGDLHSLKGPOKELHMOLRNGNSPMMQENHHROHQGJSDOIFGFOQNGOOPNJSPSJQNLLNNKDDKLMQGJENGEPRGFHERIKPGJLEKQLJGMOPGNJDOOLDOEFRNNJHSDFLMDHJQHDIMLDEMOHLIDMFIIMSMEJPSKKROLIIMJKNPKPMFNLGODDQPQGGNDGGQGDNQDRQSDDGM&
HTTP/1.1 200 OK
Cache-Control: private,no-cache
Content-Type: application/octet-stream
Date: Mon, 22 Sep 2014 13:58:15 GMT
Expires: Sun, 21 Sep 2014 13:58:16 GMT
Pragma: no-cache
Server: Microsoft-IIS/7.5
Set-Cookie: errtext=; path=/
X-Powered-By: ASP.NET
Content-Length: 57100
Connection: keep-alive
<?xml version='1.0' encoding='UTF-8' ?>.<pvx_com_xml><![CDATA[.TT=WALL.TV=1.SV=134218217.InstanceMID=19ceb69d6a09dedff47750851539a8874a1a04894327bb608db5179dd6a9ae21.$$^^LIC=7D014AA7ITOTNNVRKHPSHIRSTHIRSNOOOHLUONRNWURHUIOMJONOLWVWOKHJTNWONTOWKVMKUKVOKNNRJHRHLIUJISRUOTQKIWVRPTNULWMJQROPJMKNTHKRSOLIQTUOQSSIVMWNNQUSPMTRRPQUOVPRHQRJSHWLSUUJWQUNSUOPVPORWVRHKLWLUIKQISLVQRSWUQWPSUVRTWTNVKOLMHLRNUVPNLKJUSKWNULPPVITMTUHLOPUTUNTVKHLSTKRVOMKLLPRRTHSTUMSHURRIHQKOVUQONRQWRMSHPMJHLMTQJJROVMNSRWKNWTHLPHJTHQQRITTRKQOVOPJTWKOURIJTSHKVSTJOKPWMKSRWSRWVJRPWVJOUURLMIRQUTQWLQNWNQMJLIMRHTLVKPPNJUQJKPQVNIJUNMHJJNTLRSNKVWLJVVSWPKLWIIHJHFUI.$$^^STR=D9773CD1DDDDDJKFPHEKQHIFFELKGIMELFRFPIRLSSMILDEHDJKFDNMRESONKRKPNOLDLIQGIKHSGPEHDNMSJMIPLESEGHJNSFSSKLKJSJLSQNPPLGJELGNLJEJSNJMQRISSHLSRSMJSFJILFNPRJMFFQHHJQISIFRKIPQOKPPRDKDNMJELPJIQILPIPMGONGMGDHNOFSKENKGDKKSQIFLPIHRSKRFQMFQDHHNSDFNDHILFQFGLQIJQOHGIMSGDMPHQQQJFJHQQGFPIFFONDLJJMMDMNGEISHDIFIPGRRIMEEMPIDFFSQDGLOPHJMNFOLHRJHNEOKEKEEIIIDQDERLQEHPOSHGILJLJMJHGNRDODRRFHKNRDHRHHPIPJRJQIDFDDMKJLJSJEFKEFGDGLMJINNEGSRGLGMMNOMGSIMFEDPDIEOEQFMGFGLIDIHSDRPMJMDPINHOQESEPJHKSNHPRQSLFLSRDMSQDRHPDISKMEEIJKRGEEKHMDHIKGPFSMKPRNPMGGGJOMMMOSDHQJGGKHMOKILJONPQQQQPNOISJONGGJODGHQHHMMQPHIEJEDGKFKSGNFHNQLDHQDHOKIFRKNGEMMMMSRESLJJEDLHDPIEFDKJPQONKMMJLMGJEEILRGSQEQDRPDRNQODDPLOMJKHLLFGQFHGNFDDKGKFPHENLGMIKGSLDILMGRNFHLMHJJOKFRHEPDEMROFDEOLHPRHGDMRIGKMMIQMHFHDKSEFDMJGNEKOMJKROGEPPEKMOINMNGHEIKMPQGPQOKRQDFNOHDMIHRKINONPERKEHFERMFJMSMSHELFQPEEPDEGLGEHPGPEEHRPSSJKFHSFPHDOENPDILLQJRKQKLKIPQJEQEPJGHQSHGRRKFQ
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
WRSA.exe_352:
`.rsrc
`.rsrc
B'hG.Ir
B'hG.Ir
SUPPORTHOME
SUPPORTHOME
WEBROOTHOME
WEBROOTHOME
SUPPORT
SUPPORT
/exeshowaddremove
/exeshowaddremove
-proxyport=
-proxyport=
-proxypass=
-proxypass=
-key=
-key=
/key=
/key=
DlExec
DlExec
TempKeycode
TempKeycode
ChangeKeyCode
ChangeKeyCode
virusscan.jotti.org
virusscan.jotti.org
VVV.virustotal.com
VVV.virustotal.com
sophos.com
sophos.com
grisoft.com
grisoft.com
pandasoftware.com
pandasoftware.com
trendmicro.com
trendmicro.com
virustotal.com
virustotal.com
f-secure.com
f-secure.com
kaspersky.com
kaspersky.com
mcafee.com
mcafee.com
webroot.com symantec.com
webroot.com symantec.com
webrootanywhere.com
webrootanywhere.com
webrootcloudav.com
webrootcloudav.com
prevxinfo.com
prevxinfo.com
prevx.com
prevx.com
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
hXXp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
hXXp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
scrnsave.scr
scrnsave.scr
res://ieframe.dll/securityatrisk.htm
res://ieframe.dll/securityatrisk.htm
res://ieframe.dll/repost.htm
res://ieframe.dll/repost.htm
res://ieframe.dll/offcancl.htm
res://ieframe.dll/offcancl.htm
res://ieframe.dll/noaddoninfo.htm
res://ieframe.dll/noaddoninfo.htm
res://ieframe.dll/noaddon.htm
res://ieframe.dll/noaddon.htm
res://ieframe.dll/inprivate.htm
res://ieframe.dll/inprivate.htm
res://ieframe.dll/navcancl.htm
res://ieframe.dll/navcancl.htm
res://mshtml.dll/blank.htm
res://mshtml.dll/blank.htm
C:\Windows\system32\blank.htm
C:\Windows\system32\blank.htm
hXXp://go.microsoft.com/fwlink/?LinkId=54896
hXXp://go.microsoft.com/fwlink/?LinkId=54896
hXXp://go.microsoft.com/fwlink/?LinkId=69157
hXXp://go.microsoft.com/fwlink/?LinkId=69157
BURLT
BURLT
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\CurrentVersion\App Paths
Terminal Server Client\TransportExtensions
Terminal Server Client\TransportExtensions
Ole\AppCompat\ActivationSecurityCheckExemptionList
Ole\AppCompat\ActivationSecurityCheckExemptionList
.html
.html
UrlSearchHooks
UrlSearchHooks
Extensions\CmdMapping
Extensions\CmdMapping
Keyboard Layouts
Keyboard Layouts
Userinstallable.drivers
Userinstallable.drivers
LoginScript
LoginScript
rdpwd\Tds\tcp
rdpwd\Tds\tcp
Cmdline
Cmdline
SetupExecute
SetupExecute
Image File Execution Options
Image File Execution Options
wowcmdline
wowcmdline
cmdline
cmdline
Windows
Windows
SCRNSAVE.EXE
SCRNSAVE.EXE
KeyFileName
KeyFileName
Explorer\ShellExecuteHooks
Explorer\ShellExecuteHooks
PendingFileRenameOperations
PendingFileRenameOperations
FileRenameOperations
FileRenameOperations
BootExecute
BootExecute
Software\Policies\Microsoft\Windows\System\Scripts
Software\Policies\Microsoft\Windows\System\Scripts
AppCertDlls
AppCertDlls
DefaultPassword
DefaultPassword
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
$$^^URL
$$^^URL
ProxyPort
ProxyPort
ProxyPassword
ProxyPassword
UninstallKey
UninstallKey
websec
websec
UPDATEURL
UPDATEURL
ERRURL
ERRURL
URLSTR
URLSTR
URLFILEUPLOAD
URLFILEUPLOAD
URLINBOUND
URLINBOUND
URLSLAP
URLSLAP
hXXp://webcache.google
hXXp://webcache.google
hXXp://developers.facebook.com
hXXp://developers.facebook.com
hXXp://static.ak.fbcdn.net
hXXp://static.ak.fbcdn.net
hXXp://VVV.facebook.com
hXXp://VVV.facebook.com
video.ak.fbcdn.net
video.ak.fbcdn.net
VVV.facebook.com
VVV.facebook.com
driver.cab
driver.cab
sp1.cab
sp1.cab
sp2.cab
sp2.cab
sp3.cab
sp3.cab
A suspicious file was detected: %S - %s - X
A suspicious file was detected: %S - %s - X
Applied unique machine ID: X
Applied unique machine ID: X
In-memory infection identified: %S
In-memory infection identified: %S
Configuration Saved: %s
Configuration Saved: %s
Removed invalid LSP chain entry: %S
Removed invalid LSP chain entry: %S
Connected to %s
Connected to %s
Monitoring process %S [%s]. Type: %i (%i)
Monitoring process %S [%s]. Type: %i (%i)
End passive write scan (%i file(s))
End passive write scan (%i file(s))
Begin passive write scan (%i file(s))
Begin passive write scan (%i file(s))
Saved the product log to %S
Saved the product log to %S
Rule Overridden: MD5: %s, Size: %i bytes, ID: X, Result: %i
Rule Overridden: MD5: %s, Size: %i bytes, ID: X, Result: %i
Website determination changed: %S [Level: X] [Type: X]
Website determination changed: %S [Level: X] [Type: X]
>>> Service started [%s]
>>> Service started [%s]
SLevel updated to %s
SLevel updated to %s
Applied license key: %s
Applied license key: %s
Executed cleanup script: %S
Executed cleanup script: %S
Submitted file at user request: %S
Submitted file at user request: %S
Updating from %S
Updating from %S
Scan Results: Files Scanned: %i, Duration: %S, Malicious Files: %i
Scan Results: Files Scanned: %i, Duration: %S, Malicious Files: %i
Scan Started: %S [ID: %i - Flags: %i/%i]
Scan Started: %S [ID: %i - Flags: %i/%i]
Configuration imported from %S
Configuration imported from %S
Configuration exported to %S
Configuration exported to %S
Cleanup tool %i executed
Cleanup tool %i executed
Determination flags modified: %S - MD5: %s, Size: %i bytes, Flags: X
Determination flags modified: %S - MD5: %s, Size: %i bytes, Flags: X
Blocked process from accessing protected data: %S [Type: %i]
Blocked process from accessing protected data: %S [Type: %i]
Closed network connection: [X.%i - X.%i]
Closed network connection: [X.%i - X.%i]
Blocked process from connecting to the Internet: %S [MD5: %s]
Blocked process from connecting to the Internet: %S [MD5: %s]
Infection found in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
Infection found in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
File blocked in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
File blocked in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
Blocked website: %s
Blocked website: %s
Rolled back infection: %S
Rolled back infection: %S
Infection detected: %S [MD5: %s] [%i/X] [%s]
Infection detected: %S [MD5: %s] [%i/X] [%s]
Installation successfully completed (%s/%s)
Installation successfully completed (%s/%s)
GetWindowsDirectoryA
GetWindowsDirectoryA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CallNamedPipeW
CallNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
GetNamedPipeClientProcessId
GetNamedPipeClientProcessId
CreateIoCompletionPort
CreateIoCompletionPort
%m/%d %I:%M %p
%m/%d %I:%M %p
%d/%m %I:%M %p
%d/%m %I:%M %p
127.0.0.1
127.0.0.1
_CorExeMain
_CorExeMain
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.3
g%i.p4.webrootcloudav.com/arm.asp
g%i.p4.webrootcloudav.com/arm.asp
000000000000000
000000000000000
Win32.Override.1
Win32.Override.1
Win32.LocalInfect.3
Win32.LocalInfect.3
Win32.LocalInfect.1
Win32.LocalInfect.1
Win32.AutoBlock.1
Win32.AutoBlock.1
Win32.UserAdded
Win32.UserAdded
Win32.RuleBlock.1
Win32.RuleBlock.1
Win32.Untrusted.1
Win32.Untrusted.1
Caution.Rootkit
Caution.Rootkit
Community.OuterEdge
Community.OuterEdge
Community.Heuristic
Community.Heuristic
Win32.LocalADS
Win32.LocalADS
Win32.LocalInfect.0
Win32.LocalInfect.0
Win32.LocalInfect.2
Win32.LocalInfect.2
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,MM=Y,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,MM=Y,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,LSysC:%I64X,TSysC:%I64X,
%commonfiles%
%commonfiles%
Êche%
Êche%
%cookies%
%cookies%
úvorites%
úvorites%
%documents%
%documents%
%start%
%start%
%startup%
%startup%
Þsktop%
Þsktop%
VVV.google.com
VVV.google.com
if exist "%s" goto d
if exist "%s" goto d
Nspr4Hook::hookerPrOpenTcpSocket
Nspr4Hook::hookerPrOpenTcpSocket
if exist "%s"
if exist "%s"
VVV.bing.com
VVV.bing.com
ru.brans.pl
ru.brans.pl
proxim.ircgalaxy.pl
proxim.ircgalaxy.pl
irc.zief.pl
irc.zief.pl
core.ircgalaxy.pl
core.ircgalaxy.pl
kernel32.dll
kernel32.dll
SLAPKEY
SLAPKEY
%s/arm.asp
%s/arm.asp
%s/aot.asp
%s/aot.asp
184.72.40.115
184.72.40.115
174.129.33.10
174.129.33.10
79.125.105.211
79.125.105.211
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
arm.asp
arm.asp
%Y-%m-%d %H:%M:%S.000
%Y-%m-%d %H:%M:%S.000
serverexecutable
serverexecutable
%s\wininit.ini
%s\wininit.ini
1%iX%s^%s
1%iX%s^%s
DEX%s^
DEX%s^
C0X%s^
C0X%s^
C1X%s^%s
C1X%s^%s
C2X%s^
C2X%s^
(%i %s)
(%i %s)
Removing all components... %c
Removing all components... %c
.pvxdtr
.pvxdtr
https
https
PACKED_EXE,
PACKED_EXE,
[Ovr=X*Age=%i*Pop=%i*Dir=%i*Adv=%i*],
[Ovr=X*Age=%i*Pop=%i*Dir=%i*Adv=%i*],
00000000000000000000
00000000000000000000
00000000
00000000
0000000000000000
0000000000000000
00000000000000
00000000000000
URLBlob
URLBlob
Start: X. End: X. Seq: X. DB: X. Install: X. Command: %s. Parameters: %s
Start: X. End: X. Seq: X. DB: X. Install: X. Command: %s. Parameters: %s
reg %s /f
reg %s /f
%x %x
%x %x
1.2.3
1.2.3
%m-%d
%m-%d
hXXp://
hXXp://
%2sX
%2sX
%2ss
%2ss
JOBHTTP
JOBHTTP
$$$01$$$
$$$01$$$
%S,%s,
%S,%s,
WSASME.EXE
WSASME.EXE
operating systems
operating systems
%C:\boot.ini
%C:\boot.ini
%s\%S
%s\%S
"%S\%s",SynProc %i
"%S\%s",SynProc %i
XXX
XXX
v8.0.1.233
v8.0.1.233
@.dll
@.dll
%S\%s.dll
%S\%s.dll
SetTcpEntry
SetTcpEntry
GetExtendedTcpTable
GetExtendedTcpTable
GetExtendedUdpTable
GetExtendedUdpTable
FilterConnectCommunicationPort
FilterConnectCommunicationPort
RegSaveKeyExW
RegSaveKeyExW
RegRestoreKeyW
RegRestoreKeyW
RegSaveKeyW
RegSaveKeyW
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegOpenKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyExA
RegSetKeySecurity
RegSetKeySecurity
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
CertOpenStore
CertOpenStore
CertCloseStore
CertCloseStore
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgGetParam
CertFreeCertificateContext
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
ExitWindowsEx
ExitWindowsEx
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
WinHttpConnect
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSendRequest
WinHttpOpen
WinHttpOpen
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpReadData
WinHttpReadData
WinHttpCloseHandle
WinHttpCloseHandle
winhttp
winhttp
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
msvcrt
msvcrt
OS=%i%i^OSLang=%i^OSFull=%s^AVV=%s^AVS=%s^AVA=%s^AVU=%s^IB=%S^IBV=%S^FWE=%s^
OS=%i%i^OSLang=%i^OSFull=%s^AVV=%s^AVS=%s^AVA=%s^AVU=%s^IB=%S^IBV=%S^FWE=%s^
%u%u%u
%u%u%u
PX%sMID3%sSRC
PX%sMID3%sSRC
MACX%s
MACX%s
(Build %d)
(Build %d)
%s (Build %d)
%s (Build %d)
Server 2008 WebServer
Server 2008 WebServer
Server 2003 Web Edition
Server 2003 Web Edition
Windows Version Unknown
Windows Version Unknown
Windows %s %s
Windows %s %s
Windows %s %s %s
Windows %s %s %s
-X
-X
HTTP/1.1 500
HTTP/1.1 500
Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\%s
{C27CCE38-8596-11D1-B16A-00C0F0283688}
{C27CCE38-8596-11D1-B16A-00C0F0283688}
{C1A8AF25-1257-101B-8FB0-0020AF039CA8}
{C1A8AF25-1257-101B-8FB0-0020AF039CA8}
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%i
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%i
20323:TCP
20323:TCP
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
14671:UDP
14671:UDP
c:\windows\explorer.exe
c:\windows\explorer.exe
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\DomainProfile\GloballyOpenPorts
Software\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST
Software\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST
Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86AEEA3A39CAF6F4D8D287BB7F4E228B
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86AEEA3A39CAF6F4D8D287BB7F4E228B
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
255.255.255.255
255.255.255.255
$$$04$$$
$$$04$$$
$$$03$$$
$$$03$$$
$$$02$$$
$$$02$$$
AntiVirusProduct.instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}"
AntiVirusProduct.instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}"
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --siluninstall -name=webroot --nostartmenu --noaddremove -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --siluninstall -name=webroot --nostartmenu --noaddremove -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --userinstallie --userinstallff -name=webroot --nostartmenu --noaddremove --installforallusers -j "%S\pkg" --disablenotes --disableidentities --disablevault --disablecontext --lpbarpath="%S\PKG\WRBar.dll" --lpbarpath64="%S\PKG\WRBar64.dll" -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --userinstallie --userinstallff -name=webroot --nostartmenu --noaddremove --installforallusers -j "%S\pkg" --disablenotes --disableidentities --disablevault --disablecontext --lpbarpath="%S\PKG\WRBar.dll" --lpbarpath64="%S\PKG\WRBar64.dll" -noshut
WRCLOUDALPHA.EXE
WRCLOUDALPHA.EXE
%s %s
%s %s
sShortDate
sShortDate
%a %Y-%m-%d %H:%M
%a %Y-%m-%d %H:%M
%a %d-%m-%Y %H:%M
%a %d-%m-%Y %H:%M
%a %Y-%m-%d %H:%M:%S
%a %Y-%m-%d %H:%M:%S
%a %d-%m-%Y %H:%M:%S
%a %d-%m-%Y %H:%M:%S
%s%I64XXXX
%s%I64XXXX
XXXXXXXXX%I64X
XXXXXXXXX%I64X
UpdateURL
UpdateURL
Software\Classes\winbio.winbiotools
Software\Classes\winbio.winbiotools
Software\Classes\Typelib\{130e4dce-ffac-15e3-5893-74950afeea4c}
Software\Classes\Typelib\{130e4dce-ffac-15e3-5893-74950afeea4c}
Software\Classes\Typelib\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Typelib\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Clsid\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Clsid\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Interface\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Interface\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Typelib\{8a4f328c-c9f4-4449-a0df-a756a6b52abf}
Software\Classes\Typelib\{8a4f328c-c9f4-4449-a0df-a756a6b52abf}
Software\Classes\bho.fffplayer.1
Software\Classes\bho.fffplayer.1
Software\Classes\bho.fffplayer
Software\Classes\bho.fffplayer
Software\Microsoft\Active Setup\Installed Components\{b00589a8-44cb-ba97-5de2-7c733bbee8ed}
Software\Microsoft\Active Setup\Installed Components\{b00589a8-44cb-ba97-5de2-7c733bbee8ed}
%s.i
%s.i
Win32.MalComponent
Win32.MalComponent
Win32.Corrupted
Win32.Corrupted
Software\Microsoft\Windows\CurrentVersion\Policies
Software\Microsoft\Windows\CurrentVersion\Policies
credssp.dll
credssp.dll
Software\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Windows\CurrentVersion\Policies\System
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\qmgr.dll
%SystemRoot%\System32\qmgr.dll
System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
%SystemRoot%\system32\ntmarta.dll
%SystemRoot%\system32\ntmarta.dll
%SystemRoot%\system32\notepad.exe %1
%SystemRoot%\system32\notepad.exe %1
Software\Classes\Applications\notepad.exe\shell\open\command
Software\Classes\Applications\notepad.exe\shell\open\command
System\CurrentControlSet\Control\Session Manager\AppCertDlls
System\CurrentControlSet\Control\Session Manager\AppCertDlls
Software\Microsoft\PCHealth\ErrorReporting
Software\Microsoft\PCHealth\ErrorReporting
DoReport
DoReport
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
WarnOnBadCertRecving
WarnOnBadCertRecving
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Policies\Microsoft\Windows NT\SystemRestore
Software\Policies\Microsoft\Windows NT\SystemRestore
%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
%SystemRoot%\system32\ntvdm.exe
%SystemRoot%\system32\ntvdm.exe
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows NT\CurrentVersion\Windows
comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
explorer.exe
explorer.exe
Software\Classes\.exe\shell\open\command
Software\Classes\.exe\shell\open\command
Software\Classes\exefile\shell\open\command
Software\Classes\exefile\shell\open\command
Software\Classes\.exe
Software\Classes\.exe
dontreportinfectioninformation
dontreportinfectioninformation
Windows\WindowsUpdate
Windows\WindowsUpdate
Windows\WindowsUpdate\AU\NoAutoUpdate
Windows\WindowsUpdate\AU\NoAutoUpdate
DisableCMD
DisableCMD
NoWindowsUpdate
NoWindowsUpdate
%windir%\system32\choice.exe /T 1 /N /D N /M Uninstalling...
%windir%\system32\choice.exe /T 1 /N /D N /M Uninstalling...
#pragma namespace("\\\\.\\root\\SecurityCenter")
#pragma namespace("\\\\.\\root\\SecurityCenter")
[Description("Webroot SecureAnywhere Security Center Integration"),Override("HostingModel")]
[Description("Webroot SecureAnywhere Security Center Integration"),Override("HostingModel")]
Name="AVClientInt.AVClientIntProvider";
Name="AVClientInt.AVClientIntProvider";
ClsId="{D486329C-1488-4CEB-9CC8-D662B732D904}";
ClsId="{D486329C-1488-4CEB-9CC8-D662B732D904}";
SupportsPut="FALSE";
SupportsPut="FALSE";
SupportsGet="TRUE";
SupportsGet="TRUE";
SupportsDelete="FALSE";
SupportsDelete="FALSE";
SupportsEnumeration="TRUE";
SupportsEnumeration="TRUE";
instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}";
instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}";
companyName="Webroot";
companyName="Webroot";
displayName="Webroot SecureAnywhere";
displayName="Webroot SecureAnywhere";
Microsoft\Office\%s\%s\%s\
Microsoft\Office\%s\%s\%s\
http://
http://
WSA_SA_Report-%s
WSA_SA_Report-%s
%a_%Y-%m-%d_%H-%M-%S
%a_%Y-%m-%d_%H-%M-%S
g1.p4.webrootcloudav.com/arm.asp
g1.p4.webrootcloudav.com/arm.asp
symsecureport
symsecureport
SQLANYs_sem5
SQLANYs_sem5
semwebsrv
semwebsrv
Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
memory.dmp
memory.dmp
Microsoft\Windows NT\CurrentVersion\Winlogon\altdefaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\altdefaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername
Microsoft\Windows\CurrentVersion\Explorer\Streams\
Microsoft\Windows\CurrentVersion\Explorer\Streams\
Microsoft\Windows\CurrentVersion\Explorer\DesktopStreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\DesktopStreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
msdownload.tmp\
msdownload.tmp\
Microsoft\Windows\Cookies\index.dat
Microsoft\Windows\Cookies\index.dat
Microsoft\Windows\Temporary Internet Files\index.dat
Microsoft\Windows\Temporary Internet Files\index.dat
Cookies\index.dat
Cookies\index.dat
Local Settings\Temporary Internet Files\Content.IE5\index.dat
Local Settings\Temporary Internet Files\Content.IE5\index.dat
Microsoft\Windows\IEDownloadHistory\index.dat
Microsoft\Windows\IEDownloadHistory\index.dat
Logs\IE9_NR_Setup.log
Logs\IE9_NR_Setup.log
IE9_Main.log
IE9_Main.log
IE9.log
IE9.log
IE8_Main.log
IE8_Main.log
IE8.log
IE8.log
IE7_Main.log
IE7_Main.log
IE7.log
IE7.log
IE Setup Log.txt
IE Setup Log.txt
Microsoft\Windows\History\
Microsoft\Windows\History\
Local Settings\Temporary Internet Files\Content.IE5\
Local Settings\Temporary Internet Files\Content.IE5\
Microsoft\Windows\Temporary Internet Files\
Microsoft\Windows\Temporary Internet Files\
Microsoft\Windows\Cookies\
Microsoft\Windows\Cookies\
Microsoft\Internet Explorer\TypedUrls\
Microsoft\Internet Explorer\TypedUrls\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\
Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery\
Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery\
Microsoft\Internet Explorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU\
Microsoft\Internet Explorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU\
Microsoft\InternetExplorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU\
Microsoft\InternetExplorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Find\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Find\
Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Documents\Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Documents\Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Documents\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Documents\
Microsoft\Windows\Recent\
Microsoft\Windows\Recent\
$Recycle.bin\
$Recycle.bin\
Google\Chrome\User Data\Default\Cache\
Google\Chrome\User Data\Default\Cache\
Mozilla\Firefox\Profiles\
Mozilla\Firefox\Profiles\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install
P4REPORT
P4REPORT
%S\Driver Cache\i386
%S\Driver Cache\i386
%s,%i%i
%s,%i%i
8.0.1.233
8.0.1.233
%s %s%s
%s %s%s
%i-%i-%i-X-X.tmp
%i-%i-%i-X-X.tmp
%s %s%S %s
%s %s%S %s
Microsoft\Windows NT\CurrentVersion
Microsoft\Windows NT\CurrentVersion
\REGISTRY\User\%S
\REGISTRY\User\%S
Microsoft\Windows\CurrentVersion
Microsoft\Windows\CurrentVersion
IG=%s,
IG=%s,
hXXp://anywhere.webrootcloudav.com/zerol/pkgwiscaway.exe
hXXp://anywhere.webrootcloudav.com/zerol/pkgwiscaway.exe
detail.webrootanywhere.com/p4inbound.asp
detail.webrootanywhere.com/p4inbound.asp
hXXp://VVV.webrootanywhere.com/betaeula.asp
hXXp://VVV.webrootanywhere.com/betaeula.asp
*X
*X
%.*s(%d)%s
%.*s(%d)%s
=%%
=%%
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\WRSA.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\WRSA.pdb
O|SSSh
O|SSSh
SSSSh=
SSSSh=
tcSSSh
tcSSSh
SSSSh6
SSSSh6
SSSSh7
SSSSh7
PSSSh
PSSSh
(QPSSSSh,
(QPSSSSh,
SSSSh?
SSSSh?
PIQSSSh
PIQSSSh
RjEQSSSShE
RjEQSSSShE
SSSSh@
SSSSh@
RSSSSSSh
RSSSSSSh
KPjVSSSh
KPjVSSSh
QjfSSSh
QjfSSSh
SShaaa
SShaaa
}.VQR
}.VQR
PSSSSSSh
PSSSSSSh
>\u%f
>\u%f
K Pj.SV
K Pj.SV
SSSh8
SSSh8
O|SSSSh
O|SSSSh
jtSSSSh$
jtSSSSh$
SSh ;
SSh ;
tcPQ
tcPQ
SSSSh
SSSSh
S|Wj.WWh
S|Wj.WWh
jmj SSSh
jmj SSSh
N|Sj.SSh
N|Sj.SSh
jDSSSh
jDSSSh
jJj)SSSh
jJj)SSSh
N|Sj.SSj^jBSSSh
N|Sj.SSj^jBSSSh
SShDDD
SShDDD
SSSSjJj)SSSh
SSSSjJj)SSSh
W|Sj.SSj^jBSSSh
W|Sj.SSj^jBSSSh
V|Sj.SSj^jBSSSh
V|Sj.SSj^jBSSSh
t.SSSV
t.SSSV
zcÃ
zcÃ
Allow users to remove threats without a password
Allow users to remove threats without a password
Allow users to scan without a password
Allow users to scan without a password
This website is already being protected with SecureAnywhere Browser Protection. Remove it from the Browser Protection list to change its Website Filtering options.
This website is already being protected with SecureAnywhere Browser Protection. Remove it from the Browser Protection list to change its Website Filtering options.
This application is being actively protected against keyloggers, screen-grabbers, clipboard stealers, and other information-stealing threats.
This application is being actively protected against keyloggers, screen-grabbers, clipboard stealers, and other information-stealing threats.
Assess the intent of new programs before allowing them to execute
Assess the intent of new programs before allowing them to execute
Would you like to automatically import the settings that were used in your previous installation?
Would you like to automatically import the settings that were used in your previous installation?
Automatically block files when detected on execution
Automatically block files when detected on execution
Caution: Booting into Safe Mode may prevent access to encrypted hard drives. Ensure that you have all encryption keys available if you are using hard disk encryption so that your computer can boot properly. Do you want to continue?
Caution: Booting into Safe Mode may prevent access to encrypted hard drives. Ensure that you have all encryption keys available if you are using hard disk encryption so that your computer can boot properly. Do you want to continue?
Warn when new programs execute that are not trusted
Warn when new programs execute that are not trusted
Protect against keyloggers
Protect against keyloggers
Block phishing and known malicious websites
Block phishing and known malicious websites
Block suspicious access to browser windows
Block suspicious access to browser windows
The current operation cannot be aborted.
The current operation cannot be aborted.
SecureAnywhere was unable to remove threats automatically. Click "Contact Support" to contact our Support engineers.
SecureAnywhere was unable to remove threats automatically. Click "Contact Support" to contact our Support engineers.
Configuration for HTTP websites
Configuration for HTTP websites
Configuration for HTTPS websites
Configuration for HTTPS websites
Would you like SecureAnywhere to continue monitoring and alerting about the Windows Firewall?
Would you like SecureAnywhere to continue monitoring and alerting about the Windows Firewall?
Your keycode has been copied to the clipboard. You can now paste it into any application.
Your keycode has been copied to the clipboard. You can now paste it into any application.
The keycode could not be verified at this time. Ensure that SecureAnywhere is allowed to connect to the Internet and try again.
The keycode could not be verified at this time. Ensure that SecureAnywhere is allowed to connect to the Internet and try again.
Configuration settings could not be exported to the selected file.
Configuration settings could not be exported to the selected file.
Configuration settings could not be imported from the selected file.
Configuration settings could not be imported from the selected file.
SecureAnywhere has detected that the Windows Firewall is currently disabled. It is recommended that you enable the Windows Firewall to receive maximum protection. The firewall built into SecureAnywhere is fully compatible with the Windows Firewall and provides an additional layer of protection.||Would you like to enable the Windows Firewall now?
SecureAnywhere has detected that the Windows Firewall is currently disabled. It is recommended that you enable the Windows Firewall to receive maximum protection. The firewall built into SecureAnywhere is fully compatible with the Windows Firewall and provides an additional layer of protection.||Would you like to enable the Windows Firewall now?
Displaying %s events
Displaying %s events
Displaying %s process events
Displaying %s process events
Enable Password Protection
Enable Password Protection
Password protection is not currently enabled. Do you want to enable it now?
Password protection is not currently enabled. Do you want to enable it now?
Enable "right-click" scanning in Windows Explorer
Enable "right-click" scanning in Windows Explorer
Enter a valid keycode to continue.
Enter a valid keycode to continue.
First Exec - PID: %i
First Exec - PID: %i
A full keycode is required to add custom applications. Would you like to obtain one now?
A full keycode is required to add custom applications. Would you like to obtain one now?
Store Execution History details
Store Execution History details
Hide the SecureAnywhere keycode on-screen
Hide the SecureAnywhere keycode on-screen
SecureAnywhere has detected a modification to the HOSTS file, which may have been created by malicious software. The entry has the contents:||[%S]||Would you like SecureAnywhere to remove this entry?
SecureAnywhere has detected a modification to the HOSTS file, which may have been created by malicious software. The entry has the contents:||[%S]||Would you like SecureAnywhere to remove this entry?
HTTP Proxy
HTTP Proxy
Save non-executable file details to scan logs
Save non-executable file details to scan logs
Enter a valid keycode. If you continue to receive this message, contact SecureAnywhere Support.
Enter a valid keycode. If you continue to receive this message, contact SecureAnywhere Support.
I/O Operations
I/O Operations
A full keycode is required to increase the default security level. Would you like to obtain one now?
A full keycode is required to increase the default security level. Would you like to obtain one now?
A keycode is required to run a full system scan. Would you like to obtain one now?
A keycode is required to run a full system scan. Would you like to obtain one now?
Your SecureAnywhere keycode has been validated and activated. Your computer will now be rescanned to provide the most accurate protection.
Your SecureAnywhere keycode has been validated and activated. Your computer will now be rescanned to provide the most accurate protection.
Enter a keycode to continue.
Enter a keycode to continue.
Loading execution history process events...
Loading execution history process events...
The Execution History log is currently loading.
The Execution History log is currently loading.
Loading %s execution history events...
Loading %s execution history events...
Caution: Your current configuration settings may prevent access to SecureAnywhere. You may want to change your configuration settings now or use the command-line option "WRSA.exe -showgui" to show the SecureAnywhere interface if needed.
Caution: Your current configuration settings may prevent access to SecureAnywhere. You may want to change your configuration settings now or use the command-line option "WRSA.exe -showgui" to show the SecureAnywhere interface if needed.
Operate background functions using fewer CPU resources
Operate background functions using fewer CPU resources
This website is blocked because of a policy added by the user to prevent access.
This website is blocked because of a policy added by the user to prevent access.
This website has been trusted locally and visitation is not blocked.
This website has been trusted locally and visitation is not blocked.
Contact SecureAnywhere Support to upload files larger than 10MB.
Contact SecureAnywhere Support to upload files larger than 10MB.
Insert a keycode for SecureAnywhere.
Insert a keycode for SecureAnywhere.
Password
Password
This file is trying to access stored passwords
This file is trying to access stored passwords
The password entered was incorrect.
The password entered was incorrect.
Error: The entered passwords do not match.
Error: The entered passwords do not match.
PID %i active %s (CPU %s)
PID %i active %s (CPU %s)
PID %i active %s
PID %i active %s
%s (PID: %i) started by %s (PID: %i)
%s (PID: %i) started by %s (PID: %i)
%s (PID: %i) - (Parent PID: %i)
%s (PID: %i) - (Parent PID: %i)
Enter your password below to enter:
Enter your password below to enter:
Enter a password to enable protection.
Enter a password to enable protection.
Protect cookies and saved website data
Protect cookies and saved website data
An attempt to take a screenshot of your computer was detected. This screenshot may contain confidential information as a protected website is currently open. Do you want to allow this screenshot to continue?
An attempt to take a screenshot of your computer was detected. This screenshot may contain confidential information as a protected website is currently open. Do you want to allow this screenshot to continue?
Protect against URL grabbing attacks
Protect against URL grabbing attacks
Port
Port
Randomize the installed filename to bypass certain infections
Randomize the installed filename to bypass certain infections
Allow the process to execute other processes
Allow the process to execute other processes
Allow access to windows with a High integrity level
Allow access to windows with a High integrity level
Allow access to windows with a Medium integrity level
Allow access to windows with a Medium integrity level
Select a configuration file to import
Select a configuration file to import
Select a file to execute
Select a file to execute
Select where you would like to export the configuration:
Select where you would like to export the configuration:
Select a file to report to Webroot
Select a file to report to Webroot
Select a removal script to execute:
Select a removal script to execute:
Show SecureAnywhere in the Windows Action Center
Show SecureAnywhere in the Windows Action Center
Show the "Authenticating Files" popup when a new file is scanned on-execution
Show the "Authenticating Files" popup when a new file is scanned on-execution
Show SecureAnywhere in the Windows Security Center
Show SecureAnywhere in the Windows Security Center
Configuration successfully exported.
Configuration successfully exported.
Are you sure you want to visit this website? The contents could potentially compromise your identity or infect your computer.
Are you sure you want to visit this website? The contents could potentially compromise your identity or infect your computer.
Uninstall Webroot
Uninstall Webroot
Configuration saved. Close and re-open all open web browsers to update active protection.
Configuration saved. Close and re-open all open web browsers to update active protection.
Use the preconfigured policies for changing configuration settings for all websites.
Use the preconfigured policies for changing configuration settings for all websites.
This keycode is valid but has expired. Would you like to renew the keycode now?
This keycode is valid but has expired. Would you like to renew the keycode now?
Enter a valid, complete website name to configure.
Enter a valid, complete website name to configure.
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks
Verify websites when visited to determine legitimacy
Verify websites when visited to determine legitimacy
This website contains a known threat and has been blocked.
This website contains a known threat and has been blocked.
Contact Support
Contact Support
Website determination updated. Close your web browser and open the web page again or refresh the current page to continue browsing.
Website determination updated. Close your web browser and open the web page again or refresh the current page to continue browsing.
SecureAnywhere Scan Log (Version %S)~|Log saved at %S~|
SecureAnywhere Scan Log (Version %S)~|Log saved at %S~|
(User time: %s - Kernel time: %s)
(User time: %s - Kernel time: %s)
Cycles: %s
Cycles: %s
MD5: %S - Size: %i bytes
MD5: %S - Size: %i bytes
(PID: %i, TID: %i) %s registry entry: %s\%.*s
(PID: %i, TID: %i) %s registry entry: %s\%.*s
(PID: %i, TID: %i) %s file: %.*s
(PID: %i, TID: %i) %s file: %.*s
%s: PID - %i
%s: PID - %i
(PID: %i, TID: %i) %s process: %i - %s
(PID: %i, TID: %i) %s process: %i - %s
(PID: %i, TID: %i) %s named pipe: %.*s
(PID: %i, TID: %i) %s named pipe: %.*s
(PID: %i, TID: %i) %s module: %.*s
(PID: %i, TID: %i) %s module: %.*s
(PID: %i, TID: %i) %s code: %.*s (%S)
(PID: %i, TID: %i) %s code: %.*s (%S)
(PID: %i, TID: %i) %s IP %.*S
(PID: %i, TID: %i) %s IP %.*S
(PID: %i, TID: %i) %s Sector: %I64X - Length: %I64X
(PID: %i, TID: %i) %s Sector: %I64X - Length: %I64X
(PID: %i, TID: %i) %s URL: %.*S
(PID: %i, TID: %i) %s URL: %.*S
(PID: %i, TID: %i) %s service - %.*s - %.*s, (%i, %i)
(PID: %i, TID: %i) %s service - %.*s - %.*s, (%i, %i)
(PID: %i, TID: %i) %s mutex: %.*s
(PID: %i, TID: %i) %s mutex: %.*s
(PID: %i, TID: %i) Logging keystrokes
(PID: %i, TID: %i) Logging keystrokes
(PID: %i, TID: %i) Monitoring Windows events (%i)
(PID: %i, TID: %i) Monitoring Windows events (%i)
(PID: %i, TID: %i) %s section: %.*s
(PID: %i, TID: %i) %s section: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Registry Key: %.*s~|~|Value: %.*s~|Type: X~|New Data: %s~|~|Previous Data: %s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Registry Key: %.*s~|~|Value: %.*s~|Type: X~|New Data: %s~|~|Previous Data: %s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Original Filename: %.*s~|~|New Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Original Filename: %.*s~|~|New Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Target Process ID: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Target Process ID: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Module Name: %.*s~|Image Base: X~|Image Size: X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Module Name: %.*s~|Image Base: X~|Image Size: X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s~|Type: %S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s~|Type: %S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Address: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Address: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Sector: %I64X~|Length: %I64X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Sector: %I64X~|Length: %I64X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|URL: %.*S~|~|Bytes Transferred: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|URL: %.*S~|~|Bytes Transferred: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Caption: %.*S~|Contents: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Caption: %.*S~|Contents: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Service Name: %.*s~|Binary Path: %.*s~|Type: %i~|Start Type: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Service Name: %.*s~|Binary Path: %.*s~|Type: %i~|Start Type: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Mutex: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Mutex: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Windows Hook ID: %i~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Windows Hook ID: %i~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Event Hook Minimum ID: X~|Event Hook Maximum ID: X
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Event Hook Minimum ID: X~|Event Hook Maximum ID: X
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Section: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Section: %.*s
View the Webroot software license agreement
View the Webroot software license agreement
Webroot SecureAnywhere protects your computer from viruses, spyware, trojans, rootkits, and other malicious software.
Webroot SecureAnywhere protects your computer from viruses, spyware, trojans, rootkits, and other malicious software.
Enter your keycode to install and activate your software.
Enter your keycode to install and activate your software.
Help me find my keycode
Help me find my keycode
By clicking Agree and Install, you accept the terms of the Webroot software license agreement.
By clicking Agree and Install, you accept the terms of the Webroot software license agreement.
Want to learn more about Webroot?
Want to learn more about Webroot?
Help and Support
Help and Support
About Webroot SecureAnywhere
About Webroot SecureAnywhere
Login Theft Protection
Login Theft Protection
Protected Websites
Protected Websites
Websites on this list receive custom security to protect any information entered.
Websites on this list receive custom security to protect any information entered.
View/Edit Protected Websites
View/Edit Protected Websites
Password Required
Password Required
Web Threat Shield
Web Threat Shield
3. Close any open programs or web browsers (Recommended but not essential)
3. Close any open programs or web browsers (Recommended but not essential)
Reports
Reports
You may save a scan log, which Technical Support uses for diagnostics.
You may save a scan log, which Technical Support uses for diagnostics.
View an audit log of all monitored executed code. This allows you to manage running processes and identify potential problems quickly.
View an audit log of all monitored executed code. This allows you to manage running processes and identify potential problems quickly.
Not collecting execution history events
Not collecting execution history events
Password:
Password:
Repeat Password:
Repeat Password:
If a Webroot researcher has instructed you to execute a Removal script, select the script to begin.
If a Webroot researcher has instructed you to execute a Removal script, select the script to begin.
Import / Export
Import / Export
Block websites from creating high risk tracking information
Block websites from creating high risk tracking information
Analyze websites for phishing threats
Analyze websites for phishing threats
Enter the website address to protect (e.g. VVV.webroot.com)
Enter the website address to protect (e.g. VVV.webroot.com)
Add Website
Add Website
Analyze search engine results and identify malicious websites before visitation
Analyze search engine results and identify malicious websites before visitation
Detect websites being redirected by the HOSTS file
Detect websites being redirected by the HOSTS file
Look for malware on websites before visitation
Look for malware on websites before visitation
Look for exploits in website content before visitation
Look for exploits in website content before visitation
Website Filter
Website Filter
View/edit the list of blocked websites to change how they should be handled or add new websites to block.
View/edit the list of blocked websites to change how they should be handled or add new websites to block.
View Websites
View Websites
Website
Website
Enter the website address to configure (e.g. VVV.webroot.com)
Enter the website address to configure (e.g. VVV.webroot.com)
You received your keycode by email.
You received your keycode by email.
Your keycode is located on the CD sleeve.
Your keycode is located on the CD sleeve.
If you have misplaced your keycode:
If you have misplaced your keycode:
Contact Webroot Support at hXXp://VVV.webroot.com/support
Contact Webroot Support at hXXp://VVV.webroot.com/support
Help me find my license keycode
Help me find my license keycode
You can also import your settings from another computer using this screen.
You can also import your settings from another computer using this screen.
Import Settings
Import Settings
Export Settings
Export Settings
Activate a new keycode
Activate a new keycode
Keycode:
Keycode:
Enter your new keycode into the field below and click Activate:
Enter your new keycode into the field below and click Activate:
Enter your keycode here...
Enter your keycode here...
Are you sure you want to abort the current operation?
Are you sure you want to abort the current operation?
Identity && Privacy - protect yourself while browsing web sites
Identity && Privacy - protect yourself while browsing web sites
Enter a password that is at least six characters long for better security.
Enter a password that is at least six characters long for better security.
Only executable files can be overridden.
Only executable files can be overridden.
Warning: Clearing the product log will prevent Webroot technical support from assisting you accurately. Are you sure you want to clear the log?
Warning: Clearing the product log will prevent Webroot technical support from assisting you accurately. Are you sure you want to clear the log?
The username or password is invalid.
The username or password is invalid.
I forgot my password
I forgot my password
Downloading Password Management Components...
Downloading Password Management Components...
Installing Password Management...
Installing Password Management...
Windows System
Windows System
Windows Desktop
Windows Desktop
Windows Registry Streams
Windows Registry Streams
Windows Update Temporary folder
Windows Update Temporary folder
Windows Temporary folder
Windows Temporary folder
Clean Index.dat (cleaned on reboot)
Clean Index.dat (cleaned on reboot)
URL history
URL history
Securely erase files by overwriting contents with random data using seven passes and clean free space around files.
Securely erase files by overwriting contents with random data using seven passes and clean free space around files.
Erase files by overwriting contents with random data using three passes.
Erase files by overwriting contents with random data using three passes.
Clean files using standard file deletion techniques, bypassing the Windows Recycle Bin.
Clean files using standard file deletion techniques, bypassing the Windows Recycle Bin.
SecureAnywhere has detected a significant infection on your computer which requires manual assistance to clean. Contact Webroot Support to help clean your computer.
SecureAnywhere has detected a significant infection on your computer which requires manual assistance to clean. Contact Webroot Support to help clean your computer.
Your SecureAnywhere subscription entitles you to use Backup && Sync which makes it easy to share files on your computer and protect your important files from loss. Click "Download and Install" to use this feature.
Your SecureAnywhere subscription entitles you to use Backup && Sync which makes it easy to share files on your computer and protect your important files from loss. Click "Download and Install" to use this feature.
Select specific files and folders to back up to your online storage in the Cloud to protect important files from loss.
Select specific files and folders to back up to your online storage in the Cloud to protect important files from loss.
Webroot Internet Security Complete is already installed on your computer. Use the Sync & Sharing features within WISC to prevent incompatibilities.
Webroot Internet Security Complete is already installed on your computer. Use the Sync & Sharing features within WISC to prevent incompatibilities.
Backup & Sync was not installed successfully. If you continue to receive this error, contact Webroot Support.
Backup & Sync was not installed successfully. If you continue to receive this error, contact Webroot Support.
Your SecureAnywhere subscription entitles you to use Password Management that makes managing your web site logons easy and more secure. Click "Download and Install" to use this feature.
Your SecureAnywhere subscription entitles you to use Password Management that makes managing your web site logons easy and more secure. Click "Download and Install" to use this feature.
Install Password Management
Install Password Management
Manage your personal information, websites, and passwords at your My Webroot account.
Manage your personal information, websites, and passwords at your My Webroot account.
- Automatically fill in your login information for remembered websites
- Automatically fill in your login information for remembered websites
- Create secure, hack-resistant passwords for website logins
- Create secure, hack-resistant passwords for website logins
Password Management makes web browsing easier and more secure.
Password Management makes web browsing easier and more secure.
Password Management is On
Password Management is On
Password Management was not installed successfully. If you continue to receive this error, contact Webroot Support.
Password Management was not installed successfully. If you continue to receive this error, contact Webroot Support.
Password Management
Password Management
SecureAnywhere was unable to restore all files to their original locations and has copied them to a dedicated Quarantine folder located at [%s]. Would you like to view the Quarantine folder now?
SecureAnywhere was unable to restore all files to their original locations and has copied them to a dedicated Quarantine folder located at [%s]. Would you like to view the Quarantine folder now?
The keycode is currently hidden and cannot be copied.
The keycode is currently hidden and cannot be copied.
%-5i %S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i %S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i ...%.*S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i ...%.*S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%S (%S) - %S@%S drive - %i%% Free (%i MB Total), Serial Number: X~|
%S (%S) - %S@%S drive - %i%% Free (%i MB Total), Serial Number: X~|
%S (%S)@%S, Number of Logins: %i, %S~|
%S (%S)@%S, Number of Logins: %i, %S~|
%S on %S@%i MB, %i MHz (Form Factor: %S, Manufacturer ID: %S, Serial Number: %S, Part Number: %S)~|
%S on %S@%i MB, %i MHz (Form Factor: %S, Manufacturer ID: %S, Serial Number: %S, Part Number: %S)~|
%S on %S@%i MB, (Form Factor: %S)~|
%S on %S@%i MB, (Form Factor: %S)~|
%S@%S drive - No media~|
%S@%S drive - No media~|
%S@%S, Last Login: %s, Number of Logins: %i, %S~|
%S@%S, Last Login: %s, Number of Logins: %i, %S~|
%S@%S, Service: %S, Status: X,
%S@%S, Service: %S, Status: X,
%S@(%S) %S, Service: %S, Status: X,$
%S@(%S) %S, Service: %S, Status: X,$
%S@Device ID: %S, Internal Name: %S~|
%S@Device ID: %S, Internal Name: %S~|
%S@Never logged in~|
%S@Never logged in~|
%S@Port: %S, Status: %i, Jobs: %i~|
%S@Port: %S, Status: %i, Jobs: %i~|
%i fragments, %u bytes@%S (MFT: %i)~|
%i fragments, %u bytes@%S (MFT: %i)~|
%s@Minidump: %S~|
%s@Minidump: %S~|
%s@System Analysis completed in %i seconds (%s)~|
%s@System Analysis completed in %i seconds (%s)~|
, Problem code - X,
, Problem code - X,
Active Applications@%i - %i windows (%i visible)~|
Active Applications@%i - %i windows (%i visible)~|
Active Applications@%i windows (%i visible)~|
Active Applications@%i windows (%i visible)~|
Active Directory@%S~|
Active Directory@%S~|
Auto Update State@%S~|
Auto Update State@%S~|
Browser@%S %S~|
Browser@%S %S~|
CPU@%s (%i %S)~|
CPU@%s (%i %S)~|
Common AppData Directory@%S~|
Common AppData Directory@%S~|
Current Processor Speed@%dMHz~|
Current Processor Speed@%dMHz~|
DHCP Server@%s~|
DHCP Server@%s~|
DNS Server@%s~|
DNS Server@%s~|
External Clock Speed@%dMHz~|
External Clock Speed@%dMHz~|
External IP Address@%s~|
External IP Address@%s~|
Gateway@%s~|
Gateway@%s~|
Graphics Card@%s - %iMB Free Video RAM, %iMB Total~|
Graphics Card@%s - %iMB Free Video RAM, %iMB Total~|
Home Page@%S~|
Home Page@%S~|
Hostname@%s~|
Hostname@%s~|
IP Address@%s~|
IP Address@%s~|
IP Mask@%s~|
IP Mask@%s~|
Internet Cache@%i KB (%s)~|
Internet Cache@%i KB (%s)~|
Last Update Check@%S~|
Last Update Check@%S~|
Last Update Download@%S~|
Last Update Download@%S~|
Last Update Install@%S (%i %S ago)~|
Last Update Install@%S (%i %S ago)~|
Last Update Install@%S~|
Last Update Install@%S~|
Maximum Supported RAM Size@%i MB~|
Maximum Supported RAM Size@%i MB~|
Next Scheduled Install Time@%S~|
Next Scheduled Install Time@%S~|
Next Scheduled Update Check@%S~|
Next Scheduled Update Check@%S~|
OS Install Date@%s~|
OS Install Date@%s~|
OS@%s (Language: %i)~|
OS@%s (Language: %i)~|
Operating System
Operating System
Phishing Filter@%S~|
Phishing Filter@%S~|
Search History, URL History, and Recent Playlist
Search History, URL History, and Recent Playlist
Slot %i - %S (%S)@%S - Bus Number: 0xX, Device Number: 0xX, Segment Group Number: 0xX~|
Slot %i - %S (%S)@%S - Bus Number: 0xX, Device Number: 0xX, Segment Group Number: 0xX~|
Spyware Protection@%S %S (%S)~|
Spyware Protection@%S %S (%S)~|
Spyware Protection@%S %S (%S, %S)~|
Spyware Protection@%S %S (%S, %S)~|
System Access Level@%s~|
System Access Level@%s~|
System Boot Drive Device@%S~|
System Boot Drive Device@%S~|
System Directory@%S~|
System Directory@%S~|
System Family@%S~|
System Family@%S~|
System GUID@x-xx-xxxx-xxxx~|
System GUID@x-xx-xxxx-xxxx~|
System Manufacturer@%S~|
System Manufacturer@%S~|
System Product Name@%S~|
System Product Name@%S~|
System Proxy@%S~|
System Proxy@%S~|
System Serial Number@%S~|
System Serial Number@%S~|
System Temporary Files@%i KB (%s)~|
System Temporary Files@%i KB (%s)~|
System Uptime@%S (Tick Count: %i)~|
System Uptime@%S (Tick Count: %i)~|
System Version@%S~|
System Version@%S~|
Third Party Firewall@%S %S (%S)~|
Third Party Firewall@%S %S (%S)~|
UAC Status@%S~|
UAC Status@%S~|
Update Type@%S~|
Update Type@%S~|
User Account Level@%s~|
User Account Level@%s~|
User Temporary Files@%i KB (%s)~|
User Temporary Files@%i KB (%s)~|
Username@%S (%S) - Session ID: %i~|
Username@%S (%S) - Session ID: %i~|
Username@%S - Session ID: %i~|
Username@%S - Session ID: %i~|
Virus Protection@%S %S (%S)~|
Virus Protection@%S %S (%S)~|
Virus Protection@%S %S (%S, %S)~|
Virus Protection@%S %S (%S, %S)~|
Windows Experience Rating
Windows Experience Rating
Windows Firewall@Disabled~|
Windows Firewall@Disabled~|
Windows Firewall@Enabled and Active~|
Windows Firewall@Enabled and Active~|
Windows Updates
Windows Updates
~|~|This new key must be used on all future installations of Webroot software:~|~|%.4s-%.4s-%.4s-%.4s-%.4s~|~|Thank you for upgrading!
~|~|This new key must be used on all future installations of Webroot software:~|~|%.4s-%.4s-%.4s-%.4s-%.4s~|~|Thank you for upgrading!
- Internet Explorer 7.0 and higher, Mozilla Firefox 3.6 and higher; Identity Shield feature in Webroot SecureAnywhere Complete also supports Google Chrome 11 and higher, and Opera 11 and higher
- Internet Explorer 7.0 and higher, Mozilla Firefox 3.6 and higher; Identity Shield feature in Webroot SecureAnywhere Complete also supports Google Chrome 11 and higher, and Opera 11 and higher
All attached devices have reported to be functioning properly.
All attached devices have reported to be functioning properly.
Windows Automatic Updates are disabled
Windows Automatic Updates are disabled
Contact Support by clicking the "?" button in the upper right corner of this window.
Contact Support by clicking the "?" button in the upper right corner of this window.
Create an account to access your security on all your devices online from any Web browser.
Create an account to access your security on all your devices online from any Web browser.
Purchase Webroot SecureAnywhere now for uninterrupted protection.
Purchase Webroot SecureAnywhere now for uninterrupted protection.
Don't waste a second. Get the fastest security ever. Buy Webroot SecureAnywhere.
Don't waste a second. Get the fastest security ever. Buy Webroot SecureAnywhere.
Enter your email address to validate your license key and activate realtime threat prevention:
Enter your email address to validate your license key and activate realtime threat prevention:
Firefox
Firefox
If you have other security software installed on your system, you do not need to uninstall it. Webroot SecureAnywhere software is designed to work alongside your existing security software and will automatically upgrade earlier versions of Webroot or Prevx software. If you do experience any issues, please contact our Support team.
If you have other security software installed on your system, you do not need to uninstall it. Webroot SecureAnywhere software is designed to work alongside your existing security software and will automatically upgrade earlier versions of Webroot or Prevx software. If you do experience any issues, please contact our Support team.
Last Password Change: %i %s ago
Last Password Change: %i %s ago
Malware scanning - detect and report threats
Malware scanning - detect and report threats
Mozilla Firefox - Cached Files
Mozilla Firefox - Cached Files
New Webroot Keycode.txt
New Webroot Keycode.txt
No password configured
No password configured
Operating Systems (32 and 64bit in all Editions)
Operating Systems (32 and 64bit in all Editions)
Please wait until the current operation is complete before shutting down SecureAnywhere.
Please wait until the current operation is complete before shutting down SecureAnywhere.
Please wait until the download of Password Management is finished to download Backup & Sync.
Please wait until the download of Password Management is finished to download Backup & Sync.
Save Keycode and Continue
Save Keycode and Continue
SecureAnywhere is currently managed by the Web Console and all changes need to be applied centrally. Please refer to the SecureAnywhere documentation for further information.
SecureAnywhere is currently managed by the Web Console and all changes need to be applied centrally. Please refer to the SecureAnywhere documentation for further information.
Settings - Currently being managed by the Web Console
Settings - Currently being managed by the Web Console
System Analysis was cancelled and the report may be incomplete.
System Analysis was cancelled and the report may be incomplete.
Screen resolution and bit depth support true color images.
Screen resolution and bit depth support true color images.
The Windows firewall is disabled.
The Windows firewall is disabled.
The credentials used to log into Backup & Sync are invalid. Please login again.
The credentials used to log into Backup & Sync are invalid. Please login again.
There are currently no items in the execution history log.
There are currently no items in the execution history log.
To learn more about Webroot's complete portfolio of security solutions, visit VVV.webroot.com.
To learn more about Webroot's complete portfolio of security solutions, visit VVV.webroot.com.
View Full Report
View Full Report
Visit Webroot.com
Visit Webroot.com
Webroot SecureAnywhere has been successfully installed and is actively protecting your computer. You do not need to do anything further - it will continue running in the background, blocking threats if they try to enter.~|~|Accessing Webroot SecureAnywhere is quick and easy - you can locate it any time in your system tray or notification area. You may need to expand your notification area with the "Up" or "Left" arrow to see the Webroot icon.
Webroot SecureAnywhere has been successfully installed and is actively protecting your computer. You do not need to do anything further - it will continue running in the background, blocking threats if they try to enter.~|~|Accessing Webroot SecureAnywhere is quick and easy - you can locate it any time in your system tray or notification area. You may need to expand your notification area with the "Up" or "Left" arrow to see the Webroot icon.
Webroot SecureAnywhere
Webroot SecureAnywhere
Webroot SecureAnywhere~|(c) 2006-2012
Webroot SecureAnywhere~|(c) 2006-2012
Webroot SecureAnywhere`
Webroot SecureAnywhere`
Webroot System Analyzer
Webroot System Analyzer
Webroot was unable to be installed because the current user account has limited rights. Please elevate the Webroot installer or install using an administrative account.
Webroot was unable to be installed because the current user account has limited rights. Please elevate the Webroot installer or install using an administrative account.
Without this protection, your PC is vulnerable to spyware and virus attacks. Don't waste a second - get the fastest security ever. Buy Webroot SecureAnywhere.
Without this protection, your PC is vulnerable to spyware and virus attacks. Don't waste a second - get the fastest security ever. Buy Webroot SecureAnywhere.
Not all RAM can be used by your 32bit operating system.
Not all RAM can be used by your 32bit operating system.
Protection disabled. Get complete protection with Webroot SecureAnywhere.
Protection disabled. Get complete protection with Webroot SecureAnywhere.
Your account gives you anytime access to your security from any Web browser.
Your account gives you anytime access to your security from any Web browser.
Your Webroot SecureAnywhere trial ends in %i days!
Your Webroot SecureAnywhere trial ends in %i days!
Your Webroot SecureAnywhere trial ends tomorrow!
Your Webroot SecureAnywhere trial ends tomorrow!
Your Webroot SecureAnywhere trial is expired!
Your Webroot SecureAnywhere trial is expired!
Your new keycode is shown below and is also provided in a text file on your computer's desktop. Use this new keycode for all future installations and upgrades.
Your new keycode is shown below and is also provided in a text file on your computer's desktop. Use this new keycode for all future installations and upgrades.
Your operating system is up to date.
Your operating system is up to date.
It is recommended to change your password every 90 days.
It is recommended to change your password every 90 days.
Your hardware is adequate for running your operating system.
Your hardware is adequate for running your operating system.
VVV.geeksquad.com
VVV.geeksquad.com
SecureAnywhere could not be installed. Please contact SecureAnywhere support to assist with your installation.
SecureAnywhere could not be installed. Please contact SecureAnywhere support to assist with your installation.
SecureAnywhere is not compatible with your current operating system. Please consider upgrading your operating system to Windows XP Service Pack 2 or higher.
SecureAnywhere is not compatible with your current operating system. Please consider upgrading your operating system to Windows XP Service Pack 2 or higher.
- Windows XP SP2, SP3
- Windows XP SP2, SP3
- Windows Vista SP1, SP2
- Windows Vista SP1, SP2
- Windows 7 SP0, SP1
- Windows 7 SP0, SP1
I would like to receive alerts, special offers, important product updates, and newsletters from Webroot.
I would like to receive alerts, special offers, important product updates, and newsletters from Webroot.
View the Webroot Privacy Policy
View the Webroot Privacy Policy
Note: Although your settings will be saved locally, your PC is currently centrally managed by the Web Console and your settings may be overwritten on the next database communication.
Note: Although your settings will be saved locally, your PC is currently centrally managed by the Web Console and your settings may be overwritten on the next database communication.
Scan with Webroot
Scan with Webroot
To receive the fastest response to a file inquiry, we recommend writing into our support inbox so that a Webroot researcher will immediately look at the submitted information. Would you like to open a support ticket now?
To receive the fastest response to a file inquiry, we recommend writing into our support inbox so that a Webroot researcher will immediately look at the submitted information. Would you like to open a support ticket now?
A cleanup license key is required to remove threats.
A cleanup license key is required to remove threats.
SecureAnywhere Identity Shield protects your sensitive information on banking, web transacting, and social networking websites while peacefully coexisting with other security software.
SecureAnywhere Identity Shield protects your sensitive information on banking, web transacting, and social networking websites while peacefully coexisting with other security software.
Welcome to Webroot
Welcome to Webroot
Webroot FastScan quickly assesses your PC security by detecting malicious threats using the Webroot Realtime Threat Database while peacefully coexisting with other security software.
Webroot FastScan quickly assesses your PC security by detecting malicious threats using the Webroot Realtime Threat Database while peacefully coexisting with other security software.
Update now to faster, lighter, and more effective protection. Installation will take less than 10 seconds with scans typically taking less than 2 minutes. Webroot SecureAnywhere protects your computer from all types of malicious activity.
Update now to faster, lighter, and more effective protection. Installation will take less than 10 seconds with scans typically taking less than 2 minutes. Webroot SecureAnywhere protects your computer from all types of malicious activity.
You don't need to do anything further. Webroot SecureAnywhere Identity Shield is now helping to protect you and your personal information when you bank, shop, interact, and transact online.
You don't need to do anything further. Webroot SecureAnywhere Identity Shield is now helping to protect you and your personal information when you bank, shop, interact, and transact online.
Aborting the current scan will prevent Webroot from detecting and cleaning all threats. Are you sure you want to abort?
Aborting the current scan will prevent Webroot from detecting and cleaning all threats. Are you sure you want to abort?
SecureAnywhere has detected active threats on your computer and needs a license key to remove them.
SecureAnywhere has detected active threats on your computer and needs a license key to remove them.
Enable enhanced customer support
Enable enhanced customer support
Please wait a few moments and try again. Contact Webroot Support if this error persists.
Please wait a few moments and try again. Contact Webroot Support if this error persists.
The operation failed with error code %i. %s
The operation failed with error code %i. %s
The command you selected did not complete successfully. Contact Webroot Support if this error persists.
The command you selected did not complete successfully. Contact Webroot Support if this error persists.
Backup allows you to automatically back up and access your files securely from a web-based portal.
Backup allows you to automatically back up and access your files securely from a web-based portal.
Web Console
Web Console
SecureAnywhere is using %2.2f%% of your disk space. The average scan time is %4.1f %s.
SecureAnywhere is using %2.2f%% of your disk space. The average scan time is %4.1f %s.
SecureAnywhere has used %2.2f%% of your CPU since installation and %2.3f%% disk space. Average scan time is %4.1f %s.
SecureAnywhere has used %2.2f%% of your CPU since installation and %2.3f%% disk space. Average scan time is %4.1f %s.
Next scan starts in %s.
Next scan starts in %s.
%i%% - %s files scanned. %s %s
%i%% - %s files scanned. %s %s
Scan Complete - %i active %s found in %s. %s
Scan Complete - %i active %s found in %s. %s
Scan ended - %i active %s found in %s. %s
Scan ended - %i active %s found in %s. %s
%s files scanned in %s. No threats found. %s
%s files scanned in %s. No threats found. %s
Scan aborted. %s files scanned in %s. %s
Scan aborted. %s files scanned in %s. %s
Last scanned %s. %s %s %s removed.
Last scanned %s. %s %s %s removed.
Last scanned %s. %s
Last scanned %s. %s
Protection has been active for %s.
Protection has been active for %s.
%s system events have been inspected since installation.
%s system events have been inspected since installation.
%s system events have been inspected since bootup (%s.%c %s since installation).
%s system events have been inspected since bootup (%s.%c %s since installation).
%i%% - Cleaned %s bytes (%i files, %i registry entries). Cleaning %s
%i%% - Cleaned %s bytes (%i files, %i registry entries). Cleaning %s
%i%% - Cleaning %s
%i%% - Cleaning %s
System Cleaner is scheduled to run in %s. So far, it has cleaned %s %s.
System Cleaner is scheduled to run in %s. So far, it has cleaned %s %s.
System Cleaner is scheduled to run in %s.
System Cleaner is scheduled to run in %s.
System Cleaner last cleaned %s. So far, it has cleaned %s %s.
System Cleaner last cleaned %s. So far, it has cleaned %s %s.
Click here for personal support if you have any questions about SecureAnywhere
Click here for personal support if you have any questions about SecureAnywhere
Enable Windows Explorer right click secure file erasing
Enable Windows Explorer right click secure file erasing
SecureAnywhere Backup allows you to back up your files online so that they can be access through the secure portal in the event of hardware malfunction or system problems, or just to provide easier means for sharing files securely.
SecureAnywhere Backup allows you to back up your files online so that they can be access through the secure portal in the event of hardware malfunction or system problems, or just to provide easier means for sharing files securely.
Show Windows Explorer overlay icons
Show Windows Explorer overlay icons
Web requests were denied. Please ensure that proxy settings are correct and log in with your current user credentials.
Web requests were denied. Please ensure that proxy settings are correct and log in with your current user credentials.
A connection is being established with the Webroot Backup && Sync cloud infrastructure.
A connection is being established with the Webroot Backup && Sync cloud infrastructure.
Backup is idle and will next archive files at %S. Files were last archived at %S.
Backup is idle and will next archive files at %S. Files were last archived at %S.
Backup is currently idle and is configured to begin automatically archiving files at %S.
Backup is currently idle and is configured to begin automatically archiving files at %S.
Backup allows you to automatically back up and access your files securely from the SecureAnywhere website.
Backup allows you to automatically back up and access your files securely from the SecureAnywhere website.
Scanning for threats: %s
Scanning for threats: %s
By clicking Agree and Begin Analysis, you accept the terms of the Webroot software license agreement.
By clicking Agree and Begin Analysis, you accept the terms of the Webroot software license agreement.
View report summary
View report summary
Operating system detected
Operating system detected
Detecting operating system information
Detecting operating system information
SecureAnywhere Backup && Sync allows you to protect your data and access it easier by synchronizing it across devices and securely backing it up to prevent data loss. Click "Login" to create your account or log into an existing account.
SecureAnywhere Backup && Sync allows you to protect your data and access it easier by synchronizing it across devices and securely backing it up to prevent data loss. Click "Login" to create your account or log into an existing account.
Please wait until the current operation is complete.
Please wait until the current operation is complete.
Google Chrome
Google Chrome
.text
.text
h.rdata
h.rdata
H.data
H.data
.rsrc
.rsrc
B.reloc
B.reloc
SShhA
SShhA
TransportAddress
TransportAddress
HTTP/
HTTP/
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrkrn.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrkrn.pdb
KeDelayExecutionThread
KeDelayExecutionThread
ZwOpenKey
ZwOpenKey
ZwQueryValueKey
ZwQueryValueKey
ntoskrnl.exe
ntoskrnl.exe
WRITE_PORT_UCHAR
WRITE_PORT_UCHAR
HAL.dll
HAL.dll
TDI.SYS
TDI.SYS
FltCloseClientPort
FltCloseClientPort
FltCloseCommunicationPort
FltCloseCommunicationPort
FltCreateCommunicationPort
FltCreateCommunicationPort
FLTMGR.SYS
FLTMGR.SYS
SeExports
SeExports
ZwCreateKey
ZwCreateKey
ZwSetValueKey
ZwSetValueKey
585=5^5}5
585=5^5}5
"hXXp://crl.verisign.com/tss-ca.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
Thawte Certification1
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
.Class 3 Public Primary Certification Authority0
.Class 3 Public Primary Certification Authority0
hXXp://crl.verisign.com/pca3.crl0
hXXp://crl.verisign.com/pca3.crl0
hXXps://VVV.verisign.com/cps0
hXXps://VVV.verisign.com/cps0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
n.aAHu
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
Webroot Inc.1>0
Webroot Inc.1>0
Webroot Inc.0
Webroot Inc.0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
.pdata
.pdata
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrkrn.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrkrn.pdb
`.data
`.data
@.reloc
@.reloc
WmiExecuteMethodW
WmiExecuteMethodW
NtRequestWaitReplyPort
NtRequestWaitReplyPort
NtConnectPort
NtConnectPort
NtAlpcConnectPort
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
NtAlpcSendWaitReceivePort
NtAlpcCreatePortSection
NtAlpcCreatePortSection
NtRequestPort
NtRequestPort
NtAlpcCreatePort
NtAlpcCreatePort
NtSecureConnectPort
NtSecureConnectPort
NtDeleteKey
NtDeleteKey
NtDeleteValueKey
NtDeleteValueKey
NtSetValueKey
NtSetValueKey
NtDelayExecution
NtDelayExecution
NtCreatePort
NtCreatePort
http:\/\/
http:\/\/
hXXps://
hXXps://
PSOWRX
PSOWRX
hXXp://%.*s
hXXp://%.*s
Chrome_OmniboxView
Chrome_OmniboxView
Chrome_AutocompleteEditView
Chrome_AutocompleteEditView
%s://%S
%s://%S
search.yahoo
search.yahoo
WebDrawText
WebDrawText
webkit
webkit
PSOTBX
PSOTBX
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
MozillaContentWindowClass
MozillaContentWindowClass
MozillaWindowClass
MozillaWindowClass
Chrome_WidgetWin_
Chrome_WidgetWin_
OperaWindowClass
OperaWindowClass
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsagreen.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsagreen.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsared.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsared.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
nspr4.dll
nspr4.dll
advapi32.dll
advapi32.dll
bcrypt.dll
bcrypt.dll
ws2_32.dll
ws2_32.dll
sspicli.dll
sspicli.dll
secur32.dll
secur32.dll
wininet.dll
wininet.dll
ntdll.dll
ntdll.dll
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrusr.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrusr.pdb
>HTTPu6
>HTTPu6
msvcrt.dll
msvcrt.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
SetWindowsHookExW
SetWindowsHookExW
SetWindowsHookExA
SetWindowsHookExA
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
USER32.dll
USER32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
ADVAPI32.dll
ADVAPI32.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
URLDownloadToFileW
URLDownloadToFileW
URLDownloadToFileA
URLDownloadToFileA
urlmon.dll
urlmon.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
OLEACC.dll
OLEACC.dll
RPCRT4.dll
RPCRT4.dll
OLEAUT32.dll
OLEAUT32.dll
UrlIsW
UrlIsW
SHLWAPI.dll
SHLWAPI.dll
Secur32.dll
Secur32.dll
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
WRUsr.dll
WRUsr.dll
\\x3ca href\\x3d\\x22http
\\x3ca href\\x3d\\x22http
@.rsrc
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrusr.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrusr.pdb
%u6HcA
%u6HcA
tù7u HcG
tù7u HcG
?;5URLURLURL
?;5URLURLURL
)|]({\(z['yZ'wY'vX&uW&tV%sU%rT
)|]({\(z['yZ'wY'vX&uW&tV%sU%rT
%sU%rT
%sU%rT
GetCPInfo
GetCPInfo
CertGetCertificateContextProperty
CertGetCertificateContextProperty
_acmdln
_acmdln
_amsg_exit
_amsg_exit
GetAsyncKeyState
GetAsyncKeyState
MapVirtualKeyExW
MapVirtualKeyExW
GetKeyboardLayout
GetKeyboardLayout
keybd_event
keybd_event
UnhookWindowsHookEx
UnhookWindowsHookEx
v.pL>
v.pL>
00000000006
00000000006
20.sp
20.sp
%uV7"iL
%uV7"iL
KERNEL32.DLL
KERNEL32.DLL
CRYPT32.dll
CRYPT32.dll
DDRAW.dll
DDRAW.dll
DSOUND.dll
DSOUND.dll
iphlpapi.dll
iphlpapi.dll
NETAPI32.dll
NETAPI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
WINTRUST.dll
WINTRUST.dll
ddbl.db
ddbl.db
dbk.db
dbk.db
dbj.db
dbj.db
dbi.db
dbi.db
dbh.db
dbh.db
dbg.db
dbg.db
dbf.db
dbf.db
dbe.db
dbe.db
dbd.db
dbd.db
dbc.db
dbc.db
dbb.db
dbb.db
dba.db
dba.db
index.dat
index.dat
content url
content url
searchurl
searchurl
use custom search url
use custom search url
scrnsave.exe
scrnsave.exe
Default_Search_Url
Default_Search_Url
Default_Page_Url
Default_Page_Url
.cn/index
.cn/index
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Software\Microsoft\Windows\CurrentVersion\Media Center\Service\Video
Software\Microsoft\Windows\CurrentVersion\Media Center\Service\Video
Software\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Software\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Software\Microsoft\Ole\appcompat\activationsecuritycheckexemptionlist
Software\Microsoft\Ole\appcompat\activationsecuritycheckexemptionlist
Software\Microsoft\Internet Explorer\UrlSearchHooks
Software\Microsoft\Internet Explorer\UrlSearchHooks
Software\Microsoft\Internet Explorer\Extensions\CmdMapping
Software\Microsoft\Internet Explorer\Extensions\CmdMapping
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
"%ProgramFiles%\Internet Explorer\iexplore.exe"
"%ProgramFiles%\Internet Explorer\iexplore.exe"
"%ProgramFiles%\Mozilla Firefox\firefox.exe"
"%ProgramFiles%\Mozilla Firefox\firefox.exe"
"%ProgramFiles%\Internet Explorer\iexplore.exe" %1
"%ProgramFiles%\Internet Explorer\iexplore.exe" %1
rundll32.exe url.dll,FileProtocolHandler %l
rundll32.exe url.dll,FileProtocolHandler %l
rundll32.exe url.dll,TelnetProtocolHandler %l
rundll32.exe url.dll,TelnetProtocolHandler %l
rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
regedit.exe "%1"
regedit.exe "%1"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
"%SystemRoot%\System32\msiexec.exe" /i "%1" %*
"%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Package
Msi.Package
%SystemRoot%\system32\mmc.exe "%1" %*
%SystemRoot%\system32\mmc.exe "%1" %*
.mpeg
.mpeg
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
"%SystemRoot%\System32\WScript.exe" "%1" %*
"%SystemRoot%\System32\WScript.exe" "%1" %*
rundll32.exe shdocvw.dll,OpenURL %l
rundll32.exe shdocvw.dll,OpenURL %l
%SystemRoot%\system32\NOTEPAD.EXE %1
%SystemRoot%\system32\NOTEPAD.EXE %1
"%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome
"%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome
%SystemRoot%\system32\mshta.exe "%1" %*
%SystemRoot%\system32\mshta.exe "%1" %*
cmdfile
cmdfile
"%SystemRoot%\hh.exe" %1
"%SystemRoot%\hh.exe" %1
chm.file
chm.file
ieuser.exe
ieuser.exe
crashreporter.exe
crashreporter.exe
plugin-container.exe
plugin-container.exe
epic.exe
epic.exe
waol.exe
waol.exe
iron.exe
iron.exe
safari.exe
safari.exe
firefox
firefox
winlogon.exe
winlogon.exe
spoolsv.exe
spoolsv.exe
services.exe
services.exe
audiodg.exe
audiodg.exe
svchost.exe
svchost.exe
lsass.exe
lsass.exe
consent.exe
consent.exe
dwm.exe
dwm.exe
lsm.exe
lsm.exe
procexp64.exe
procexp64.exe
procexp.exe
procexp.exe
dplp2.exe
dplp2.exe
dplp.exe
dplp.exe
watchdogx64.exe
watchdogx64.exe
flashcookiecleaner.exe
flashcookiecleaner.exe
shredder.exe
shredder.exe
atieclxx.exe
atieclxx.exe
atiesrxx.exe
atiesrxx.exe
searchfilterhost.exe
searchfilterhost.exe
werfault.exe
werfault.exe
ravcpl64.exe
ravcpl64.exe
nvtray.exe
nvtray.exe
clpsla.exe
clpsla.exe
clps.exe
clps.exe
mtxagent.exe
mtxagent.exe
googleupdate.exe
googleupdate.exe
googlecrashhandler.exe
googlecrashhandler.exe
downloaderapp.exe
downloaderapp.exe
ccleaner.exe
ccleaner.exe
ccleaner64.exe
ccleaner64.exe
conhost.exe
conhost.exe
irperl.exe
irperl.exe
fswscs.exe
fswscs.exe
bsplayer.exe
bsplayer.exe
wow_helper.exe
wow_helper.exe
realplay.exe
realplay.exe
nmake.exe
nmake.exe
cl.exe
cl.exe
winrar.exe
winrar.exe
fsdomnodeie.dll
fsdomnodeie.dll
jhook.dll
jhook.dll
yzshadow.exe
yzshadow.exe
yahoomessenger.exe
yahoomessenger.exe
wspace.exe
wspace.exe
wlmail.exe
wlmail.exe
wdict32.exe
wdict32.exe
vmware-vmx.exe
vmware-vmx.exe
vmware.exe
vmware.exe
ultramon.exe
ultramon.exe
translateclient.exe
translateclient.exe
totalcmd.exe
totalcmd.exe
thunderbird.exe
thunderbird.exe
stpass.exe
stpass.exe
splwow64.exe
splwow64.exe
skype.exe
skype.exe
sidebar.exe
sidebar.exe
sllauncher.exe
sllauncher.exe
sbrender.exe
sbrender.exe
rocketdock.exe
rocketdock.exe
robotaskbaricon.exe
robotaskbaricon.exe
roboform.dll
roboform.dll
robo.exe
robo.exe
popupblocker.exe
popupblocker.exe
pdfvista.exe
pdfvista.exe
patrol.exe
patrol.exe
packpro.exe
packpro.exe
outlook.exe
outlook.exe
opstm080.exe
opstm080.exe
opera.exe
opera.exe
notepad .exe
notepad .exe
mvtapp.exe
mvtapp.exe
msnmsgr.exe
msnmsgr.exe
fsocrserver.exe
fsocrserver.exe
jfw.exe
jfw.exe
iexplore.exe
iexplore.exe
helppane.exe
helppane.exe
google.exe
google.exe
gamebooster.exe
gamebooster.exe
firefox.exe
firefox.exe
excel.exe
excel.exe
eudora.exe
eudora.exe
eqgame.exe
eqgame.exe
dsNetworkConnect.exe
dsNetworkConnect.exe
dllhost.exe
dllhost.exe
digsby.exe
digsby.exe
communicator.exe
communicator.exe
crazy browser.exe
crazy browser.exe
ctfmon.exe
ctfmon.exe
chrome.exe
chrome.exe
bttray.exe
bttray.exe
babylon.exe
babylon.exe
ati2evxx.exe
ati2evxx.exe
aolsoftware.exe
aolsoftware.exe
admunch64.exe
admunch64.exe
admunch.exe
admunch.exe
adblock.exe
adblock.exe
acrotray.exe
acrotray.exe
acrord32.exe
acrord32.exe
acrodist.exe
acrodist.exe
acrobat.exe
acrobat.exe
verclsid.exe
verclsid.exe
wrbar.exe
wrbar.exe
WRSyncManager.exe
WRSyncManager.exe
wrinstall.exe
wrinstall.exe
snippingtool.exe
snippingtool.exe
Portugu
Portugu
s (Brazilian Portuguese)
s (Brazilian Portuguese)
Ftaskmgr.exe
Ftaskmgr.exe
csrss.exe
csrss.exe
"%s" %s
"%s" %s
"%s" %S
"%s" %S
HKEY_USERS
HKEY_USERS
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
%s\%s
%s\%s
%c:\%s
%c:\%s
%s:%i
%s:%i
msiexec
msiexec
%drivers%
%drivers%
*\windows\system32\drivers\*
*\windows\system32\drivers\*
%fonts%
%fonts%
*\windows\fonts\*
*\windows\fonts\*
%%restore%%\%s
%%restore%%\%s
\\?hostname?\?share?\%s
\\?hostname?\?share?\%s
%%winsxs%%\%s
%%winsxs%%\%s
c:\windows/
c:\windows/
windows\system32/
windows\system32/
Webroot
Webroot
WRusr.dll
WRusr.dll
\\.\%c:
\\.\%c:
Windows\System32\windbg48.sys
Windows\System32\windbg48.sys
m0rpheus.tpl
m0rpheus.tpl
%SystemRoot%\System32\svchost.exe
%SystemRoot%\System32\svchost.exe
mscoree.dll
mscoree.dll
%S(%s)
%S(%s)
tcpip
tcpip
.net clr
.net clr
%S(%s\%s\, %s)
%S(%s\%s\, %s)
%S(HKLM\Software\Classes\%s\, %s)
%S(HKLM\Software\Classes\%s\, %s)
%S(%s\%s\)
%S(%s\%s\)
%S(%s\Software\Classes\%s\)
%S(%s\Software\Classes\%s\)
%S(%s\%s\%s)
%S(%s\%s\%s)
/scanfile="%s"
/scanfile="%s"
%s\sfc.exe
%s\sfc.exe
Writing MBR> New Data: [%S]
Writing MBR> New Data: [%S]
Executing Command> %s
Executing Command> %s
Terminating Module Parent> %i - %s
Terminating Module Parent> %i - %s
Closing Handle> %i - PID: %i - %s
Closing Handle> %i - PID: %i - %s
Renaming Registry Key> %s\%s to %s\%s
Renaming Registry Key> %s\%s to %s\%s
Deleting File> %s
Deleting File> %s
Writing Registry Value> %s\%s - %s
Writing Registry Value> %s\%s - %s
Writing File Data> %s - [New Data: %s]
Writing File Data> %s - [New Data: %s]
Deleting Directory> %s
Deleting Directory> %s
Deleting Registry Value> %s\%s - %s
Deleting Registry Value> %s\%s - %s
Deleting Registry Key> %s\%s
Deleting Registry Key> %s\%s
Fixing LSP> %S
Fixing LSP> %S
Core Component> Un-patching file [%s] - New Size: %i bytes
Core Component> Un-patching file [%s] - New Size: %i bytes
Copying File> %s to %s
Copying File> %s to %s
Terminating Process> %i - %s
Terminating Process> %i - %s
Stopping Service> %s
Stopping Service> %s
Deleting Service> %s
Deleting Service> %s
Starting Routine> %s...
Starting Routine> %s...
\\.\pipe\WRSynUM2
\\.\pipe\WRSynUM2
\\.\WRSYNAPSE
\\.\WRSYNAPSE
\temporary asp.net files\
\temporary asp.net files\
\opera\temporary_downloads\
\opera\temporary_downloads\
\microsoft.net\framework\
\microsoft.net\framework\
\$recycle.bin\S-
\$recycle.bin\S-
mbam.exe
mbam.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncExcl
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncExcl
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncGreen
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncGreen
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncYellow
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncYellow
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncRed
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncRed
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32
%s\Symantec\
%s\Symantec\
%s\Common Files\Symantec Shared\
%s\Common Files\Symantec Shared\
%s\Symantec.cloud\
%s\Symantec.cloud\
\\.\pipe\
\\.\pipe\
wmiprvse.exe
wmiprvse.exe
\Slow.pvx
\Slow.pvx
\Slowusr.pvx
\Slowusr.pvx
%i %s
%i %s
%s %S - %i%%, %i %s)
%s %S - %i%%, %i %s)
%s - %s
%s - %s
hXXps://*
hXXps://*
hXXp://*
hXXp://*
%ProgramFiles%\Webroot\WRSA.exe
%ProgramFiles%\Webroot\WRSA.exe
%S - %s
%S - %s
InstallLogo.bmp
InstallLogo.bmp
\\?\%c:
\\?\%c:
%i %s, %i %s
%i %s, %i %s
%i %s,
%i %s,
s\\.\PhysicalDrive%i
s\\.\PhysicalDrive%i
[%C] %s
[%C] %s
[%C] %s [MD5: %S] [Flags: X.%i]
[%C] %s [MD5: %S] [Flags: X.%i]
[%C] %s [MD5: %S] [Flags: X.%i] [Threat: %S]
[%C] %s [MD5: %S] [Flags: X.%i] [Threat: %S]
[%S] - CPU: %i%%, Physical Memory: %i%%, Virtual Memory: %i%%, Page File: %i%%, Processes: %i
[%S] - CPU: %i%%, Physical Memory: %i%%, Virtual Memory: %i%%, Page File: %i%%, Processes: %i
res%i.db
res%i.db
-%i-%i.tmp
-%i-%i.tmp
bcdedit.exe
bcdedit.exe
autorun.inf
autorun.inf
\services.exe
\services.exe
\drivers\pciide.sys
\drivers\pciide.sys
\drivers\smbe.sys
\drivers\smbe.sys
\drivers\eubkmon.sys
\drivers\eubkmon.sys
\drivers\acpi.sys
\drivers\acpi.sys
\drivers\wdf01000.sys
\drivers\wdf01000.sys
\drivers\cdrom.sys
\drivers\cdrom.sys
\drivers\serial.sys
\drivers\serial.sys
\drivers\ipsec.sys
\drivers\ipsec.sys
\drivers\tcpip.sys
\drivers\tcpip.sys
\drivers\afd.sys
\drivers\afd.sys
\drivers\rdbss.sys
\drivers\rdbss.sys
\drivers\mrxsmb.sys
\drivers\mrxsmb.sys
\drivers\netbt.sys
\drivers\netbt.sys
\microsoft.net\
\microsoft.net\
.crdownload
.crdownload
.partial
.partial
\windows\installer\
\windows\installer\
\config.msi\
\config.msi\
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
{98C3BECF-DD5F-44D2-8EF3-
{98C3BECF-DD5F-44D2-8EF3-
rundll32.exe
rundll32.exe
http*://
http*://
hXXp://VVV.
hXXp://VVV.
opera
opera
%S(%s, %.*S)
%S(%s, %.*S)
%S(%s, %s)
%S(%s, %s)
%S(%s, 0x%S)
%S(%s, 0x%S)
Temp\%.*S-%S-%.*S.WR
Temp\%.*S-%S-%.*S.WR
\\.\pipe\WRSVCPipe
\\.\pipe\WRSVCPipe
%S(%i)
%S(%i)
desktop.ini
desktop.ini
%s %s %s
%s %s %s
%i (%s %s)
%i (%s %s)
%s: %s
%s: %s
PKG\WRSyncManager.exe
PKG\WRSyncManager.exe
PKG\files_zh_cn_qt.qm
PKG\files_zh_cn_qt.qm
PKG\files_zh_cn.qm
PKG\files_zh_cn.qm
PKG\files_de_de_qt.qm
PKG\files_de_de_qt.qm
PKG\files_de_de.qm
PKG\files_de_de.qm
PKG\files_es_es_qt.qm
PKG\files_es_es_qt.qm
PKG\files_es_es.qm
PKG\files_es_es.qm
PKG\files_ja_jp_qt.qm
PKG\files_ja_jp_qt.qm
PKG\files_ja_jp.qm
PKG\files_ja_jp.qm
PKG\files_en_us_qt.qm
PKG\files_en_us_qt.qm
PKG\files_en_us.qm
PKG\files_en_us.qm
PKG\WRBar.dll
PKG\WRBar.dll
%s (%s)
%s (%s)
*.mpeg, *.avi, *.mp4
*.mpeg, *.avi, *.mp4
*.mp3, *.m4a
*.mp3, *.m4a
*.jpg, *.jpeg, *.png
*.jpg, *.jpeg, *.png
*.xls, *.xlsx
*.xls, *.xlsx
*.doc, *.docx
*.doc, *.docx
%s (%S)
%s (%S)
%s - %S
%s - %S
%s\Administrator
%s\Administrator
%C:%s
%C:%s
A:\%s
A:\%s
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
WRHTTP
WRHTTP
dst%2S.db
dst%2S.db
Chrome
Chrome
Opera
Opera
Software\Mozilla\Mozilla Firefox
Software\Mozilla\Mozilla Firefox
http\shell\open\command
http\shell\open\command
Software\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
&OLDLIC=%s
&OLDLIC=%s
hXXp://products.webroot.com/disp2012/?CMD=P40IPM&LIC=%S&LANG=%S&email=%s&optin=%S&DeviceMID=%S&InstanceMID=%S
hXXp://products.webroot.com/disp2012/?CMD=P40IPM&LIC=%S&LANG=%S&email=%s&optin=%S&DeviceMID=%S&InstanceMID=%S
partnerno=%S&MIDHEX=%S&datelogged=%S&Lastinfected=%S&Currentbads=%i&highbads=%i&mediumbads=%i&Lowbads=%i&identifynownowvalue=%S
partnerno=%S&MIDHEX=%S&datelogged=%S&Lastinfected=%S&Currentbads=%i&highbads=%i&mediumbads=%i&Lowbads=%i&identifynownowvalue=%S
I%S(%s\%s\%s, %s)
I%S(%s\%s\%s, %s)
%S(%s\%s\%s, %s%s%s)
%S(%s\%s\%s, %s%s%s)
%S(%s, 0)
%S(%s, 0)
%s\drivers\%s.sys
%s\drivers\%s.sys
%s\2i
%s\2i
Pipe
Pipe
%s\%s\%i
%s\%s\%i
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
dow.lac
dow.lac
centro.txt
centro.txt
1.pac
1.pac
AutoConfigUrl
AutoConfigUrl
hXXp://
hXXp://
Software\classes\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command
Software\classes\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
ekrn.exe
ekrn.exe
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -safe-mode
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -safe-mode
firefox.exe\shell\safemode\command
firefox.exe\shell\safemode\command
firefox.exe\shell\open\command
firefox.exe\shell\open\command
iexplore.exe\shell\open\command
iexplore.exe\shell\open\command
\WRSYNAPSEPORT
\WRSYNAPSEPORT
%s\%s.lnk
%s\%s.lnk
%s\%s\%s.lnk
%s\%s\%s.lnk
%s\%s\%s\%s.lnk
%s\%s\%s\%s.lnk
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}
{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}
{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}
{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}
{C14874EA-ACE4-4A47-8A81-18C4D1C40868}
{C14874EA-ACE4-4A47-8A81-18C4D1C40868}
{1914B27A-33C8-46F8-A1C2-F993268D4564}
{1914B27A-33C8-46F8-A1C2-F993268D4564}
{69D72956-317C-44bd-B369-8E44D4EF9802}
{69D72956-317C-44bd-B369-8E44D4EF9802}
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
"%S%s" %S%S
"%S%s" %S%S
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
XXX.tmp
XXX.tmp
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Uninstall\Webroot Software
Software\Microsoft\Windows\CurrentVersion\Uninstall\Webroot Software
\Webroot\Security\Current\Products\WISE
\Webroot\Security\Current\Products\WISE
\Webroot\Security\Current\Products\WAV
\Webroot\Security\Current\Products\WAV
\Webroot\Security\Current\Products\WISC
\Webroot\Security\Current\Products\WISC
rSoftware\Web Filtering
rSoftware\Web Filtering
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
5db%i.db
5db%i.db
System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
%s %S %S
%s %S %S
dbo%i-e.db
dbo%i-e.db
dbo%i-%I64X.db
dbo%i-%I64X.db
dbm%i.db
dbm%i.db
tPKG\WRBar.exe
tPKG\WRBar.exe
PKG\LPBar.dll
PKG\LPBar.dll
%s\wrSync%i.dat
%s\wrSync%i.dat
%s\icon%i.ico
%s\icon%i.ico
t%s_%i
t%s_%i
%s %s %S - %s
%s %s %S - %s
%s %s %s %S - %s
%s %s %s %S - %s
%S?LANG=%S
%S?LANG=%S
%s\Webroot\Spy Sweeper\install.dat
%s\Webroot\Spy Sweeper\install.dat
Software\Webroot\Install
Software\Webroot\Install
notepad.exe
notepad.exe
hXXp://VVV.webroot.com
hXXp://VVV.webroot.com
%S %S
%S %S
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
%s %i:00 %s %s
%s %i:00 %s %s
*.exe
*.exe
%s %i %s
%s %i %s
WRSA.exe
WRSA.exe
%i:i %s
%i:i %s
SystemCleaner.log
SystemCleaner.log
%s\SecureAnywhere Console.lnk
%s\SecureAnywhere Console.lnk
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
UMTX-%s
UMTX-%s
CURRENT_USER\%s
CURRENT_USER\%s
MACHINE\%s
MACHINE\%s
\explorer.exe
\explorer.exe
%s\sysnative
%s\sysnative
%s\WRData
%s\WRData
%s - [%S] %i files scanned, %i %s found in %s
%s - [%S] %i files scanned, %i %s found in %s
si3112r.sys
si3112r.sys
atmdlc.sys
atmdlc.sys
C:\$MBR.1
C:\$MBR.1
\??\%c:\
\??\%c:\
%S(%s\%s\%s\)
%S(%s\%s\%s\)
%System%\webcheck.dll
%System%\webcheck.dll
rundll32 shell32,Control_RunDLL "sysdm.cpl"
rundll32 shell32,Control_RunDLL "sysdm.cpl"
logonui.exe
logonui.exe
userinit.exe,
userinit.exe,
%S(%s\%.*s\, %I64X)
%S(%s\%.*s\, %I64X)
W%S(%s\%.*s, %I64X-%I64X)
W%S(%s\%.*s, %I64X-%I64X)
%S(%s\%.*s\)
%S(%s\%.*s\)
%S(%s\%.*s\%.*s)
%S(%s\%.*s\%.*s)
%S(%s\%.*s, %.*s)
%S(%s\%.*s, %.*s)
%S(%I64X, %I64X)
%S(%I64X, %I64X)
_reg.tmp
_reg.tmp
%UserProfile%\Local Settings\Application Data
%UserProfile%\Local Settings\Application Data
%UserProfile%
%UserProfile%
hXXp://twitter.com/*
hXXp://twitter.com/*
hXXp://VVV.facebook.com/*
hXXp://VVV.facebook.com/*
Generating license key... (less than two minutes remaining)
Generating license key... (less than two minutes remaining)
Building your SecureAnywhere web console... (less than one minute remaining)
Building your SecureAnywhere web console... (less than one minute remaining)
Preparing the web console for first time use... (less than one minute remaining)
Preparing the web console for first time use... (less than one minute remaining)
Finalizing your SecureAnywhere web console... (less than 10 seconds remaining)
Finalizing your SecureAnywhere web console... (less than 10 seconds remaining)
SysAnalyzerLog-%S.log
SysAnalyzerLog-%S.log
%s (%i bytes)
%s (%i bytes)
%S(%s, %S)
%S(%s, %S)
%S(Removing %s...#(PX5: %S - MD5: %S))
%S(Removing %s...#(PX5: %S - MD5: %S))
TcpTimedWaitDelay
TcpTimedWaitDelay
MaxUserPort
MaxUserPort
TcpNumConnections
TcpNumConnections
ActiveProcesses.log
ActiveProcesses.log
webdrive
webdrive
\Dell Support Center\
\Dell Support Center\
;"%s"
;"%s"
WR.mof
WR.mof
wbem\mofcomp.exe
wbem\mofcomp.exe
%S - Removing %s
%S - Removing %s
%S - Removing %s - %s
%S - Removing %s - %s
%S - Removing %s - %i bytes
%S - Removing %s - %i bytes
%s\%i.bat
%s\%i.bat
WRTemp_%i_X
WRTemp_%i_X
%s\WR%i.exe
%s\WR%i.exe
libAllegro.dll
libAllegro.dll
Lang.dat
Lang.dat
dbq.db
dbq.db
5WRupdate%i.exe
5WRupdate%i.exe
%s\%S.html
%s\%S.html
%s\%S.bmp
%s\%S.bmp
Duration: %s
Duration: %s
%S (Hostname: %S - Local IP: %S)
%S (Hostname: %S - Local IP: %S)
Scan Started: %S
Scan Started: %S
%s/%s
%s/%s
%s\System\CurrentControlSet\Enum\ROOT\LEGACY_%s\0000
%s\System\CurrentControlSet\Enum\ROOT\LEGACY_%s\0000
%s\Services\%s
%s\Services\%s
Embedded Web Browser from: hXXp://bsalsa.com/
Embedded Web Browser from: hXXp://bsalsa.com/
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Classes\.exe\shell
Software\Classes\.exe\shell
Software\Policies\Microsoft\Windows\System
Software\Policies\Microsoft\Windows\System
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
System\CurrentControlSet\Services\Tcpip\Parameters
System\CurrentControlSet\Services\Tcpip\Parameters
%S(Removing rootkits - Please wait...#)
%S(Removing rootkits - Please wait...#)
Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
SavUI.exe
SavUI.exe
SymCorpUI.exe
SymCorpUI.exe
DoScan.EXE
DoScan.EXE
SNAC.EXE
SNAC.EXE
Rtvscan.exe
Rtvscan.exe
DefWatch.exe
DefWatch.exe
ccSvcHst.exe
ccSvcHst.exe
SmcGui.exe
SmcGui.exe
Smc.exe
Smc.exe
SemSvc.exe
SemSvc.exe
dbsrv9.exe
dbsrv9.exe
CCApp.exe
CCApp.exe
vptray.exe
vptray.exe
AMSadmin.exe
AMSadmin.exe
VPC32.exe
VPC32.exe
NMain.exe
NMain.exe
Msiexec.exe
Msiexec.exe
"%s\installTeefer.exe" -u -l2 -f "\install.log"
"%s\installTeefer.exe" -u -l2 -f "\install.log"
Microsoft.VC90.CRT.manifest
Microsoft.VC90.CRT.manifest
msvcr90.dll
msvcr90.dll
msvcp90.dll
msvcp90.dll
%s\temp
%s\temp
%s\checksum.exe
%s\checksum.exe
%s\temp\tmpremove.exe
%s\temp\tmpremove.exe
dbp.db
dbp.db
Webroot\Sync
Webroot\Sync
This removal tool only supports Windows XP.
This removal tool only supports Windows XP.
PKG\WebrootShellExt.dll
PKG\WebrootShellExt.dll
\AGENTCOMMANDS.txt
\AGENTCOMMANDS.txt
Software\Classes\CLSID\%s\%s
Software\Classes\CLSID\%s\%s
%s\shell\open\command
%s\shell\open\command
%S\%s
%S\%s
%s\prefetch
%s\prefetch
%SYSTEMDRIVE%\RECYCLER
%SYSTEMDRIVE%\RECYCLER
%SYSTEMDRIVE%
%SYSTEMDRIVE%
~tmp.hiv
~tmp.hiv
%s\temp\WR-X.tmp
%s\temp\WR-X.tmp
%s\Start Menu\Programs\Startup
%s\Start Menu\Programs\Startup
WSATemp.exe
WSATemp.exe
dbn.db
dbn.db
%s-%i
%s-%i
*.log
*.log
lwrSync.dll
lwrSync.dll
PxPlugin.dll
PxPlugin.dll
A file was in use during the cleanup operation and could not be cleaned. A reboot is required to fully remove this file.
A file was in use during the cleanup operation and could not be cleaned. A reboot is required to fully remove this file.
PKG.tmp
PKG.tmp
Software\Google\Chrome
Software\Google\Chrome
ace%i.db
ace%i.db
Win32.%S %s
Win32.%S %s
\%s%s
\%s%s
NetworkEvents.log
NetworkEvents.log
WRLog.log
WRLog.log
WEH-Tcp
WEH-Tcp
RDP-Tcp
RDP-Tcp
WRrem%i.exe
WRrem%i.exe
&CNTID=%S&SNUM=%S&CType=%S
&CNTID=%S&SNUM=%S&CType=%S
&%S=%S
&%S=%S
hXXp://%S?%S=%S%S&%S=%S&%S=%S&%S=%S&LANG=%S&VER=%i%i%i%i
hXXp://%S?%S=%S%S&%S=%S&%S=%S&%S=%S&LANG=%S&VER=%i%i%i%i
%S?UPD=%S&LANG=%S
%S?UPD=%S&LANG=%S
To ensure the highest quality experience with SecureAnywhere, we recommend contacting our Support and Sales team to assist with your deployment. Would you like to contact them now?
To ensure the highest quality experience with SecureAnywhere, we recommend contacting our Support and Sales team to assist with your deployment. Would you like to contact them now?
Opening your web console...
Opening your web console...
Your web console has been created and you can now easily deploy SecureAnywhere to other PCs and centrally manage configuration policies without needing any extra hardware.
Your web console has been created and you can now easily deploy SecureAnywhere to other PCs and centrally manage configuration policies without needing any extra hardware.
Log-in to your Web Console
Log-in to your Web Console
SecureAnywhere Endpoint Protection provides an easy to use, web-based console to manage the security of all of the devices in your organization.
SecureAnywhere Endpoint Protection provides an easy to use, web-based console to manage the security of all of the devices in your organization.
By clicking Agree and Begin, you accept the terms of the Webroot software license agreement.
By clicking Agree and Begin, you accept the terms of the Webroot software license agreement.
rtmp%d
rtmp%d
\\.\DISPLAY
\\.\DISPLAY
\Windows\explorer.exe
\Windows\explorer.exe
\Device\Tcp
\Device\Tcp
\Device\Udp
\Device\Udp
\Device\NamedPipe
\Device\NamedPipe
\System32\spoolsv.exe
\System32\spoolsv.exe
\System32\services.exe
\System32\services.exe
\System32\winlogon.exe
\System32\winlogon.exe
\System32\lsass.exe
\System32\lsass.exe
\System32\svchost.exe
\System32\svchost.exe
\System32\lsm.exe
\System32\lsm.exe
\System32\csrss.exe
\System32\csrss.exe
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
WRkrn.sys
WRkrn.sys
(c) Webroot 2006-2012
(c) Webroot 2006-2012
user32.dll
user32.dll
shdocvw.dll
shdocvw.dll
ieframe.dll
ieframe.dll
rpcrt4.dll
rpcrt4.dll
WINDOW: %s - %s
WINDOW: %s - %s
ShXXps://
ShXXps://
tmpremove.exe
tmpremove.exe
smc.exe
smc.exe
msctf.dll
msctf.dll
browseui.dll
browseui.dll
dwmapi.dll
dwmapi.dll
uxtheme.dll
uxtheme.dll
"%s" %S"%s"
"%s" %S"%s"
hXXps://VVV.webroot.com
hXXps://VVV.webroot.com
eSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
eSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
RapportKE64
RapportKE64
RapportKELL
RapportKELL
wsock32.dll
wsock32.dll
%s\%s\%s\%s
%s\%s\%s\%s
wrSync4.dat
wrSync4.dat
wrSync3.dat
wrSync3.dat
wrSync2.dat
wrSync2.dat
wrSync1.dat
wrSync1.dat
Webr
Webr
WRSA.exe_352_rwx_01001000_00205000:
SUPPORTHOME
SUPPORTHOME
WEBROOTHOME
WEBROOTHOME
SUPPORT
SUPPORT
/exeshowaddremove
/exeshowaddremove
-proxyport=
-proxyport=
-proxypass=
-proxypass=
-key=
-key=
/key=
/key=
DlExec
DlExec
TempKeycode
TempKeycode
ChangeKeyCode
ChangeKeyCode
virusscan.jotti.org
virusscan.jotti.org
VVV.virustotal.com
VVV.virustotal.com
sophos.com
sophos.com
grisoft.com
grisoft.com
pandasoftware.com
pandasoftware.com
trendmicro.com
trendmicro.com
virustotal.com
virustotal.com
f-secure.com
f-secure.com
kaspersky.com
kaspersky.com
mcafee.com
mcafee.com
webroot.com symantec.com
webroot.com symantec.com
webrootanywhere.com
webrootanywhere.com
webrootcloudav.com
webrootcloudav.com
prevxinfo.com
prevxinfo.com
prevx.com
prevx.com
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
hXXp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
hXXp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
scrnsave.scr
scrnsave.scr
res://ieframe.dll/securityatrisk.htm
res://ieframe.dll/securityatrisk.htm
res://ieframe.dll/repost.htm
res://ieframe.dll/repost.htm
res://ieframe.dll/offcancl.htm
res://ieframe.dll/offcancl.htm
res://ieframe.dll/noaddoninfo.htm
res://ieframe.dll/noaddoninfo.htm
res://ieframe.dll/noaddon.htm
res://ieframe.dll/noaddon.htm
res://ieframe.dll/inprivate.htm
res://ieframe.dll/inprivate.htm
res://ieframe.dll/navcancl.htm
res://ieframe.dll/navcancl.htm
res://mshtml.dll/blank.htm
res://mshtml.dll/blank.htm
C:\Windows\system32\blank.htm
C:\Windows\system32\blank.htm
hXXp://go.microsoft.com/fwlink/?LinkId=54896
hXXp://go.microsoft.com/fwlink/?LinkId=54896
hXXp://go.microsoft.com/fwlink/?LinkId=69157
hXXp://go.microsoft.com/fwlink/?LinkId=69157
BURLT
BURLT
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\CurrentVersion\App Paths
Terminal Server Client\TransportExtensions
Terminal Server Client\TransportExtensions
Ole\AppCompat\ActivationSecurityCheckExemptionList
Ole\AppCompat\ActivationSecurityCheckExemptionList
.html
.html
UrlSearchHooks
UrlSearchHooks
Extensions\CmdMapping
Extensions\CmdMapping
Keyboard Layouts
Keyboard Layouts
Userinstallable.drivers
Userinstallable.drivers
LoginScript
LoginScript
rdpwd\Tds\tcp
rdpwd\Tds\tcp
Cmdline
Cmdline
SetupExecute
SetupExecute
Image File Execution Options
Image File Execution Options
wowcmdline
wowcmdline
cmdline
cmdline
Windows
Windows
SCRNSAVE.EXE
SCRNSAVE.EXE
KeyFileName
KeyFileName
Explorer\ShellExecuteHooks
Explorer\ShellExecuteHooks
PendingFileRenameOperations
PendingFileRenameOperations
FileRenameOperations
FileRenameOperations
BootExecute
BootExecute
Software\Policies\Microsoft\Windows\System\Scripts
Software\Policies\Microsoft\Windows\System\Scripts
AppCertDlls
AppCertDlls
DefaultPassword
DefaultPassword
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
$$^^URL
$$^^URL
ProxyPort
ProxyPort
ProxyPassword
ProxyPassword
UninstallKey
UninstallKey
websec
websec
UPDATEURL
UPDATEURL
ERRURL
ERRURL
URLSTR
URLSTR
URLFILEUPLOAD
URLFILEUPLOAD
URLINBOUND
URLINBOUND
URLSLAP
URLSLAP
hXXp://webcache.google
hXXp://webcache.google
hXXp://developers.facebook.com
hXXp://developers.facebook.com
hXXp://static.ak.fbcdn.net
hXXp://static.ak.fbcdn.net
hXXp://VVV.facebook.com
hXXp://VVV.facebook.com
video.ak.fbcdn.net
video.ak.fbcdn.net
VVV.facebook.com
VVV.facebook.com
driver.cab
driver.cab
sp1.cab
sp1.cab
sp2.cab
sp2.cab
sp3.cab
sp3.cab
A suspicious file was detected: %S - %s - X
A suspicious file was detected: %S - %s - X
Applied unique machine ID: X
Applied unique machine ID: X
In-memory infection identified: %S
In-memory infection identified: %S
Configuration Saved: %s
Configuration Saved: %s
Removed invalid LSP chain entry: %S
Removed invalid LSP chain entry: %S
Connected to %s
Connected to %s
Monitoring process %S [%s]. Type: %i (%i)
Monitoring process %S [%s]. Type: %i (%i)
End passive write scan (%i file(s))
End passive write scan (%i file(s))
Begin passive write scan (%i file(s))
Begin passive write scan (%i file(s))
Saved the product log to %S
Saved the product log to %S
Rule Overridden: MD5: %s, Size: %i bytes, ID: X, Result: %i
Rule Overridden: MD5: %s, Size: %i bytes, ID: X, Result: %i
Website determination changed: %S [Level: X] [Type: X]
Website determination changed: %S [Level: X] [Type: X]
>>> Service started [%s]
>>> Service started [%s]
SLevel updated to %s
SLevel updated to %s
Applied license key: %s
Applied license key: %s
Executed cleanup script: %S
Executed cleanup script: %S
Submitted file at user request: %S
Submitted file at user request: %S
Updating from %S
Updating from %S
Scan Results: Files Scanned: %i, Duration: %S, Malicious Files: %i
Scan Results: Files Scanned: %i, Duration: %S, Malicious Files: %i
Scan Started: %S [ID: %i - Flags: %i/%i]
Scan Started: %S [ID: %i - Flags: %i/%i]
Configuration imported from %S
Configuration imported from %S
Configuration exported to %S
Configuration exported to %S
Cleanup tool %i executed
Cleanup tool %i executed
Determination flags modified: %S - MD5: %s, Size: %i bytes, Flags: X
Determination flags modified: %S - MD5: %s, Size: %i bytes, Flags: X
Blocked process from accessing protected data: %S [Type: %i]
Blocked process from accessing protected data: %S [Type: %i]
Closed network connection: [X.%i - X.%i]
Closed network connection: [X.%i - X.%i]
Blocked process from connecting to the Internet: %S [MD5: %s]
Blocked process from connecting to the Internet: %S [MD5: %s]
Infection found in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
Infection found in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
File blocked in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
File blocked in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
Blocked website: %s
Blocked website: %s
Rolled back infection: %S
Rolled back infection: %S
Infection detected: %S [MD5: %s] [%i/X] [%s]
Infection detected: %S [MD5: %s] [%i/X] [%s]
Installation successfully completed (%s/%s)
Installation successfully completed (%s/%s)
GetWindowsDirectoryA
GetWindowsDirectoryA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CallNamedPipeW
CallNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
GetNamedPipeClientProcessId
GetNamedPipeClientProcessId
CreateIoCompletionPort
CreateIoCompletionPort
%m/%d %I:%M %p
%m/%d %I:%M %p
%d/%m %I:%M %p
%d/%m %I:%M %p
127.0.0.1
127.0.0.1
_CorExeMain
_CorExeMain
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.3
g%i.p4.webrootcloudav.com/arm.asp
g%i.p4.webrootcloudav.com/arm.asp
000000000000000
000000000000000
Win32.Override.1
Win32.Override.1
Win32.LocalInfect.3
Win32.LocalInfect.3
Win32.LocalInfect.1
Win32.LocalInfect.1
Win32.AutoBlock.1
Win32.AutoBlock.1
Win32.UserAdded
Win32.UserAdded
Win32.RuleBlock.1
Win32.RuleBlock.1
Win32.Untrusted.1
Win32.Untrusted.1
Caution.Rootkit
Caution.Rootkit
Community.OuterEdge
Community.OuterEdge
Community.Heuristic
Community.Heuristic
Win32.LocalADS
Win32.LocalADS
Win32.LocalInfect.0
Win32.LocalInfect.0
Win32.LocalInfect.2
Win32.LocalInfect.2
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,MM=Y,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,MM=Y,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,LSysC:%I64X,TSysC:%I64X,
%commonfiles%
%commonfiles%
Êche%
Êche%
%cookies%
%cookies%
úvorites%
úvorites%
%documents%
%documents%
%start%
%start%
%startup%
%startup%
Þsktop%
Þsktop%
VVV.google.com
VVV.google.com
if exist "%s" goto d
if exist "%s" goto d
Nspr4Hook::hookerPrOpenTcpSocket
Nspr4Hook::hookerPrOpenTcpSocket
if exist "%s"
if exist "%s"
VVV.bing.com
VVV.bing.com
ru.brans.pl
ru.brans.pl
proxim.ircgalaxy.pl
proxim.ircgalaxy.pl
irc.zief.pl
irc.zief.pl
core.ircgalaxy.pl
core.ircgalaxy.pl
kernel32.dll
kernel32.dll
SLAPKEY
SLAPKEY
%s/arm.asp
%s/arm.asp
%s/aot.asp
%s/aot.asp
184.72.40.115
184.72.40.115
174.129.33.10
174.129.33.10
79.125.105.211
79.125.105.211
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
arm.asp
arm.asp
%Y-%m-%d %H:%M:%S.000
%Y-%m-%d %H:%M:%S.000
serverexecutable
serverexecutable
%s\wininit.ini
%s\wininit.ini
1%iX%s^%s
1%iX%s^%s
DEX%s^
DEX%s^
C0X%s^
C0X%s^
C1X%s^%s
C1X%s^%s
C2X%s^
C2X%s^
(%i %s)
(%i %s)
Removing all components... %c
Removing all components... %c
.pvxdtr
.pvxdtr
https
https
PACKED_EXE,
PACKED_EXE,
[Ovr=X*Age=%i*Pop=%i*Dir=%i*Adv=%i*],
[Ovr=X*Age=%i*Pop=%i*Dir=%i*Adv=%i*],
00000000000000000000
00000000000000000000
00000000
00000000
0000000000000000
0000000000000000
00000000000000
00000000000000
URLBlob
URLBlob
Start: X. End: X. Seq: X. DB: X. Install: X. Command: %s. Parameters: %s
Start: X. End: X. Seq: X. DB: X. Install: X. Command: %s. Parameters: %s
reg %s /f
reg %s /f
%x %x
%x %x
1.2.3
1.2.3
%m-%d
%m-%d
hXXp://
hXXp://
%2sX
%2sX
%2ss
%2ss
JOBHTTP
JOBHTTP
$$$01$$$
$$$01$$$
%S,%s,
%S,%s,
WSASME.EXE
WSASME.EXE
operating systems
operating systems
%C:\boot.ini
%C:\boot.ini
%s\%S
%s\%S
"%S\%s",SynProc %i
"%S\%s",SynProc %i
XXX
XXX
v8.0.1.233
v8.0.1.233
@.dll
@.dll
%S\%s.dll
%S\%s.dll
SetTcpEntry
SetTcpEntry
GetExtendedTcpTable
GetExtendedTcpTable
GetExtendedUdpTable
GetExtendedUdpTable
FilterConnectCommunicationPort
FilterConnectCommunicationPort
RegSaveKeyExW
RegSaveKeyExW
RegRestoreKeyW
RegRestoreKeyW
RegSaveKeyW
RegSaveKeyW
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegOpenKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyExA
RegSetKeySecurity
RegSetKeySecurity
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
CertOpenStore
CertOpenStore
CertCloseStore
CertCloseStore
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgGetParam
CertFreeCertificateContext
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
ExitWindowsEx
ExitWindowsEx
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
WinHttpConnect
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSendRequest
WinHttpOpen
WinHttpOpen
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpReadData
WinHttpReadData
WinHttpCloseHandle
WinHttpCloseHandle
winhttp
winhttp
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
msvcrt
msvcrt
OS=%i%i^OSLang=%i^OSFull=%s^AVV=%s^AVS=%s^AVA=%s^AVU=%s^IB=%S^IBV=%S^FWE=%s^
OS=%i%i^OSLang=%i^OSFull=%s^AVV=%s^AVS=%s^AVA=%s^AVU=%s^IB=%S^IBV=%S^FWE=%s^
%u%u%u
%u%u%u
PX%sMID3%sSRC
PX%sMID3%sSRC
MACX%s
MACX%s
(Build %d)
(Build %d)
%s (Build %d)
%s (Build %d)
Server 2008 WebServer
Server 2008 WebServer
Server 2003 Web Edition
Server 2003 Web Edition
Windows Version Unknown
Windows Version Unknown
Windows %s %s
Windows %s %s
Windows %s %s %s
Windows %s %s %s
-X
-X
HTTP/1.1 500
HTTP/1.1 500
Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\%s
{C27CCE38-8596-11D1-B16A-00C0F0283688}
{C27CCE38-8596-11D1-B16A-00C0F0283688}
{C1A8AF25-1257-101B-8FB0-0020AF039CA8}
{C1A8AF25-1257-101B-8FB0-0020AF039CA8}
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%i
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%i
20323:TCP
20323:TCP
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
14671:UDP
14671:UDP
c:\windows\explorer.exe
c:\windows\explorer.exe
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\DomainProfile\GloballyOpenPorts
Software\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST
Software\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST
Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86AEEA3A39CAF6F4D8D287BB7F4E228B
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86AEEA3A39CAF6F4D8D287BB7F4E228B
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
255.255.255.255
255.255.255.255
$$$04$$$
$$$04$$$
$$$03$$$
$$$03$$$
$$$02$$$
$$$02$$$
AntiVirusProduct.instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}"
AntiVirusProduct.instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}"
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --siluninstall -name=webroot --nostartmenu --noaddremove -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --siluninstall -name=webroot --nostartmenu --noaddremove -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --userinstallie --userinstallff -name=webroot --nostartmenu --noaddremove --installforallusers -j "%S\pkg" --disablenotes --disableidentities --disablevault --disablecontext --lpbarpath="%S\PKG\WRBar.dll" --lpbarpath64="%S\PKG\WRBar64.dll" -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --userinstallie --userinstallff -name=webroot --nostartmenu --noaddremove --installforallusers -j "%S\pkg" --disablenotes --disableidentities --disablevault --disablecontext --lpbarpath="%S\PKG\WRBar.dll" --lpbarpath64="%S\PKG\WRBar64.dll" -noshut
WRCLOUDALPHA.EXE
WRCLOUDALPHA.EXE
%s %s
%s %s
sShortDate
sShortDate
%a %Y-%m-%d %H:%M
%a %Y-%m-%d %H:%M
%a %d-%m-%Y %H:%M
%a %d-%m-%Y %H:%M
%a %Y-%m-%d %H:%M:%S
%a %Y-%m-%d %H:%M:%S
%a %d-%m-%Y %H:%M:%S
%a %d-%m-%Y %H:%M:%S
%s%I64XXXX
%s%I64XXXX
XXXXXXXXX%I64X
XXXXXXXXX%I64X
UpdateURL
UpdateURL
Software\Classes\winbio.winbiotools
Software\Classes\winbio.winbiotools
Software\Classes\Typelib\{130e4dce-ffac-15e3-5893-74950afeea4c}
Software\Classes\Typelib\{130e4dce-ffac-15e3-5893-74950afeea4c}
Software\Classes\Typelib\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Typelib\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Clsid\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Clsid\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Interface\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Interface\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Typelib\{8a4f328c-c9f4-4449-a0df-a756a6b52abf}
Software\Classes\Typelib\{8a4f328c-c9f4-4449-a0df-a756a6b52abf}
Software\Classes\bho.fffplayer.1
Software\Classes\bho.fffplayer.1
Software\Classes\bho.fffplayer
Software\Classes\bho.fffplayer
Software\Microsoft\Active Setup\Installed Components\{b00589a8-44cb-ba97-5de2-7c733bbee8ed}
Software\Microsoft\Active Setup\Installed Components\{b00589a8-44cb-ba97-5de2-7c733bbee8ed}
%s.i
%s.i
Win32.MalComponent
Win32.MalComponent
Win32.Corrupted
Win32.Corrupted
Software\Microsoft\Windows\CurrentVersion\Policies
Software\Microsoft\Windows\CurrentVersion\Policies
credssp.dll
credssp.dll
Software\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Windows\CurrentVersion\Policies\System
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\qmgr.dll
%SystemRoot%\System32\qmgr.dll
System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
%SystemRoot%\system32\ntmarta.dll
%SystemRoot%\system32\ntmarta.dll
%SystemRoot%\system32\notepad.exe %1
%SystemRoot%\system32\notepad.exe %1
Software\Classes\Applications\notepad.exe\shell\open\command
Software\Classes\Applications\notepad.exe\shell\open\command
System\CurrentControlSet\Control\Session Manager\AppCertDlls
System\CurrentControlSet\Control\Session Manager\AppCertDlls
Software\Microsoft\PCHealth\ErrorReporting
Software\Microsoft\PCHealth\ErrorReporting
DoReport
DoReport
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
WarnOnBadCertRecving
WarnOnBadCertRecving
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Policies\Microsoft\Windows NT\SystemRestore
Software\Policies\Microsoft\Windows NT\SystemRestore
%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
%SystemRoot%\system32\ntvdm.exe
%SystemRoot%\system32\ntvdm.exe
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows NT\CurrentVersion\Windows
comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
explorer.exe
explorer.exe
Software\Classes\.exe\shell\open\command
Software\Classes\.exe\shell\open\command
Software\Classes\exefile\shell\open\command
Software\Classes\exefile\shell\open\command
Software\Classes\.exe
Software\Classes\.exe
dontreportinfectioninformation
dontreportinfectioninformation
Windows\WindowsUpdate
Windows\WindowsUpdate
Windows\WindowsUpdate\AU\NoAutoUpdate
Windows\WindowsUpdate\AU\NoAutoUpdate
DisableCMD
DisableCMD
NoWindowsUpdate
NoWindowsUpdate
%windir%\system32\choice.exe /T 1 /N /D N /M Uninstalling...
%windir%\system32\choice.exe /T 1 /N /D N /M Uninstalling...
#pragma namespace("\\\\.\\root\\SecurityCenter")
#pragma namespace("\\\\.\\root\\SecurityCenter")
[Description("Webroot SecureAnywhere Security Center Integration"),Override("HostingModel")]
[Description("Webroot SecureAnywhere Security Center Integration"),Override("HostingModel")]
Name="AVClientInt.AVClientIntProvider";
Name="AVClientInt.AVClientIntProvider";
ClsId="{D486329C-1488-4CEB-9CC8-D662B732D904}";
ClsId="{D486329C-1488-4CEB-9CC8-D662B732D904}";
SupportsPut="FALSE";
SupportsPut="FALSE";
SupportsGet="TRUE";
SupportsGet="TRUE";
SupportsDelete="FALSE";
SupportsDelete="FALSE";
SupportsEnumeration="TRUE";
SupportsEnumeration="TRUE";
instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}";
instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}";
companyName="Webroot";
companyName="Webroot";
displayName="Webroot SecureAnywhere";
displayName="Webroot SecureAnywhere";
Microsoft\Office\%s\%s\%s\
Microsoft\Office\%s\%s\%s\
http://
http://
WSA_SA_Report-%s
WSA_SA_Report-%s
%a_%Y-%m-%d_%H-%M-%S
%a_%Y-%m-%d_%H-%M-%S
g1.p4.webrootcloudav.com/arm.asp
g1.p4.webrootcloudav.com/arm.asp
symsecureport
symsecureport
SQLANYs_sem5
SQLANYs_sem5
semwebsrv
semwebsrv
Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
memory.dmp
memory.dmp
Microsoft\Windows NT\CurrentVersion\Winlogon\altdefaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\altdefaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername
Microsoft\Windows\CurrentVersion\Explorer\Streams\
Microsoft\Windows\CurrentVersion\Explorer\Streams\
Microsoft\Windows\CurrentVersion\Explorer\DesktopStreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\DesktopStreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
msdownload.tmp\
msdownload.tmp\
Microsoft\Windows\Cookies\index.dat
Microsoft\Windows\Cookies\index.dat
Microsoft\Windows\Temporary Internet Files\index.dat
Microsoft\Windows\Temporary Internet Files\index.dat
Cookies\index.dat
Cookies\index.dat
Local Settings\Temporary Internet Files\Content.IE5\index.dat
Local Settings\Temporary Internet Files\Content.IE5\index.dat
Microsoft\Windows\IEDownloadHistory\index.dat
Microsoft\Windows\IEDownloadHistory\index.dat
Logs\IE9_NR_Setup.log
Logs\IE9_NR_Setup.log
IE9_Main.log
IE9_Main.log
IE9.log
IE9.log
IE8_Main.log
IE8_Main.log
IE8.log
IE8.log
IE7_Main.log
IE7_Main.log
IE7.log
IE7.log
IE Setup Log.txt
IE Setup Log.txt
Microsoft\Windows\History\
Microsoft\Windows\History\
Local Settings\Temporary Internet Files\Content.IE5\
Local Settings\Temporary Internet Files\Content.IE5\
Microsoft\Windows\Temporary Internet Files\
Microsoft\Windows\Temporary Internet Files\
Microsoft\Windows\Cookies\
Microsoft\Windows\Cookies\
Microsoft\Internet Explorer\TypedUrls\
Microsoft\Internet Explorer\TypedUrls\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\
Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery\
Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery\
Microsoft\Internet Explorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU\
Microsoft\Internet Explorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU\
Microsoft\InternetExplorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU\
Microsoft\InternetExplorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Find\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Find\
Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Documents\Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Documents\Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Documents\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Documents\
Microsoft\Windows\Recent\
Microsoft\Windows\Recent\
$Recycle.bin\
$Recycle.bin\
Google\Chrome\User Data\Default\Cache\
Google\Chrome\User Data\Default\Cache\
Mozilla\Firefox\Profiles\
Mozilla\Firefox\Profiles\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install
P4REPORT
P4REPORT
%S\Driver Cache\i386
%S\Driver Cache\i386
%s,%i%i
%s,%i%i
8.0.1.233
8.0.1.233
%s %s%s
%s %s%s
%i-%i-%i-X-X.tmp
%i-%i-%i-X-X.tmp
%s %s%S %s
%s %s%S %s
Microsoft\Windows NT\CurrentVersion
Microsoft\Windows NT\CurrentVersion
\REGISTRY\User\%S
\REGISTRY\User\%S
Microsoft\Windows\CurrentVersion
Microsoft\Windows\CurrentVersion
IG=%s,
IG=%s,
hXXp://anywhere.webrootcloudav.com/zerol/pkgwiscaway.exe
hXXp://anywhere.webrootcloudav.com/zerol/pkgwiscaway.exe
detail.webrootanywhere.com/p4inbound.asp
detail.webrootanywhere.com/p4inbound.asp
hXXp://VVV.webrootanywhere.com/betaeula.asp
hXXp://VVV.webrootanywhere.com/betaeula.asp
*X
*X
%.*s(%d)%s
%.*s(%d)%s
=%%
=%%
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\WRSA.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\WRSA.pdb
O|SSSh
O|SSSh
SSSSh=
SSSSh=
tcSSSh
tcSSSh
SSSSh6
SSSSh6
SSSSh7
SSSSh7
PSSSh
PSSSh
(QPSSSSh,
(QPSSSSh,
SSSSh?
SSSSh?
PIQSSSh
PIQSSSh
RjEQSSSShE
RjEQSSSShE
SSSSh@
SSSSh@
RSSSSSSh
RSSSSSSh
KPjVSSSh
KPjVSSSh
QjfSSSh
QjfSSSh
SShaaa
SShaaa
}.VQR
}.VQR
PSSSSSSh
PSSSSSSh
>\u%f
>\u%f
K Pj.SV
K Pj.SV
SSSh8
SSSh8
O|SSSSh
O|SSSSh
jtSSSSh$
jtSSSSh$
SSh ;
SSh ;
tcPQ
tcPQ
SSSSh
SSSSh
S|Wj.WWh
S|Wj.WWh
jmj SSSh
jmj SSSh
N|Sj.SSh
N|Sj.SSh
jDSSSh
jDSSSh
jJj)SSSh
jJj)SSSh
N|Sj.SSj^jBSSSh
N|Sj.SSj^jBSSSh
SShDDD
SShDDD
SSSSjJj)SSSh
SSSSjJj)SSSh
W|Sj.SSj^jBSSSh
W|Sj.SSj^jBSSSh
V|Sj.SSj^jBSSSh
V|Sj.SSj^jBSSSh
t.SSSV
t.SSSV
zcÃ
zcÃ
Allow users to remove threats without a password
Allow users to remove threats without a password
Allow users to scan without a password
Allow users to scan without a password
This website is already being protected with SecureAnywhere Browser Protection. Remove it from the Browser Protection list to change its Website Filtering options.
This website is already being protected with SecureAnywhere Browser Protection. Remove it from the Browser Protection list to change its Website Filtering options.
This application is being actively protected against keyloggers, screen-grabbers, clipboard stealers, and other information-stealing threats.
This application is being actively protected against keyloggers, screen-grabbers, clipboard stealers, and other information-stealing threats.
Assess the intent of new programs before allowing them to execute
Assess the intent of new programs before allowing them to execute
Would you like to automatically import the settings that were used in your previous installation?
Would you like to automatically import the settings that were used in your previous installation?
Automatically block files when detected on execution
Automatically block files when detected on execution
Caution: Booting into Safe Mode may prevent access to encrypted hard drives. Ensure that you have all encryption keys available if you are using hard disk encryption so that your computer can boot properly. Do you want to continue?
Caution: Booting into Safe Mode may prevent access to encrypted hard drives. Ensure that you have all encryption keys available if you are using hard disk encryption so that your computer can boot properly. Do you want to continue?
Warn when new programs execute that are not trusted
Warn when new programs execute that are not trusted
Protect against keyloggers
Protect against keyloggers
Block phishing and known malicious websites
Block phishing and known malicious websites
Block suspicious access to browser windows
Block suspicious access to browser windows
The current operation cannot be aborted.
The current operation cannot be aborted.
SecureAnywhere was unable to remove threats automatically. Click "Contact Support" to contact our Support engineers.
SecureAnywhere was unable to remove threats automatically. Click "Contact Support" to contact our Support engineers.
Configuration for HTTP websites
Configuration for HTTP websites
Configuration for HTTPS websites
Configuration for HTTPS websites
Would you like SecureAnywhere to continue monitoring and alerting about the Windows Firewall?
Would you like SecureAnywhere to continue monitoring and alerting about the Windows Firewall?
Your keycode has been copied to the clipboard. You can now paste it into any application.
Your keycode has been copied to the clipboard. You can now paste it into any application.
The keycode could not be verified at this time. Ensure that SecureAnywhere is allowed to connect to the Internet and try again.
The keycode could not be verified at this time. Ensure that SecureAnywhere is allowed to connect to the Internet and try again.
Configuration settings could not be exported to the selected file.
Configuration settings could not be exported to the selected file.
Configuration settings could not be imported from the selected file.
Configuration settings could not be imported from the selected file.
SecureAnywhere has detected that the Windows Firewall is currently disabled. It is recommended that you enable the Windows Firewall to receive maximum protection. The firewall built into SecureAnywhere is fully compatible with the Windows Firewall and provides an additional layer of protection.||Would you like to enable the Windows Firewall now?
SecureAnywhere has detected that the Windows Firewall is currently disabled. It is recommended that you enable the Windows Firewall to receive maximum protection. The firewall built into SecureAnywhere is fully compatible with the Windows Firewall and provides an additional layer of protection.||Would you like to enable the Windows Firewall now?
Displaying %s events
Displaying %s events
Displaying %s process events
Displaying %s process events
Enable Password Protection
Enable Password Protection
Password protection is not currently enabled. Do you want to enable it now?
Password protection is not currently enabled. Do you want to enable it now?
Enable "right-click" scanning in Windows Explorer
Enable "right-click" scanning in Windows Explorer
Enter a valid keycode to continue.
Enter a valid keycode to continue.
First Exec - PID: %i
First Exec - PID: %i
A full keycode is required to add custom applications. Would you like to obtain one now?
A full keycode is required to add custom applications. Would you like to obtain one now?
Store Execution History details
Store Execution History details
Hide the SecureAnywhere keycode on-screen
Hide the SecureAnywhere keycode on-screen
SecureAnywhere has detected a modification to the HOSTS file, which may have been created by malicious software. The entry has the contents:||[%S]||Would you like SecureAnywhere to remove this entry?
SecureAnywhere has detected a modification to the HOSTS file, which may have been created by malicious software. The entry has the contents:||[%S]||Would you like SecureAnywhere to remove this entry?
HTTP Proxy
HTTP Proxy
Save non-executable file details to scan logs
Save non-executable file details to scan logs
Enter a valid keycode. If you continue to receive this message, contact SecureAnywhere Support.
Enter a valid keycode. If you continue to receive this message, contact SecureAnywhere Support.
I/O Operations
I/O Operations
A full keycode is required to increase the default security level. Would you like to obtain one now?
A full keycode is required to increase the default security level. Would you like to obtain one now?
A keycode is required to run a full system scan. Would you like to obtain one now?
A keycode is required to run a full system scan. Would you like to obtain one now?
Your SecureAnywhere keycode has been validated and activated. Your computer will now be rescanned to provide the most accurate protection.
Your SecureAnywhere keycode has been validated and activated. Your computer will now be rescanned to provide the most accurate protection.
Enter a keycode to continue.
Enter a keycode to continue.
Loading execution history process events...
Loading execution history process events...
The Execution History log is currently loading.
The Execution History log is currently loading.
Loading %s execution history events...
Loading %s execution history events...
Caution: Your current configuration settings may prevent access to SecureAnywhere. You may want to change your configuration settings now or use the command-line option "WRSA.exe -showgui" to show the SecureAnywhere interface if needed.
Caution: Your current configuration settings may prevent access to SecureAnywhere. You may want to change your configuration settings now or use the command-line option "WRSA.exe -showgui" to show the SecureAnywhere interface if needed.
Operate background functions using fewer CPU resources
Operate background functions using fewer CPU resources
This website is blocked because of a policy added by the user to prevent access.
This website is blocked because of a policy added by the user to prevent access.
This website has been trusted locally and visitation is not blocked.
This website has been trusted locally and visitation is not blocked.
Contact SecureAnywhere Support to upload files larger than 10MB.
Contact SecureAnywhere Support to upload files larger than 10MB.
Insert a keycode for SecureAnywhere.
Insert a keycode for SecureAnywhere.
Password
Password
This file is trying to access stored passwords
This file is trying to access stored passwords
The password entered was incorrect.
The password entered was incorrect.
Error: The entered passwords do not match.
Error: The entered passwords do not match.
PID %i active %s (CPU %s)
PID %i active %s (CPU %s)
PID %i active %s
PID %i active %s
%s (PID: %i) started by %s (PID: %i)
%s (PID: %i) started by %s (PID: %i)
%s (PID: %i) - (Parent PID: %i)
%s (PID: %i) - (Parent PID: %i)
Enter your password below to enter:
Enter your password below to enter:
Enter a password to enable protection.
Enter a password to enable protection.
Protect cookies and saved website data
Protect cookies and saved website data
An attempt to take a screenshot of your computer was detected. This screenshot may contain confidential information as a protected website is currently open. Do you want to allow this screenshot to continue?
An attempt to take a screenshot of your computer was detected. This screenshot may contain confidential information as a protected website is currently open. Do you want to allow this screenshot to continue?
Protect against URL grabbing attacks
Protect against URL grabbing attacks
Port
Port
Randomize the installed filename to bypass certain infections
Randomize the installed filename to bypass certain infections
Allow the process to execute other processes
Allow the process to execute other processes
Allow access to windows with a High integrity level
Allow access to windows with a High integrity level
Allow access to windows with a Medium integrity level
Allow access to windows with a Medium integrity level
Select a configuration file to import
Select a configuration file to import
Select a file to execute
Select a file to execute
Select where you would like to export the configuration:
Select where you would like to export the configuration:
Select a file to report to Webroot
Select a file to report to Webroot
Select a removal script to execute:
Select a removal script to execute:
Show SecureAnywhere in the Windows Action Center
Show SecureAnywhere in the Windows Action Center
Show the "Authenticating Files" popup when a new file is scanned on-execution
Show the "Authenticating Files" popup when a new file is scanned on-execution
Show SecureAnywhere in the Windows Security Center
Show SecureAnywhere in the Windows Security Center
Configuration successfully exported.
Configuration successfully exported.
Are you sure you want to visit this website? The contents could potentially compromise your identity or infect your computer.
Are you sure you want to visit this website? The contents could potentially compromise your identity or infect your computer.
Uninstall Webroot
Uninstall Webroot
Configuration saved. Close and re-open all open web browsers to update active protection.
Configuration saved. Close and re-open all open web browsers to update active protection.
Use the preconfigured policies for changing configuration settings for all websites.
Use the preconfigured policies for changing configuration settings for all websites.
This keycode is valid but has expired. Would you like to renew the keycode now?
This keycode is valid but has expired. Would you like to renew the keycode now?
Enter a valid, complete website name to configure.
Enter a valid, complete website name to configure.
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks
Verify websites when visited to determine legitimacy
Verify websites when visited to determine legitimacy
This website contains a known threat and has been blocked.
This website contains a known threat and has been blocked.
Contact Support
Contact Support
Website determination updated. Close your web browser and open the web page again or refresh the current page to continue browsing.
Website determination updated. Close your web browser and open the web page again or refresh the current page to continue browsing.
SecureAnywhere Scan Log (Version %S)~|Log saved at %S~|
SecureAnywhere Scan Log (Version %S)~|Log saved at %S~|
(User time: %s - Kernel time: %s)
(User time: %s - Kernel time: %s)
Cycles: %s
Cycles: %s
MD5: %S - Size: %i bytes
MD5: %S - Size: %i bytes
(PID: %i, TID: %i) %s registry entry: %s\%.*s
(PID: %i, TID: %i) %s registry entry: %s\%.*s
(PID: %i, TID: %i) %s file: %.*s
(PID: %i, TID: %i) %s file: %.*s
%s: PID - %i
%s: PID - %i
(PID: %i, TID: %i) %s process: %i - %s
(PID: %i, TID: %i) %s process: %i - %s
(PID: %i, TID: %i) %s named pipe: %.*s
(PID: %i, TID: %i) %s named pipe: %.*s
(PID: %i, TID: %i) %s module: %.*s
(PID: %i, TID: %i) %s module: %.*s
(PID: %i, TID: %i) %s code: %.*s (%S)
(PID: %i, TID: %i) %s code: %.*s (%S)
(PID: %i, TID: %i) %s IP %.*S
(PID: %i, TID: %i) %s IP %.*S
(PID: %i, TID: %i) %s Sector: %I64X - Length: %I64X
(PID: %i, TID: %i) %s Sector: %I64X - Length: %I64X
(PID: %i, TID: %i) %s URL: %.*S
(PID: %i, TID: %i) %s URL: %.*S
(PID: %i, TID: %i) %s service - %.*s - %.*s, (%i, %i)
(PID: %i, TID: %i) %s service - %.*s - %.*s, (%i, %i)
(PID: %i, TID: %i) %s mutex: %.*s
(PID: %i, TID: %i) %s mutex: %.*s
(PID: %i, TID: %i) Logging keystrokes
(PID: %i, TID: %i) Logging keystrokes
(PID: %i, TID: %i) Monitoring Windows events (%i)
(PID: %i, TID: %i) Monitoring Windows events (%i)
(PID: %i, TID: %i) %s section: %.*s
(PID: %i, TID: %i) %s section: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Registry Key: %.*s~|~|Value: %.*s~|Type: X~|New Data: %s~|~|Previous Data: %s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Registry Key: %.*s~|~|Value: %.*s~|Type: X~|New Data: %s~|~|Previous Data: %s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Original Filename: %.*s~|~|New Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Original Filename: %.*s~|~|New Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Target Process ID: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Target Process ID: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Module Name: %.*s~|Image Base: X~|Image Size: X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Module Name: %.*s~|Image Base: X~|Image Size: X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s~|Type: %S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s~|Type: %S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Address: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Address: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Sector: %I64X~|Length: %I64X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Sector: %I64X~|Length: %I64X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|URL: %.*S~|~|Bytes Transferred: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|URL: %.*S~|~|Bytes Transferred: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Caption: %.*S~|Contents: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Caption: %.*S~|Contents: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Service Name: %.*s~|Binary Path: %.*s~|Type: %i~|Start Type: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Service Name: %.*s~|Binary Path: %.*s~|Type: %i~|Start Type: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Mutex: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Mutex: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Windows Hook ID: %i~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Windows Hook ID: %i~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Event Hook Minimum ID: X~|Event Hook Maximum ID: X
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Event Hook Minimum ID: X~|Event Hook Maximum ID: X
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Section: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Section: %.*s
View the Webroot software license agreement
View the Webroot software license agreement
Webroot SecureAnywhere protects your computer from viruses, spyware, trojans, rootkits, and other malicious software.
Webroot SecureAnywhere protects your computer from viruses, spyware, trojans, rootkits, and other malicious software.
Enter your keycode to install and activate your software.
Enter your keycode to install and activate your software.
Help me find my keycode
Help me find my keycode
By clicking Agree and Install, you accept the terms of the Webroot software license agreement.
By clicking Agree and Install, you accept the terms of the Webroot software license agreement.
Want to learn more about Webroot?
Want to learn more about Webroot?
Help and Support
Help and Support
About Webroot SecureAnywhere
About Webroot SecureAnywhere
Login Theft Protection
Login Theft Protection
Protected Websites
Protected Websites
Websites on this list receive custom security to protect any information entered.
Websites on this list receive custom security to protect any information entered.
View/Edit Protected Websites
View/Edit Protected Websites
Password Required
Password Required
Web Threat Shield
Web Threat Shield
3. Close any open programs or web browsers (Recommended but not essential)
3. Close any open programs or web browsers (Recommended but not essential)
Reports
Reports
You may save a scan log, which Technical Support uses for diagnostics.
You may save a scan log, which Technical Support uses for diagnostics.
View an audit log of all monitored executed code. This allows you to manage running processes and identify potential problems quickly.
View an audit log of all monitored executed code. This allows you to manage running processes and identify potential problems quickly.
Not collecting execution history events
Not collecting execution history events
Password:
Password:
Repeat Password:
Repeat Password:
If a Webroot researcher has instructed you to execute a Removal script, select the script to begin.
If a Webroot researcher has instructed you to execute a Removal script, select the script to begin.
Import / Export
Import / Export
Block websites from creating high risk tracking information
Block websites from creating high risk tracking information
Analyze websites for phishing threats
Analyze websites for phishing threats
Enter the website address to protect (e.g. VVV.webroot.com)
Enter the website address to protect (e.g. VVV.webroot.com)
Add Website
Add Website
Analyze search engine results and identify malicious websites before visitation
Analyze search engine results and identify malicious websites before visitation
Detect websites being redirected by the HOSTS file
Detect websites being redirected by the HOSTS file
Look for malware on websites before visitation
Look for malware on websites before visitation
Look for exploits in website content before visitation
Look for exploits in website content before visitation
Website Filter
Website Filter
View/edit the list of blocked websites to change how they should be handled or add new websites to block.
View/edit the list of blocked websites to change how they should be handled or add new websites to block.
View Websites
View Websites
Website
Website
Enter the website address to configure (e.g. VVV.webroot.com)
Enter the website address to configure (e.g. VVV.webroot.com)
You received your keycode by email.
You received your keycode by email.
Your keycode is located on the CD sleeve.
Your keycode is located on the CD sleeve.
If you have misplaced your keycode:
If you have misplaced your keycode:
Contact Webroot Support at hXXp://VVV.webroot.com/support
Contact Webroot Support at hXXp://VVV.webroot.com/support
Help me find my license keycode
Help me find my license keycode
You can also import your settings from another computer using this screen.
You can also import your settings from another computer using this screen.
Import Settings
Import Settings
Export Settings
Export Settings
Activate a new keycode
Activate a new keycode
Keycode:
Keycode:
Enter your new keycode into the field below and click Activate:
Enter your new keycode into the field below and click Activate:
Enter your keycode here...
Enter your keycode here...
Are you sure you want to abort the current operation?
Are you sure you want to abort the current operation?
Identity && Privacy - protect yourself while browsing web sites
Identity && Privacy - protect yourself while browsing web sites
Enter a password that is at least six characters long for better security.
Enter a password that is at least six characters long for better security.
Only executable files can be overridden.
Only executable files can be overridden.
Warning: Clearing the product log will prevent Webroot technical support from assisting you accurately. Are you sure you want to clear the log?
Warning: Clearing the product log will prevent Webroot technical support from assisting you accurately. Are you sure you want to clear the log?
The username or password is invalid.
The username or password is invalid.
I forgot my password
I forgot my password
Downloading Password Management Components...
Downloading Password Management Components...
Installing Password Management...
Installing Password Management...
Windows System
Windows System
Windows Desktop
Windows Desktop
Windows Registry Streams
Windows Registry Streams
Windows Update Temporary folder
Windows Update Temporary folder
Windows Temporary folder
Windows Temporary folder
Clean Index.dat (cleaned on reboot)
Clean Index.dat (cleaned on reboot)
URL history
URL history
Securely erase files by overwriting contents with random data using seven passes and clean free space around files.
Securely erase files by overwriting contents with random data using seven passes and clean free space around files.
Erase files by overwriting contents with random data using three passes.
Erase files by overwriting contents with random data using three passes.
Clean files using standard file deletion techniques, bypassing the Windows Recycle Bin.
Clean files using standard file deletion techniques, bypassing the Windows Recycle Bin.
SecureAnywhere has detected a significant infection on your computer which requires manual assistance to clean. Contact Webroot Support to help clean your computer.
SecureAnywhere has detected a significant infection on your computer which requires manual assistance to clean. Contact Webroot Support to help clean your computer.
Your SecureAnywhere subscription entitles you to use Backup && Sync which makes it easy to share files on your computer and protect your important files from loss. Click "Download and Install" to use this feature.
Your SecureAnywhere subscription entitles you to use Backup && Sync which makes it easy to share files on your computer and protect your important files from loss. Click "Download and Install" to use this feature.
Select specific files and folders to back up to your online storage in the Cloud to protect important files from loss.
Select specific files and folders to back up to your online storage in the Cloud to protect important files from loss.
Webroot Internet Security Complete is already installed on your computer. Use the Sync & Sharing features within WISC to prevent incompatibilities.
Webroot Internet Security Complete is already installed on your computer. Use the Sync & Sharing features within WISC to prevent incompatibilities.
Backup & Sync was not installed successfully. If you continue to receive this error, contact Webroot Support.
Backup & Sync was not installed successfully. If you continue to receive this error, contact Webroot Support.
Your SecureAnywhere subscription entitles you to use Password Management that makes managing your web site logons easy and more secure. Click "Download and Install" to use this feature.
Your SecureAnywhere subscription entitles you to use Password Management that makes managing your web site logons easy and more secure. Click "Download and Install" to use this feature.
Install Password Management
Install Password Management
Manage your personal information, websites, and passwords at your My Webroot account.
Manage your personal information, websites, and passwords at your My Webroot account.
- Automatically fill in your login information for remembered websites
- Automatically fill in your login information for remembered websites
- Create secure, hack-resistant passwords for website logins
- Create secure, hack-resistant passwords for website logins
Password Management makes web browsing easier and more secure.
Password Management makes web browsing easier and more secure.
Password Management is On
Password Management is On
Password Management was not installed successfully. If you continue to receive this error, contact Webroot Support.
Password Management was not installed successfully. If you continue to receive this error, contact Webroot Support.
Password Management
Password Management
SecureAnywhere was unable to restore all files to their original locations and has copied them to a dedicated Quarantine folder located at [%s]. Would you like to view the Quarantine folder now?
SecureAnywhere was unable to restore all files to their original locations and has copied them to a dedicated Quarantine folder located at [%s]. Would you like to view the Quarantine folder now?
The keycode is currently hidden and cannot be copied.
The keycode is currently hidden and cannot be copied.
%-5i %S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i %S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i ...%.*S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i ...%.*S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%S (%S) - %S@%S drive - %i%% Free (%i MB Total), Serial Number: X~|
%S (%S) - %S@%S drive - %i%% Free (%i MB Total), Serial Number: X~|
%S (%S)@%S, Number of Logins: %i, %S~|
%S (%S)@%S, Number of Logins: %i, %S~|
%S on %S@%i MB, %i MHz (Form Factor: %S, Manufacturer ID: %S, Serial Number: %S, Part Number: %S)~|
%S on %S@%i MB, %i MHz (Form Factor: %S, Manufacturer ID: %S, Serial Number: %S, Part Number: %S)~|
%S on %S@%i MB, (Form Factor: %S)~|
%S on %S@%i MB, (Form Factor: %S)~|
%S@%S drive - No media~|
%S@%S drive - No media~|
%S@%S, Last Login: %s, Number of Logins: %i, %S~|
%S@%S, Last Login: %s, Number of Logins: %i, %S~|
%S@%S, Service: %S, Status: X,
%S@%S, Service: %S, Status: X,
%S@(%S) %S, Service: %S, Status: X,$
%S@(%S) %S, Service: %S, Status: X,$
%S@Device ID: %S, Internal Name: %S~|
%S@Device ID: %S, Internal Name: %S~|
%S@Never logged in~|
%S@Never logged in~|
%S@Port: %S, Status: %i, Jobs: %i~|
%S@Port: %S, Status: %i, Jobs: %i~|
%i fragments, %u bytes@%S (MFT: %i)~|
%i fragments, %u bytes@%S (MFT: %i)~|
%s@Minidump: %S~|
%s@Minidump: %S~|
%s@System Analysis completed in %i seconds (%s)~|
%s@System Analysis completed in %i seconds (%s)~|
, Problem code - X,
, Problem code - X,
Active Applications@%i - %i windows (%i visible)~|
Active Applications@%i - %i windows (%i visible)~|
Active Applications@%i windows (%i visible)~|
Active Applications@%i windows (%i visible)~|
Active Directory@%S~|
Active Directory@%S~|
Auto Update State@%S~|
Auto Update State@%S~|
Browser@%S %S~|
Browser@%S %S~|
CPU@%s (%i %S)~|
CPU@%s (%i %S)~|
Common AppData Directory@%S~|
Common AppData Directory@%S~|
Current Processor Speed@%dMHz~|
Current Processor Speed@%dMHz~|
DHCP Server@%s~|
DHCP Server@%s~|
DNS Server@%s~|
DNS Server@%s~|
External Clock Speed@%dMHz~|
External Clock Speed@%dMHz~|
External IP Address@%s~|
External IP Address@%s~|
Gateway@%s~|
Gateway@%s~|
Graphics Card@%s - %iMB Free Video RAM, %iMB Total~|
Graphics Card@%s - %iMB Free Video RAM, %iMB Total~|
Home Page@%S~|
Home Page@%S~|
Hostname@%s~|
Hostname@%s~|
IP Address@%s~|
IP Address@%s~|
IP Mask@%s~|
IP Mask@%s~|
Internet Cache@%i KB (%s)~|
Internet Cache@%i KB (%s)~|
Last Update Check@%S~|
Last Update Check@%S~|
Last Update Download@%S~|
Last Update Download@%S~|
Last Update Install@%S (%i %S ago)~|
Last Update Install@%S (%i %S ago)~|
Last Update Install@%S~|
Last Update Install@%S~|
Maximum Supported RAM Size@%i MB~|
Maximum Supported RAM Size@%i MB~|
Next Scheduled Install Time@%S~|
Next Scheduled Install Time@%S~|
Next Scheduled Update Check@%S~|
Next Scheduled Update Check@%S~|
OS Install Date@%s~|
OS Install Date@%s~|
OS@%s (Language: %i)~|
OS@%s (Language: %i)~|
Operating System
Operating System
Phishing Filter@%S~|
Phishing Filter@%S~|
Search History, URL History, and Recent Playlist
Search History, URL History, and Recent Playlist
Slot %i - %S (%S)@%S - Bus Number: 0xX, Device Number: 0xX, Segment Group Number: 0xX~|
Slot %i - %S (%S)@%S - Bus Number: 0xX, Device Number: 0xX, Segment Group Number: 0xX~|
Spyware Protection@%S %S (%S)~|
Spyware Protection@%S %S (%S)~|
Spyware Protection@%S %S (%S, %S)~|
Spyware Protection@%S %S (%S, %S)~|
System Access Level@%s~|
System Access Level@%s~|
System Boot Drive Device@%S~|
System Boot Drive Device@%S~|
System Directory@%S~|
System Directory@%S~|
System Family@%S~|
System Family@%S~|
System GUID@x-xx-xxxx-xxxx~|
System GUID@x-xx-xxxx-xxxx~|
System Manufacturer@%S~|
System Manufacturer@%S~|
System Product Name@%S~|
System Product Name@%S~|
System Proxy@%S~|
System Proxy@%S~|
System Serial Number@%S~|
System Serial Number@%S~|
System Temporary Files@%i KB (%s)~|
System Temporary Files@%i KB (%s)~|
System Uptime@%S (Tick Count: %i)~|
System Uptime@%S (Tick Count: %i)~|
System Version@%S~|
System Version@%S~|
Third Party Firewall@%S %S (%S)~|
Third Party Firewall@%S %S (%S)~|
UAC Status@%S~|
UAC Status@%S~|
Update Type@%S~|
Update Type@%S~|
User Account Level@%s~|
User Account Level@%s~|
User Temporary Files@%i KB (%s)~|
User Temporary Files@%i KB (%s)~|
Username@%S (%S) - Session ID: %i~|
Username@%S (%S) - Session ID: %i~|
Username@%S - Session ID: %i~|
Username@%S - Session ID: %i~|
Virus Protection@%S %S (%S)~|
Virus Protection@%S %S (%S)~|
Virus Protection@%S %S (%S, %S)~|
Virus Protection@%S %S (%S, %S)~|
Windows Experience Rating
Windows Experience Rating
Windows Firewall@Disabled~|
Windows Firewall@Disabled~|
Windows Firewall@Enabled and Active~|
Windows Firewall@Enabled and Active~|
Windows Updates
Windows Updates
~|~|This new key must be used on all future installations of Webroot software:~|~|%.4s-%.4s-%.4s-%.4s-%.4s~|~|Thank you for upgrading!
~|~|This new key must be used on all future installations of Webroot software:~|~|%.4s-%.4s-%.4s-%.4s-%.4s~|~|Thank you for upgrading!
- Internet Explorer 7.0 and higher, Mozilla Firefox 3.6 and higher; Identity Shield feature in Webroot SecureAnywhere Complete also supports Google Chrome 11 and higher, and Opera 11 and higher
- Internet Explorer 7.0 and higher, Mozilla Firefox 3.6 and higher; Identity Shield feature in Webroot SecureAnywhere Complete also supports Google Chrome 11 and higher, and Opera 11 and higher
All attached devices have reported to be functioning properly.
All attached devices have reported to be functioning properly.
Windows Automatic Updates are disabled
Windows Automatic Updates are disabled
Contact Support by clicking the "?" button in the upper right corner of this window.
Contact Support by clicking the "?" button in the upper right corner of this window.
Create an account to access your security on all your devices online from any Web browser.
Create an account to access your security on all your devices online from any Web browser.
Purchase Webroot SecureAnywhere now for uninterrupted protection.
Purchase Webroot SecureAnywhere now for uninterrupted protection.
Don't waste a second. Get the fastest security ever. Buy Webroot SecureAnywhere.
Don't waste a second. Get the fastest security ever. Buy Webroot SecureAnywhere.
Enter your email address to validate your license key and activate realtime threat prevention:
Enter your email address to validate your license key and activate realtime threat prevention:
Firefox
Firefox
If you have other security software installed on your system, you do not need to uninstall it. Webroot SecureAnywhere software is designed to work alongside your existing security software and will automatically upgrade earlier versions of Webroot or Prevx software. If you do experience any issues, please contact our Support team.
If you have other security software installed on your system, you do not need to uninstall it. Webroot SecureAnywhere software is designed to work alongside your existing security software and will automatically upgrade earlier versions of Webroot or Prevx software. If you do experience any issues, please contact our Support team.
Last Password Change: %i %s ago
Last Password Change: %i %s ago
Malware scanning - detect and report threats
Malware scanning - detect and report threats
Mozilla Firefox - Cached Files
Mozilla Firefox - Cached Files
New Webroot Keycode.txt
New Webroot Keycode.txt
No password configured
No password configured
Operating Systems (32 and 64bit in all Editions)
Operating Systems (32 and 64bit in all Editions)
Please wait until the current operation is complete before shutting down SecureAnywhere.
Please wait until the current operation is complete before shutting down SecureAnywhere.
Please wait until the download of Password Management is finished to download Backup & Sync.
Please wait until the download of Password Management is finished to download Backup & Sync.
Save Keycode and Continue
Save Keycode and Continue
SecureAnywhere is currently managed by the Web Console and all changes need to be applied centrally. Please refer to the SecureAnywhere documentation for further information.
SecureAnywhere is currently managed by the Web Console and all changes need to be applied centrally. Please refer to the SecureAnywhere documentation for further information.
Settings - Currently being managed by the Web Console
Settings - Currently being managed by the Web Console
System Analysis was cancelled and the report may be incomplete.
System Analysis was cancelled and the report may be incomplete.
Screen resolution and bit depth support true color images.
Screen resolution and bit depth support true color images.
The Windows firewall is disabled.
The Windows firewall is disabled.
The credentials used to log into Backup & Sync are invalid. Please login again.
The credentials used to log into Backup & Sync are invalid. Please login again.
There are currently no items in the execution history log.
There are currently no items in the execution history log.
To learn more about Webroot's complete portfolio of security solutions, visit VVV.webroot.com.
To learn more about Webroot's complete portfolio of security solutions, visit VVV.webroot.com.
View Full Report
View Full Report
Visit Webroot.com
Visit Webroot.com
Webroot SecureAnywhere has been successfully installed and is actively protecting your computer. You do not need to do anything further - it will continue running in the background, blocking threats if they try to enter.~|~|Accessing Webroot SecureAnywhere is quick and easy - you can locate it any time in your system tray or notification area. You may need to expand your notification area with the "Up" or "Left" arrow to see the Webroot icon.
Webroot SecureAnywhere has been successfully installed and is actively protecting your computer. You do not need to do anything further - it will continue running in the background, blocking threats if they try to enter.~|~|Accessing Webroot SecureAnywhere is quick and easy - you can locate it any time in your system tray or notification area. You may need to expand your notification area with the "Up" or "Left" arrow to see the Webroot icon.
Webroot SecureAnywhere
Webroot SecureAnywhere
Webroot SecureAnywhere~|(c) 2006-2012
Webroot SecureAnywhere~|(c) 2006-2012
Webroot SecureAnywhere`
Webroot SecureAnywhere`
Webroot System Analyzer
Webroot System Analyzer
Webroot was unable to be installed because the current user account has limited rights. Please elevate the Webroot installer or install using an administrative account.
Webroot was unable to be installed because the current user account has limited rights. Please elevate the Webroot installer or install using an administrative account.
Without this protection, your PC is vulnerable to spyware and virus attacks. Don't waste a second - get the fastest security ever. Buy Webroot SecureAnywhere.
Without this protection, your PC is vulnerable to spyware and virus attacks. Don't waste a second - get the fastest security ever. Buy Webroot SecureAnywhere.
Not all RAM can be used by your 32bit operating system.
Not all RAM can be used by your 32bit operating system.
Protection disabled. Get complete protection with Webroot SecureAnywhere.
Protection disabled. Get complete protection with Webroot SecureAnywhere.
Your account gives you anytime access to your security from any Web browser.
Your account gives you anytime access to your security from any Web browser.
Your Webroot SecureAnywhere trial ends in %i days!
Your Webroot SecureAnywhere trial ends in %i days!
Your Webroot SecureAnywhere trial ends tomorrow!
Your Webroot SecureAnywhere trial ends tomorrow!
Your Webroot SecureAnywhere trial is expired!
Your Webroot SecureAnywhere trial is expired!
Your new keycode is shown below and is also provided in a text file on your computer's desktop. Use this new keycode for all future installations and upgrades.
Your new keycode is shown below and is also provided in a text file on your computer's desktop. Use this new keycode for all future installations and upgrades.
Your operating system is up to date.
Your operating system is up to date.
It is recommended to change your password every 90 days.
It is recommended to change your password every 90 days.
Your hardware is adequate for running your operating system.
Your hardware is adequate for running your operating system.
VVV.geeksquad.com
VVV.geeksquad.com
SecureAnywhere could not be installed. Please contact SecureAnywhere support to assist with your installation.
SecureAnywhere could not be installed. Please contact SecureAnywhere support to assist with your installation.
SecureAnywhere is not compatible with your current operating system. Please consider upgrading your operating system to Windows XP Service Pack 2 or higher.
SecureAnywhere is not compatible with your current operating system. Please consider upgrading your operating system to Windows XP Service Pack 2 or higher.
- Windows XP SP2, SP3
- Windows XP SP2, SP3
- Windows Vista SP1, SP2
- Windows Vista SP1, SP2
- Windows 7 SP0, SP1
- Windows 7 SP0, SP1
I would like to receive alerts, special offers, important product updates, and newsletters from Webroot.
I would like to receive alerts, special offers, important product updates, and newsletters from Webroot.
View the Webroot Privacy Policy
View the Webroot Privacy Policy
Note: Although your settings will be saved locally, your PC is currently centrally managed by the Web Console and your settings may be overwritten on the next database communication.
Note: Although your settings will be saved locally, your PC is currently centrally managed by the Web Console and your settings may be overwritten on the next database communication.
Scan with Webroot
Scan with Webroot
To receive the fastest response to a file inquiry, we recommend writing into our support inbox so that a Webroot researcher will immediately look at the submitted information. Would you like to open a support ticket now?
To receive the fastest response to a file inquiry, we recommend writing into our support inbox so that a Webroot researcher will immediately look at the submitted information. Would you like to open a support ticket now?
A cleanup license key is required to remove threats.
A cleanup license key is required to remove threats.
SecureAnywhere Identity Shield protects your sensitive information on banking, web transacting, and social networking websites while peacefully coexisting with other security software.
SecureAnywhere Identity Shield protects your sensitive information on banking, web transacting, and social networking websites while peacefully coexisting with other security software.
Welcome to Webroot
Welcome to Webroot
Webroot FastScan quickly assesses your PC security by detecting malicious threats using the Webroot Realtime Threat Database while peacefully coexisting with other security software.
Webroot FastScan quickly assesses your PC security by detecting malicious threats using the Webroot Realtime Threat Database while peacefully coexisting with other security software.
Update now to faster, lighter, and more effective protection. Installation will take less than 10 seconds with scans typically taking less than 2 minutes. Webroot SecureAnywhere protects your computer from all types of malicious activity.
Update now to faster, lighter, and more effective protection. Installation will take less than 10 seconds with scans typically taking less than 2 minutes. Webroot SecureAnywhere protects your computer from all types of malicious activity.
You don't need to do anything further. Webroot SecureAnywhere Identity Shield is now helping to protect you and your personal information when you bank, shop, interact, and transact online.
You don't need to do anything further. Webroot SecureAnywhere Identity Shield is now helping to protect you and your personal information when you bank, shop, interact, and transact online.
Aborting the current scan will prevent Webroot from detecting and cleaning all threats. Are you sure you want to abort?
Aborting the current scan will prevent Webroot from detecting and cleaning all threats. Are you sure you want to abort?
SecureAnywhere has detected active threats on your computer and needs a license key to remove them.
SecureAnywhere has detected active threats on your computer and needs a license key to remove them.
Enable enhanced customer support
Enable enhanced customer support
Please wait a few moments and try again. Contact Webroot Support if this error persists.
Please wait a few moments and try again. Contact Webroot Support if this error persists.
The operation failed with error code %i. %s
The operation failed with error code %i. %s
The command you selected did not complete successfully. Contact Webroot Support if this error persists.
The command you selected did not complete successfully. Contact Webroot Support if this error persists.
Backup allows you to automatically back up and access your files securely from a web-based portal.
Backup allows you to automatically back up and access your files securely from a web-based portal.
Web Console
Web Console
SecureAnywhere is using %2.2f%% of your disk space. The average scan time is %4.1f %s.
SecureAnywhere is using %2.2f%% of your disk space. The average scan time is %4.1f %s.
SecureAnywhere has used %2.2f%% of your CPU since installation and %2.3f%% disk space. Average scan time is %4.1f %s.
SecureAnywhere has used %2.2f%% of your CPU since installation and %2.3f%% disk space. Average scan time is %4.1f %s.
Next scan starts in %s.
Next scan starts in %s.
%i%% - %s files scanned. %s %s
%i%% - %s files scanned. %s %s
Scan Complete - %i active %s found in %s. %s
Scan Complete - %i active %s found in %s. %s
Scan ended - %i active %s found in %s. %s
Scan ended - %i active %s found in %s. %s
%s files scanned in %s. No threats found. %s
%s files scanned in %s. No threats found. %s
Scan aborted. %s files scanned in %s. %s
Scan aborted. %s files scanned in %s. %s
Last scanned %s. %s %s %s removed.
Last scanned %s. %s %s %s removed.
Last scanned %s. %s
Last scanned %s. %s
Protection has been active for %s.
Protection has been active for %s.
%s system events have been inspected since installation.
%s system events have been inspected since installation.
%s system events have been inspected since bootup (%s.%c %s since installation).
%s system events have been inspected since bootup (%s.%c %s since installation).
%i%% - Cleaned %s bytes (%i files, %i registry entries). Cleaning %s
%i%% - Cleaned %s bytes (%i files, %i registry entries). Cleaning %s
%i%% - Cleaning %s
%i%% - Cleaning %s
System Cleaner is scheduled to run in %s. So far, it has cleaned %s %s.
System Cleaner is scheduled to run in %s. So far, it has cleaned %s %s.
System Cleaner is scheduled to run in %s.
System Cleaner is scheduled to run in %s.
System Cleaner last cleaned %s. So far, it has cleaned %s %s.
System Cleaner last cleaned %s. So far, it has cleaned %s %s.
Click here for personal support if you have any questions about SecureAnywhere
Click here for personal support if you have any questions about SecureAnywhere
Enable Windows Explorer right click secure file erasing
Enable Windows Explorer right click secure file erasing
SecureAnywhere Backup allows you to back up your files online so that they can be access through the secure portal in the event of hardware malfunction or system problems, or just to provide easier means for sharing files securely.
SecureAnywhere Backup allows you to back up your files online so that they can be access through the secure portal in the event of hardware malfunction or system problems, or just to provide easier means for sharing files securely.
Show Windows Explorer overlay icons
Show Windows Explorer overlay icons
Web requests were denied. Please ensure that proxy settings are correct and log in with your current user credentials.
Web requests were denied. Please ensure that proxy settings are correct and log in with your current user credentials.
A connection is being established with the Webroot Backup && Sync cloud infrastructure.
A connection is being established with the Webroot Backup && Sync cloud infrastructure.
Backup is idle and will next archive files at %S. Files were last archived at %S.
Backup is idle and will next archive files at %S. Files were last archived at %S.
Backup is currently idle and is configured to begin automatically archiving files at %S.
Backup is currently idle and is configured to begin automatically archiving files at %S.
Backup allows you to automatically back up and access your files securely from the SecureAnywhere website.
Backup allows you to automatically back up and access your files securely from the SecureAnywhere website.
Scanning for threats: %s
Scanning for threats: %s
By clicking Agree and Begin Analysis, you accept the terms of the Webroot software license agreement.
By clicking Agree and Begin Analysis, you accept the terms of the Webroot software license agreement.
View report summary
View report summary
Operating system detected
Operating system detected
Detecting operating system information
Detecting operating system information
SecureAnywhere Backup && Sync allows you to protect your data and access it easier by synchronizing it across devices and securely backing it up to prevent data loss. Click "Login" to create your account or log into an existing account.
SecureAnywhere Backup && Sync allows you to protect your data and access it easier by synchronizing it across devices and securely backing it up to prevent data loss. Click "Login" to create your account or log into an existing account.
Please wait until the current operation is complete.
Please wait until the current operation is complete.
Google Chrome
Google Chrome
.text
.text
h.rdata
h.rdata
H.data
H.data
.rsrc
.rsrc
B.reloc
B.reloc
SShhA
SShhA
TransportAddress
TransportAddress
HTTP/
HTTP/
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrkrn.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrkrn.pdb
KeDelayExecutionThread
KeDelayExecutionThread
ZwOpenKey
ZwOpenKey
ZwQueryValueKey
ZwQueryValueKey
ntoskrnl.exe
ntoskrnl.exe
WRITE_PORT_UCHAR
WRITE_PORT_UCHAR
HAL.dll
HAL.dll
TDI.SYS
TDI.SYS
FltCloseClientPort
FltCloseClientPort
FltCloseCommunicationPort
FltCloseCommunicationPort
FltCreateCommunicationPort
FltCreateCommunicationPort
FLTMGR.SYS
FLTMGR.SYS
SeExports
SeExports
ZwCreateKey
ZwCreateKey
ZwSetValueKey
ZwSetValueKey
585=5^5}5
585=5^5}5
"hXXp://crl.verisign.com/tss-ca.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
Thawte Certification1
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
.Class 3 Public Primary Certification Authority0
.Class 3 Public Primary Certification Authority0
hXXp://crl.verisign.com/pca3.crl0
hXXp://crl.verisign.com/pca3.crl0
hXXps://VVV.verisign.com/cps0
hXXps://VVV.verisign.com/cps0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
n.aAHu
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
Webroot Inc.1>0
Webroot Inc.1>0
Webroot Inc.0
Webroot Inc.0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
.pdata
.pdata
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrkrn.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrkrn.pdb
`.data
`.data
@.reloc
@.reloc
WmiExecuteMethodW
WmiExecuteMethodW
NtRequestWaitReplyPort
NtRequestWaitReplyPort
NtConnectPort
NtConnectPort
NtAlpcConnectPort
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
NtAlpcSendWaitReceivePort
NtAlpcCreatePortSection
NtAlpcCreatePortSection
NtRequestPort
NtRequestPort
NtAlpcCreatePort
NtAlpcCreatePort
NtSecureConnectPort
NtSecureConnectPort
NtDeleteKey
NtDeleteKey
NtDeleteValueKey
NtDeleteValueKey
NtSetValueKey
NtSetValueKey
NtDelayExecution
NtDelayExecution
NtCreatePort
NtCreatePort
http:\/\/
http:\/\/
hXXps://
hXXps://
PSOWRX
PSOWRX
hXXp://%.*s
hXXp://%.*s
Chrome_OmniboxView
Chrome_OmniboxView
Chrome_AutocompleteEditView
Chrome_AutocompleteEditView
%s://%S
%s://%S
search.yahoo
search.yahoo
WebDrawText
WebDrawText
webkit
webkit
PSOTBX
PSOTBX
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
MozillaContentWindowClass
MozillaContentWindowClass
MozillaWindowClass
MozillaWindowClass
Chrome_WidgetWin_
Chrome_WidgetWin_
OperaWindowClass
OperaWindowClass
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsagreen.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsagreen.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsared.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsared.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
nspr4.dll
nspr4.dll
advapi32.dll
advapi32.dll
bcrypt.dll
bcrypt.dll
ws2_32.dll
ws2_32.dll
sspicli.dll
sspicli.dll
secur32.dll
secur32.dll
wininet.dll
wininet.dll
ntdll.dll
ntdll.dll
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrusr.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrusr.pdb
>HTTPu6
>HTTPu6
msvcrt.dll
msvcrt.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
SetWindowsHookExW
SetWindowsHookExW
SetWindowsHookExA
SetWindowsHookExA
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
USER32.dll
USER32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
ADVAPI32.dll
ADVAPI32.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
URLDownloadToFileW
URLDownloadToFileW
URLDownloadToFileA
URLDownloadToFileA
urlmon.dll
urlmon.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
OLEACC.dll
OLEACC.dll
RPCRT4.dll
RPCRT4.dll
OLEAUT32.dll
OLEAUT32.dll
UrlIsW
UrlIsW
SHLWAPI.dll
SHLWAPI.dll
Secur32.dll
Secur32.dll
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
WRUsr.dll
WRUsr.dll
\\x3ca href\\x3d\\x22http
\\x3ca href\\x3d\\x22http
@.rsrc
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrusr.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrusr.pdb
%u6HcA
%u6HcA
tù7u HcG
tù7u HcG
?;5URLURLURL
?;5URLURLURL
)|]({\(z['yZ'wY'vX&uW&tV%sU%rT
)|]({\(z['yZ'wY'vX&uW&tV%sU%rT
%sU%rT
%sU%rT
GetCPInfo
GetCPInfo
CertGetCertificateContextProperty
CertGetCertificateContextProperty
_acmdln
_acmdln
_amsg_exit
_amsg_exit
GetAsyncKeyState
GetAsyncKeyState
MapVirtualKeyExW
MapVirtualKeyExW
GetKeyboardLayout
GetKeyboardLayout
keybd_event
keybd_event
UnhookWindowsHookEx
UnhookWindowsHookEx
v.pL>
v.pL>
00000000006
00000000006
20.sp
20.sp
ddbl.db
ddbl.db
dbk.db
dbk.db
dbj.db
dbj.db
dbi.db
dbi.db
dbh.db
dbh.db
dbg.db
dbg.db
dbf.db
dbf.db
dbe.db
dbe.db
dbd.db
dbd.db
dbc.db
dbc.db
dbb.db
dbb.db
dba.db
dba.db
index.dat
index.dat
content url
content url
searchurl
searchurl
use custom search url
use custom search url
scrnsave.exe
scrnsave.exe
Default_Search_Url
Default_Search_Url
Default_Page_Url
Default_Page_Url
.cn/index
.cn/index
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Software\Microsoft\Windows\CurrentVersion\Media Center\Service\Video
Software\Microsoft\Windows\CurrentVersion\Media Center\Service\Video
Software\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Software\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Software\Microsoft\Ole\appcompat\activationsecuritycheckexemptionlist
Software\Microsoft\Ole\appcompat\activationsecuritycheckexemptionlist
Software\Microsoft\Internet Explorer\UrlSearchHooks
Software\Microsoft\Internet Explorer\UrlSearchHooks
Software\Microsoft\Internet Explorer\Extensions\CmdMapping
Software\Microsoft\Internet Explorer\Extensions\CmdMapping
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
"%ProgramFiles%\Internet Explorer\iexplore.exe"
"%ProgramFiles%\Internet Explorer\iexplore.exe"
"%ProgramFiles%\Mozilla Firefox\firefox.exe"
"%ProgramFiles%\Mozilla Firefox\firefox.exe"
"%ProgramFiles%\Internet Explorer\iexplore.exe" %1
"%ProgramFiles%\Internet Explorer\iexplore.exe" %1
rundll32.exe url.dll,FileProtocolHandler %l
rundll32.exe url.dll,FileProtocolHandler %l
rundll32.exe url.dll,TelnetProtocolHandler %l
rundll32.exe url.dll,TelnetProtocolHandler %l
rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
regedit.exe "%1"
regedit.exe "%1"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
"%SystemRoot%\System32\msiexec.exe" /i "%1" %*
"%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Package
Msi.Package
%SystemRoot%\system32\mmc.exe "%1" %*
%SystemRoot%\system32\mmc.exe "%1" %*
.mpeg
.mpeg
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
"%SystemRoot%\System32\WScript.exe" "%1" %*
"%SystemRoot%\System32\WScript.exe" "%1" %*
rundll32.exe shdocvw.dll,OpenURL %l
rundll32.exe shdocvw.dll,OpenURL %l
%SystemRoot%\system32\NOTEPAD.EXE %1
%SystemRoot%\system32\NOTEPAD.EXE %1
"%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome
"%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome
%SystemRoot%\system32\mshta.exe "%1" %*
%SystemRoot%\system32\mshta.exe "%1" %*
cmdfile
cmdfile
"%SystemRoot%\hh.exe" %1
"%SystemRoot%\hh.exe" %1
chm.file
chm.file
ieuser.exe
ieuser.exe
crashreporter.exe
crashreporter.exe
plugin-container.exe
plugin-container.exe
epic.exe
epic.exe
waol.exe
waol.exe
iron.exe
iron.exe
safari.exe
safari.exe
firefox
firefox
winlogon.exe
winlogon.exe
spoolsv.exe
spoolsv.exe
services.exe
services.exe
audiodg.exe
audiodg.exe
svchost.exe
svchost.exe
lsass.exe
lsass.exe
consent.exe
consent.exe
dwm.exe
dwm.exe
lsm.exe
lsm.exe
procexp64.exe
procexp64.exe
procexp.exe
procexp.exe
dplp2.exe
dplp2.exe
dplp.exe
dplp.exe
watchdogx64.exe
watchdogx64.exe
flashcookiecleaner.exe
flashcookiecleaner.exe
shredder.exe
shredder.exe
atieclxx.exe
atieclxx.exe
atiesrxx.exe
atiesrxx.exe
searchfilterhost.exe
searchfilterhost.exe
werfault.exe
werfault.exe
ravcpl64.exe
ravcpl64.exe
nvtray.exe
nvtray.exe
clpsla.exe
clpsla.exe
clps.exe
clps.exe
mtxagent.exe
mtxagent.exe
googleupdate.exe
googleupdate.exe
googlecrashhandler.exe
googlecrashhandler.exe
downloaderapp.exe
downloaderapp.exe
ccleaner.exe
ccleaner.exe
ccleaner64.exe
ccleaner64.exe
conhost.exe
conhost.exe
irperl.exe
irperl.exe
fswscs.exe
fswscs.exe
bsplayer.exe
bsplayer.exe
wow_helper.exe
wow_helper.exe
realplay.exe
realplay.exe
nmake.exe
nmake.exe
cl.exe
cl.exe
winrar.exe
winrar.exe
fsdomnodeie.dll
fsdomnodeie.dll
jhook.dll
jhook.dll
yzshadow.exe
yzshadow.exe
yahoomessenger.exe
yahoomessenger.exe
wspace.exe
wspace.exe
wlmail.exe
wlmail.exe
wdict32.exe
wdict32.exe
vmware-vmx.exe
vmware-vmx.exe
vmware.exe
vmware.exe
ultramon.exe
ultramon.exe
translateclient.exe
translateclient.exe
totalcmd.exe
totalcmd.exe
thunderbird.exe
thunderbird.exe
stpass.exe
stpass.exe
splwow64.exe
splwow64.exe
skype.exe
skype.exe
sidebar.exe
sidebar.exe
sllauncher.exe
sllauncher.exe
sbrender.exe
sbrender.exe
rocketdock.exe
rocketdock.exe
robotaskbaricon.exe
robotaskbaricon.exe
roboform.dll
roboform.dll
robo.exe
robo.exe
popupblocker.exe
popupblocker.exe
pdfvista.exe
pdfvista.exe
patrol.exe
patrol.exe
packpro.exe
packpro.exe
outlook.exe
outlook.exe
opstm080.exe
opstm080.exe
opera.exe
opera.exe
notepad .exe
notepad .exe
mvtapp.exe
mvtapp.exe
msnmsgr.exe
msnmsgr.exe
fsocrserver.exe
fsocrserver.exe
jfw.exe
jfw.exe
iexplore.exe
iexplore.exe
helppane.exe
helppane.exe
google.exe
google.exe
gamebooster.exe
gamebooster.exe
firefox.exe
firefox.exe
excel.exe
excel.exe
eudora.exe
eudora.exe
eqgame.exe
eqgame.exe
dsNetworkConnect.exe
dsNetworkConnect.exe
dllhost.exe
dllhost.exe
digsby.exe
digsby.exe
communicator.exe
communicator.exe
crazy browser.exe
crazy browser.exe
ctfmon.exe
ctfmon.exe
chrome.exe
chrome.exe
bttray.exe
bttray.exe
babylon.exe
babylon.exe
ati2evxx.exe
ati2evxx.exe
aolsoftware.exe
aolsoftware.exe
admunch64.exe
admunch64.exe
admunch.exe
admunch.exe
adblock.exe
adblock.exe
acrotray.exe
acrotray.exe
acrord32.exe
acrord32.exe
acrodist.exe
acrodist.exe
acrobat.exe
acrobat.exe
verclsid.exe
verclsid.exe
wrbar.exe
wrbar.exe
WRSyncManager.exe
WRSyncManager.exe
wrinstall.exe
wrinstall.exe
snippingtool.exe
snippingtool.exe
Portugu
Portugu
s (Brazilian Portuguese)
s (Brazilian Portuguese)
Ftaskmgr.exe
Ftaskmgr.exe
csrss.exe
csrss.exe
"%s" %s
"%s" %s
"%s" %S
"%s" %S
HKEY_USERS
HKEY_USERS
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
%s\%s
%s\%s
%c:\%s
%c:\%s
%s:%i
%s:%i
msiexec
msiexec
%drivers%
%drivers%
*\windows\system32\drivers\*
*\windows\system32\drivers\*
%fonts%
%fonts%
*\windows\fonts\*
*\windows\fonts\*
%%restore%%\%s
%%restore%%\%s
\\?hostname?\?share?\%s
\\?hostname?\?share?\%s
%%winsxs%%\%s
%%winsxs%%\%s
c:\windows/
c:\windows/
windows\system32/
windows\system32/
Webroot
Webroot
WRusr.dll
WRusr.dll
\\.\%c:
\\.\%c:
Windows\System32\windbg48.sys
Windows\System32\windbg48.sys
m0rpheus.tpl
m0rpheus.tpl
%SystemRoot%\System32\svchost.exe
%SystemRoot%\System32\svchost.exe
mscoree.dll
mscoree.dll
%S(%s)
%S(%s)
tcpip
tcpip
.net clr
.net clr
%S(%s\%s\, %s)
%S(%s\%s\, %s)
%S(HKLM\Software\Classes\%s\, %s)
%S(HKLM\Software\Classes\%s\, %s)
%S(%s\%s\)
%S(%s\%s\)
%S(%s\Software\Classes\%s\)
%S(%s\Software\Classes\%s\)
%S(%s\%s\%s)
%S(%s\%s\%s)
/scanfile="%s"
/scanfile="%s"
%s\sfc.exe
%s\sfc.exe
Writing MBR> New Data: [%S]
Writing MBR> New Data: [%S]
Executing Command> %s
Executing Command> %s
Terminating Module Parent> %i - %s
Terminating Module Parent> %i - %s
Closing Handle> %i - PID: %i - %s
Closing Handle> %i - PID: %i - %s
Renaming Registry Key> %s\%s to %s\%s
Renaming Registry Key> %s\%s to %s\%s
Deleting File> %s
Deleting File> %s
Writing Registry Value> %s\%s - %s
Writing Registry Value> %s\%s - %s
Writing File Data> %s - [New Data: %s]
Writing File Data> %s - [New Data: %s]
Deleting Directory> %s
Deleting Directory> %s
Deleting Registry Value> %s\%s - %s
Deleting Registry Value> %s\%s - %s
Deleting Registry Key> %s\%s
Deleting Registry Key> %s\%s
Fixing LSP> %S
Fixing LSP> %S
Core Component> Un-patching file [%s] - New Size: %i bytes
Core Component> Un-patching file [%s] - New Size: %i bytes
Copying File> %s to %s
Copying File> %s to %s
Terminating Process> %i - %s
Terminating Process> %i - %s
Stopping Service> %s
Stopping Service> %s
Deleting Service> %s
Deleting Service> %s
Starting Routine> %s...
Starting Routine> %s...
\\.\pipe\WRSynUM2
\\.\pipe\WRSynUM2
\\.\WRSYNAPSE
\\.\WRSYNAPSE
\temporary asp.net files\
\temporary asp.net files\
\opera\temporary_downloads\
\opera\temporary_downloads\
\microsoft.net\framework\
\microsoft.net\framework\
\$recycle.bin\S-
\$recycle.bin\S-
mbam.exe
mbam.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncExcl
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncExcl
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncGreen
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncGreen
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncYellow
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncYellow
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncRed
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncRed
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32
%s\Symantec\
%s\Symantec\
%s\Common Files\Symantec Shared\
%s\Common Files\Symantec Shared\
%s\Symantec.cloud\
%s\Symantec.cloud\
\\.\pipe\
\\.\pipe\
wmiprvse.exe
wmiprvse.exe
\Slow.pvx
\Slow.pvx
\Slowusr.pvx
\Slowusr.pvx
%i %s
%i %s
%s %S - %i%%, %i %s)
%s %S - %i%%, %i %s)
%s - %s
%s - %s
hXXps://*
hXXps://*
hXXp://*
hXXp://*
%ProgramFiles%\Webroot\WRSA.exe
%ProgramFiles%\Webroot\WRSA.exe
%S - %s
%S - %s
InstallLogo.bmp
InstallLogo.bmp
\\?\%c:
\\?\%c:
%i %s, %i %s
%i %s, %i %s
%i %s,
%i %s,
s\\.\PhysicalDrive%i
s\\.\PhysicalDrive%i
[%C] %s
[%C] %s
[%C] %s [MD5: %S] [Flags: X.%i]
[%C] %s [MD5: %S] [Flags: X.%i]
[%C] %s [MD5: %S] [Flags: X.%i] [Threat: %S]
[%C] %s [MD5: %S] [Flags: X.%i] [Threat: %S]
[%S] - CPU: %i%%, Physical Memory: %i%%, Virtual Memory: %i%%, Page File: %i%%, Processes: %i
[%S] - CPU: %i%%, Physical Memory: %i%%, Virtual Memory: %i%%, Page File: %i%%, Processes: %i
res%i.db
res%i.db
-%i-%i.tmp
-%i-%i.tmp
bcdedit.exe
bcdedit.exe
autorun.inf
autorun.inf
\services.exe
\services.exe
\drivers\pciide.sys
\drivers\pciide.sys
\drivers\smbe.sys
\drivers\smbe.sys
\drivers\eubkmon.sys
\drivers\eubkmon.sys
\drivers\acpi.sys
\drivers\acpi.sys
\drivers\wdf01000.sys
\drivers\wdf01000.sys
\drivers\cdrom.sys
\drivers\cdrom.sys
\drivers\serial.sys
\drivers\serial.sys
\drivers\ipsec.sys
\drivers\ipsec.sys
\drivers\tcpip.sys
\drivers\tcpip.sys
\drivers\afd.sys
\drivers\afd.sys
\drivers\rdbss.sys
\drivers\rdbss.sys
\drivers\mrxsmb.sys
\drivers\mrxsmb.sys
\drivers\netbt.sys
\drivers\netbt.sys
\microsoft.net\
\microsoft.net\
.crdownload
.crdownload
.partial
.partial
\windows\installer\
\windows\installer\
\config.msi\
\config.msi\
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
{98C3BECF-DD5F-44D2-8EF3-
{98C3BECF-DD5F-44D2-8EF3-
rundll32.exe
rundll32.exe
http*://
http*://
hXXp://VVV.
hXXp://VVV.
opera
opera
%S(%s, %.*S)
%S(%s, %.*S)
%S(%s, %s)
%S(%s, %s)
%S(%s, 0x%S)
%S(%s, 0x%S)
Temp\%.*S-%S-%.*S.WR
Temp\%.*S-%S-%.*S.WR
\\.\pipe\WRSVCPipe
\\.\pipe\WRSVCPipe
%S(%i)
%S(%i)
desktop.ini
desktop.ini
%s %s %s
%s %s %s
%i (%s %s)
%i (%s %s)
%s: %s
%s: %s
PKG\WRSyncManager.exe
PKG\WRSyncManager.exe
PKG\files_zh_cn_qt.qm
PKG\files_zh_cn_qt.qm
PKG\files_zh_cn.qm
PKG\files_zh_cn.qm
PKG\files_de_de_qt.qm
PKG\files_de_de_qt.qm
PKG\files_de_de.qm
PKG\files_de_de.qm
PKG\files_es_es_qt.qm
PKG\files_es_es_qt.qm
PKG\files_es_es.qm
PKG\files_es_es.qm
PKG\files_ja_jp_qt.qm
PKG\files_ja_jp_qt.qm
PKG\files_ja_jp.qm
PKG\files_ja_jp.qm
PKG\files_en_us_qt.qm
PKG\files_en_us_qt.qm
PKG\files_en_us.qm
PKG\files_en_us.qm
PKG\WRBar.dll
PKG\WRBar.dll
%s (%s)
%s (%s)
*.mpeg, *.avi, *.mp4
*.mpeg, *.avi, *.mp4
*.mp3, *.m4a
*.mp3, *.m4a
*.jpg, *.jpeg, *.png
*.jpg, *.jpeg, *.png
*.xls, *.xlsx
*.xls, *.xlsx
*.doc, *.docx
*.doc, *.docx
%s (%S)
%s (%S)
%s - %S
%s - %S
%s\Administrator
%s\Administrator
%C:%s
%C:%s
A:\%s
A:\%s
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
WRHTTP
WRHTTP
dst%2S.db
dst%2S.db
Chrome
Chrome
Opera
Opera
Software\Mozilla\Mozilla Firefox
Software\Mozilla\Mozilla Firefox
http\shell\open\command
http\shell\open\command
Software\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
&OLDLIC=%s
&OLDLIC=%s
hXXp://products.webroot.com/disp2012/?CMD=P40IPM&LIC=%S&LANG=%S&email=%s&optin=%S&DeviceMID=%S&InstanceMID=%S
hXXp://products.webroot.com/disp2012/?CMD=P40IPM&LIC=%S&LANG=%S&email=%s&optin=%S&DeviceMID=%S&InstanceMID=%S
partnerno=%S&MIDHEX=%S&datelogged=%S&Lastinfected=%S&Currentbads=%i&highbads=%i&mediumbads=%i&Lowbads=%i&identifynownowvalue=%S
partnerno=%S&MIDHEX=%S&datelogged=%S&Lastinfected=%S&Currentbads=%i&highbads=%i&mediumbads=%i&Lowbads=%i&identifynownowvalue=%S
I%S(%s\%s\%s, %s)
I%S(%s\%s\%s, %s)
%S(%s\%s\%s, %s%s%s)
%S(%s\%s\%s, %s%s%s)
%S(%s, 0)
%S(%s, 0)
%s\drivers\%s.sys
%s\drivers\%s.sys
%s\2i
%s\2i
Pipe
Pipe
%s\%s\%i
%s\%s\%i
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
dow.lac
dow.lac
centro.txt
centro.txt
1.pac
1.pac
AutoConfigUrl
AutoConfigUrl
hXXp://
hXXp://
Software\classes\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command
Software\classes\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
ekrn.exe
ekrn.exe
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -safe-mode
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -safe-mode
firefox.exe\shell\safemode\command
firefox.exe\shell\safemode\command
firefox.exe\shell\open\command
firefox.exe\shell\open\command
iexplore.exe\shell\open\command
iexplore.exe\shell\open\command
\WRSYNAPSEPORT
\WRSYNAPSEPORT
%s\%s.lnk
%s\%s.lnk
%s\%s\%s.lnk
%s\%s\%s.lnk
%s\%s\%s\%s.lnk
%s\%s\%s\%s.lnk
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}
{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}
{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}
{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}
{C14874EA-ACE4-4A47-8A81-18C4D1C40868}
{C14874EA-ACE4-4A47-8A81-18C4D1C40868}
{1914B27A-33C8-46F8-A1C2-F993268D4564}
{1914B27A-33C8-46F8-A1C2-F993268D4564}
{69D72956-317C-44bd-B369-8E44D4EF9802}
{69D72956-317C-44bd-B369-8E44D4EF9802}
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
"%S%s" %S%S
"%S%s" %S%S
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
XXX.tmp
XXX.tmp
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Uninstall\Webroot Software
Software\Microsoft\Windows\CurrentVersion\Uninstall\Webroot Software
\Webroot\Security\Current\Products\WISE
\Webroot\Security\Current\Products\WISE
\Webroot\Security\Current\Products\WAV
\Webroot\Security\Current\Products\WAV
\Webroot\Security\Current\Products\WISC
\Webroot\Security\Current\Products\WISC
rSoftware\Web Filtering
rSoftware\Web Filtering
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
5db%i.db
5db%i.db
System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
%s %S %S
%s %S %S
dbo%i-e.db
dbo%i-e.db
dbo%i-%I64X.db
dbo%i-%I64X.db
dbm%i.db
dbm%i.db
tPKG\WRBar.exe
tPKG\WRBar.exe
PKG\LPBar.dll
PKG\LPBar.dll
%s\wrSync%i.dat
%s\wrSync%i.dat
%s\icon%i.ico
%s\icon%i.ico
t%s_%i
t%s_%i
%s %s %S - %s
%s %s %S - %s
%s %s %s %S - %s
%s %s %s %S - %s
%S?LANG=%S
%S?LANG=%S
%s\Webroot\Spy Sweeper\install.dat
%s\Webroot\Spy Sweeper\install.dat
Software\Webroot\Install
Software\Webroot\Install
notepad.exe
notepad.exe
hXXp://VVV.webroot.com
hXXp://VVV.webroot.com
%S %S
%S %S
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
%s %i:00 %s %s
%s %i:00 %s %s
*.exe
*.exe
%s %i %s
%s %i %s
WRSA.exe
WRSA.exe
%i:i %s
%i:i %s
SystemCleaner.log
SystemCleaner.log
%s\SecureAnywhere Console.lnk
%s\SecureAnywhere Console.lnk
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
UMTX-%s
UMTX-%s
CURRENT_USER\%s
CURRENT_USER\%s
MACHINE\%s
MACHINE\%s
\explorer.exe
\explorer.exe
%s\sysnative
%s\sysnative
%s\WRData
%s\WRData
%s - [%S] %i files scanned, %i %s found in %s
%s - [%S] %i files scanned, %i %s found in %s
si3112r.sys
si3112r.sys
atmdlc.sys
atmdlc.sys
C:\$MBR.1
C:\$MBR.1
\??\%c:\
\??\%c:\
%S(%s\%s\%s\)
%S(%s\%s\%s\)
%System%\webcheck.dll
%System%\webcheck.dll
rundll32 shell32,Control_RunDLL "sysdm.cpl"
rundll32 shell32,Control_RunDLL "sysdm.cpl"
logonui.exe
logonui.exe
userinit.exe,
userinit.exe,
%S(%s\%.*s\, %I64X)
%S(%s\%.*s\, %I64X)
W%S(%s\%.*s, %I64X-%I64X)
W%S(%s\%.*s, %I64X-%I64X)
%S(%s\%.*s\)
%S(%s\%.*s\)
%S(%s\%.*s\%.*s)
%S(%s\%.*s\%.*s)
%S(%s\%.*s, %.*s)
%S(%s\%.*s, %.*s)
%S(%I64X, %I64X)
%S(%I64X, %I64X)
_reg.tmp
_reg.tmp
%UserProfile%\Local Settings\Application Data
%UserProfile%\Local Settings\Application Data
%UserProfile%
%UserProfile%
hXXp://twitter.com/*
hXXp://twitter.com/*
hXXp://VVV.facebook.com/*
hXXp://VVV.facebook.com/*
Generating license key... (less than two minutes remaining)
Generating license key... (less than two minutes remaining)
Building your SecureAnywhere web console... (less than one minute remaining)
Building your SecureAnywhere web console... (less than one minute remaining)
Preparing the web console for first time use... (less than one minute remaining)
Preparing the web console for first time use... (less than one minute remaining)
Finalizing your SecureAnywhere web console... (less than 10 seconds remaining)
Finalizing your SecureAnywhere web console... (less than 10 seconds remaining)
SysAnalyzerLog-%S.log
SysAnalyzerLog-%S.log
%s (%i bytes)
%s (%i bytes)
%S(%s, %S)
%S(%s, %S)
%S(Removing %s...#(PX5: %S - MD5: %S))
%S(Removing %s...#(PX5: %S - MD5: %S))
TcpTimedWaitDelay
TcpTimedWaitDelay
MaxUserPort
MaxUserPort
TcpNumConnections
TcpNumConnections
ActiveProcesses.log
ActiveProcesses.log
webdrive
webdrive
\Dell Support Center\
\Dell Support Center\
;"%s"
;"%s"
WR.mof
WR.mof
wbem\mofcomp.exe
wbem\mofcomp.exe
%S - Removing %s
%S - Removing %s
%S - Removing %s - %s
%S - Removing %s - %s
%S - Removing %s - %i bytes
%S - Removing %s - %i bytes
%s\%i.bat
%s\%i.bat
WRTemp_%i_X
WRTemp_%i_X
%s\WR%i.exe
%s\WR%i.exe
libAllegro.dll
libAllegro.dll
Lang.dat
Lang.dat
dbq.db
dbq.db
5WRupdate%i.exe
5WRupdate%i.exe
%s\%S.html
%s\%S.html
%s\%S.bmp
%s\%S.bmp
Duration: %s
Duration: %s
%S (Hostname: %S - Local IP: %S)
%S (Hostname: %S - Local IP: %S)
Scan Started: %S
Scan Started: %S
%s/%s
%s/%s
%s\System\CurrentControlSet\Enum\ROOT\LEGACY_%s\0000
%s\System\CurrentControlSet\Enum\ROOT\LEGACY_%s\0000
%s\Services\%s
%s\Services\%s
Embedded Web Browser from: hXXp://bsalsa.com/
Embedded Web Browser from: hXXp://bsalsa.com/
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Classes\.exe\shell
Software\Classes\.exe\shell
Software\Policies\Microsoft\Windows\System
Software\Policies\Microsoft\Windows\System
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
System\CurrentControlSet\Services\Tcpip\Parameters
System\CurrentControlSet\Services\Tcpip\Parameters
%S(Removing rootkits - Please wait...#)
%S(Removing rootkits - Please wait...#)
Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
SavUI.exe
SavUI.exe
SymCorpUI.exe
SymCorpUI.exe
DoScan.EXE
DoScan.EXE
SNAC.EXE
SNAC.EXE
Rtvscan.exe
Rtvscan.exe
DefWatch.exe
DefWatch.exe
ccSvcHst.exe
ccSvcHst.exe
SmcGui.exe
SmcGui.exe
Smc.exe
Smc.exe
SemSvc.exe
SemSvc.exe
dbsrv9.exe
dbsrv9.exe
CCApp.exe
CCApp.exe
vptray.exe
vptray.exe
AMSadmin.exe
AMSadmin.exe
VPC32.exe
VPC32.exe
NMain.exe
NMain.exe
Msiexec.exe
Msiexec.exe
"%s\installTeefer.exe" -u -l2 -f "\install.log"
"%s\installTeefer.exe" -u -l2 -f "\install.log"
Microsoft.VC90.CRT.manifest
Microsoft.VC90.CRT.manifest
msvcr90.dll
msvcr90.dll
msvcp90.dll
msvcp90.dll
%s\temp
%s\temp
%s\checksum.exe
%s\checksum.exe
%s\temp\tmpremove.exe
%s\temp\tmpremove.exe
dbp.db
dbp.db
Webroot\Sync
Webroot\Sync
This removal tool only supports Windows XP.
This removal tool only supports Windows XP.
PKG\WebrootShellExt.dll
PKG\WebrootShellExt.dll
\AGENTCOMMANDS.txt
\AGENTCOMMANDS.txt
Software\Classes\CLSID\%s\%s
Software\Classes\CLSID\%s\%s
%s\shell\open\command
%s\shell\open\command
%S\%s
%S\%s
%s\prefetch
%s\prefetch
%SYSTEMDRIVE%\RECYCLER
%SYSTEMDRIVE%\RECYCLER
%SYSTEMDRIVE%
%SYSTEMDRIVE%
~tmp.hiv
~tmp.hiv
%s\temp\WR-X.tmp
%s\temp\WR-X.tmp
%s\Start Menu\Programs\Startup
%s\Start Menu\Programs\Startup
WSATemp.exe
WSATemp.exe
dbn.db
dbn.db
%s-%i
%s-%i
*.log
*.log
lwrSync.dll
lwrSync.dll
PxPlugin.dll
PxPlugin.dll
A file was in use during the cleanup operation and could not be cleaned. A reboot is required to fully remove this file.
A file was in use during the cleanup operation and could not be cleaned. A reboot is required to fully remove this file.
PKG.tmp
PKG.tmp
Software\Google\Chrome
Software\Google\Chrome
ace%i.db
ace%i.db
Win32.%S %s
Win32.%S %s
\%s%s
\%s%s
NetworkEvents.log
NetworkEvents.log
WRLog.log
WRLog.log
WEH-Tcp
WEH-Tcp
RDP-Tcp
RDP-Tcp
WRrem%i.exe
WRrem%i.exe
&CNTID=%S&SNUM=%S&CType=%S
&CNTID=%S&SNUM=%S&CType=%S
&%S=%S
&%S=%S
hXXp://%S?%S=%S%S&%S=%S&%S=%S&%S=%S&LANG=%S&VER=%i%i%i%i
hXXp://%S?%S=%S%S&%S=%S&%S=%S&%S=%S&LANG=%S&VER=%i%i%i%i
%S?UPD=%S&LANG=%S
%S?UPD=%S&LANG=%S
To ensure the highest quality experience with SecureAnywhere, we recommend contacting our Support and Sales team to assist with your deployment. Would you like to contact them now?
To ensure the highest quality experience with SecureAnywhere, we recommend contacting our Support and Sales team to assist with your deployment. Would you like to contact them now?
Opening your web console...
Opening your web console...
Your web console has been created and you can now easily deploy SecureAnywhere to other PCs and centrally manage configuration policies without needing any extra hardware.
Your web console has been created and you can now easily deploy SecureAnywhere to other PCs and centrally manage configuration policies without needing any extra hardware.
Log-in to your Web Console
Log-in to your Web Console
SecureAnywhere Endpoint Protection provides an easy to use, web-based console to manage the security of all of the devices in your organization.
SecureAnywhere Endpoint Protection provides an easy to use, web-based console to manage the security of all of the devices in your organization.
By clicking Agree and Begin, you accept the terms of the Webroot software license agreement.
By clicking Agree and Begin, you accept the terms of the Webroot software license agreement.
rtmp%d
rtmp%d
\\.\DISPLAY
\\.\DISPLAY
\Windows\explorer.exe
\Windows\explorer.exe
\Device\Tcp
\Device\Tcp
\Device\Udp
\Device\Udp
\Device\NamedPipe
\Device\NamedPipe
\System32\spoolsv.exe
\System32\spoolsv.exe
\System32\services.exe
\System32\services.exe
\System32\winlogon.exe
\System32\winlogon.exe
\System32\lsass.exe
\System32\lsass.exe
\System32\svchost.exe
\System32\svchost.exe
\System32\lsm.exe
\System32\lsm.exe
\System32\csrss.exe
\System32\csrss.exe
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
WRkrn.sys
WRkrn.sys
(c) Webroot 2006-2012
(c) Webroot 2006-2012
user32.dll
user32.dll
shdocvw.dll
shdocvw.dll
ieframe.dll
ieframe.dll
rpcrt4.dll
rpcrt4.dll
WINDOW: %s - %s
WINDOW: %s - %s
ShXXps://
ShXXps://
tmpremove.exe
tmpremove.exe
smc.exe
smc.exe
msctf.dll
msctf.dll
browseui.dll
browseui.dll
dwmapi.dll
dwmapi.dll
uxtheme.dll
uxtheme.dll
"%s" %S"%s"
"%s" %S"%s"
hXXps://VVV.webroot.com
hXXps://VVV.webroot.com
eSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
eSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
RapportKE64
RapportKE64
RapportKELL
RapportKELL
wsock32.dll
wsock32.dll
%s\%s\%s\%s
%s\%s\%s\%s
wrSync4.dat
wrSync4.dat
wrSync3.dat
wrSync3.dat
wrSync2.dat
wrSync2.dat
wrSync1.dat
wrSync1.dat
Webr
Webr
WRSA.exe_2008:
`.rsrc
`.rsrc
B'hG.Ir
B'hG.Ir
SUPPORTHOME
SUPPORTHOME
WEBROOTHOME
WEBROOTHOME
SUPPORT
SUPPORT
/exeshowaddremove
/exeshowaddremove
-proxyport=
-proxyport=
-proxypass=
-proxypass=
-key=
-key=
/key=
/key=
DlExec
DlExec
TempKeycode
TempKeycode
ChangeKeyCode
ChangeKeyCode
virusscan.jotti.org
virusscan.jotti.org
VVV.virustotal.com
VVV.virustotal.com
sophos.com
sophos.com
grisoft.com
grisoft.com
pandasoftware.com
pandasoftware.com
trendmicro.com
trendmicro.com
virustotal.com
virustotal.com
f-secure.com
f-secure.com
kaspersky.com
kaspersky.com
mcafee.com
mcafee.com
webroot.com symantec.com
webroot.com symantec.com
webrootanywhere.com
webrootanywhere.com
webrootcloudav.com
webrootcloudav.com
prevxinfo.com
prevxinfo.com
prevx.com
prevx.com
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
hXXp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
hXXp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
scrnsave.scr
scrnsave.scr
res://ieframe.dll/securityatrisk.htm
res://ieframe.dll/securityatrisk.htm
res://ieframe.dll/repost.htm
res://ieframe.dll/repost.htm
res://ieframe.dll/offcancl.htm
res://ieframe.dll/offcancl.htm
res://ieframe.dll/noaddoninfo.htm
res://ieframe.dll/noaddoninfo.htm
res://ieframe.dll/noaddon.htm
res://ieframe.dll/noaddon.htm
res://ieframe.dll/inprivate.htm
res://ieframe.dll/inprivate.htm
res://ieframe.dll/navcancl.htm
res://ieframe.dll/navcancl.htm
res://mshtml.dll/blank.htm
res://mshtml.dll/blank.htm
C:\Windows\system32\blank.htm
C:\Windows\system32\blank.htm
hXXp://go.microsoft.com/fwlink/?LinkId=54896
hXXp://go.microsoft.com/fwlink/?LinkId=54896
hXXp://go.microsoft.com/fwlink/?LinkId=69157
hXXp://go.microsoft.com/fwlink/?LinkId=69157
BURLT
BURLT
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\CurrentVersion\App Paths
Terminal Server Client\TransportExtensions
Terminal Server Client\TransportExtensions
Ole\AppCompat\ActivationSecurityCheckExemptionList
Ole\AppCompat\ActivationSecurityCheckExemptionList
.html
.html
UrlSearchHooks
UrlSearchHooks
Extensions\CmdMapping
Extensions\CmdMapping
Keyboard Layouts
Keyboard Layouts
Userinstallable.drivers
Userinstallable.drivers
LoginScript
LoginScript
rdpwd\Tds\tcp
rdpwd\Tds\tcp
Cmdline
Cmdline
SetupExecute
SetupExecute
Image File Execution Options
Image File Execution Options
wowcmdline
wowcmdline
cmdline
cmdline
Windows
Windows
SCRNSAVE.EXE
SCRNSAVE.EXE
KeyFileName
KeyFileName
Explorer\ShellExecuteHooks
Explorer\ShellExecuteHooks
PendingFileRenameOperations
PendingFileRenameOperations
FileRenameOperations
FileRenameOperations
BootExecute
BootExecute
Software\Policies\Microsoft\Windows\System\Scripts
Software\Policies\Microsoft\Windows\System\Scripts
AppCertDlls
AppCertDlls
DefaultPassword
DefaultPassword
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
$$^^URL
$$^^URL
ProxyPort
ProxyPort
ProxyPassword
ProxyPassword
UninstallKey
UninstallKey
websec
websec
UPDATEURL
UPDATEURL
ERRURL
ERRURL
URLSTR
URLSTR
URLFILEUPLOAD
URLFILEUPLOAD
URLINBOUND
URLINBOUND
URLSLAP
URLSLAP
hXXp://webcache.google
hXXp://webcache.google
hXXp://developers.facebook.com
hXXp://developers.facebook.com
hXXp://static.ak.fbcdn.net
hXXp://static.ak.fbcdn.net
hXXp://VVV.facebook.com
hXXp://VVV.facebook.com
video.ak.fbcdn.net
video.ak.fbcdn.net
VVV.facebook.com
VVV.facebook.com
driver.cab
driver.cab
sp1.cab
sp1.cab
sp2.cab
sp2.cab
sp3.cab
sp3.cab
A suspicious file was detected: %S - %s - X
A suspicious file was detected: %S - %s - X
Applied unique machine ID: X
Applied unique machine ID: X
In-memory infection identified: %S
In-memory infection identified: %S
Configuration Saved: %s
Configuration Saved: %s
Removed invalid LSP chain entry: %S
Removed invalid LSP chain entry: %S
Connected to %s
Connected to %s
Monitoring process %S [%s]. Type: %i (%i)
Monitoring process %S [%s]. Type: %i (%i)
End passive write scan (%i file(s))
End passive write scan (%i file(s))
Begin passive write scan (%i file(s))
Begin passive write scan (%i file(s))
Saved the product log to %S
Saved the product log to %S
Rule Overridden: MD5: %s, Size: %i bytes, ID: X, Result: %i
Rule Overridden: MD5: %s, Size: %i bytes, ID: X, Result: %i
Website determination changed: %S [Level: X] [Type: X]
Website determination changed: %S [Level: X] [Type: X]
>>> Service started [%s]
>>> Service started [%s]
SLevel updated to %s
SLevel updated to %s
Applied license key: %s
Applied license key: %s
Executed cleanup script: %S
Executed cleanup script: %S
Submitted file at user request: %S
Submitted file at user request: %S
Updating from %S
Updating from %S
Scan Results: Files Scanned: %i, Duration: %S, Malicious Files: %i
Scan Results: Files Scanned: %i, Duration: %S, Malicious Files: %i
Scan Started: %S [ID: %i - Flags: %i/%i]
Scan Started: %S [ID: %i - Flags: %i/%i]
Configuration imported from %S
Configuration imported from %S
Configuration exported to %S
Configuration exported to %S
Cleanup tool %i executed
Cleanup tool %i executed
Determination flags modified: %S - MD5: %s, Size: %i bytes, Flags: X
Determination flags modified: %S - MD5: %s, Size: %i bytes, Flags: X
Blocked process from accessing protected data: %S [Type: %i]
Blocked process from accessing protected data: %S [Type: %i]
Closed network connection: [X.%i - X.%i]
Closed network connection: [X.%i - X.%i]
Blocked process from connecting to the Internet: %S [MD5: %s]
Blocked process from connecting to the Internet: %S [MD5: %s]
Infection found in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
Infection found in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
File blocked in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
File blocked in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
Blocked website: %s
Blocked website: %s
Rolled back infection: %S
Rolled back infection: %S
Infection detected: %S [MD5: %s] [%i/X] [%s]
Infection detected: %S [MD5: %s] [%i/X] [%s]
Installation successfully completed (%s/%s)
Installation successfully completed (%s/%s)
GetWindowsDirectoryA
GetWindowsDirectoryA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CallNamedPipeW
CallNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
GetNamedPipeClientProcessId
GetNamedPipeClientProcessId
CreateIoCompletionPort
CreateIoCompletionPort
%m/%d %I:%M %p
%m/%d %I:%M %p
%d/%m %I:%M %p
%d/%m %I:%M %p
127.0.0.1
127.0.0.1
_CorExeMain
_CorExeMain
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.3
g%i.p4.webrootcloudav.com/arm.asp
g%i.p4.webrootcloudav.com/arm.asp
000000000000000
000000000000000
Win32.Override.1
Win32.Override.1
Win32.LocalInfect.3
Win32.LocalInfect.3
Win32.LocalInfect.1
Win32.LocalInfect.1
Win32.AutoBlock.1
Win32.AutoBlock.1
Win32.UserAdded
Win32.UserAdded
Win32.RuleBlock.1
Win32.RuleBlock.1
Win32.Untrusted.1
Win32.Untrusted.1
Caution.Rootkit
Caution.Rootkit
Community.OuterEdge
Community.OuterEdge
Community.Heuristic
Community.Heuristic
Win32.LocalADS
Win32.LocalADS
Win32.LocalInfect.0
Win32.LocalInfect.0
Win32.LocalInfect.2
Win32.LocalInfect.2
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,MM=Y,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,MM=Y,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,LSysC:%I64X,TSysC:%I64X,
%commonfiles%
%commonfiles%
Êche%
Êche%
%cookies%
%cookies%
úvorites%
úvorites%
%documents%
%documents%
%start%
%start%
%startup%
%startup%
Þsktop%
Þsktop%
VVV.google.com
VVV.google.com
if exist "%s" goto d
if exist "%s" goto d
Nspr4Hook::hookerPrOpenTcpSocket
Nspr4Hook::hookerPrOpenTcpSocket
if exist "%s"
if exist "%s"
VVV.bing.com
VVV.bing.com
ru.brans.pl
ru.brans.pl
proxim.ircgalaxy.pl
proxim.ircgalaxy.pl
irc.zief.pl
irc.zief.pl
core.ircgalaxy.pl
core.ircgalaxy.pl
kernel32.dll
kernel32.dll
SLAPKEY
SLAPKEY
%s/arm.asp
%s/arm.asp
%s/aot.asp
%s/aot.asp
184.72.40.115
184.72.40.115
174.129.33.10
174.129.33.10
79.125.105.211
79.125.105.211
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
arm.asp
arm.asp
%Y-%m-%d %H:%M:%S.000
%Y-%m-%d %H:%M:%S.000
serverexecutable
serverexecutable
%s\wininit.ini
%s\wininit.ini
1%iX%s^%s
1%iX%s^%s
DEX%s^
DEX%s^
C0X%s^
C0X%s^
C1X%s^%s
C1X%s^%s
C2X%s^
C2X%s^
(%i %s)
(%i %s)
Removing all components... %c
Removing all components... %c
.pvxdtr
.pvxdtr
https
https
PACKED_EXE,
PACKED_EXE,
[Ovr=X*Age=%i*Pop=%i*Dir=%i*Adv=%i*],
[Ovr=X*Age=%i*Pop=%i*Dir=%i*Adv=%i*],
00000000000000000000
00000000000000000000
00000000
00000000
0000000000000000
0000000000000000
00000000000000
00000000000000
URLBlob
URLBlob
Start: X. End: X. Seq: X. DB: X. Install: X. Command: %s. Parameters: %s
Start: X. End: X. Seq: X. DB: X. Install: X. Command: %s. Parameters: %s
reg %s /f
reg %s /f
%x %x
%x %x
1.2.3
1.2.3
%m-%d
%m-%d
hXXp://
hXXp://
%2sX
%2sX
%2ss
%2ss
JOBHTTP
JOBHTTP
$$$01$$$
$$$01$$$
%S,%s,
%S,%s,
WSASME.EXE
WSASME.EXE
operating systems
operating systems
%C:\boot.ini
%C:\boot.ini
%s\%S
%s\%S
"%S\%s",SynProc %i
"%S\%s",SynProc %i
XXX
XXX
v8.0.1.233
v8.0.1.233
@.dll
@.dll
%S\%s.dll
%S\%s.dll
SetTcpEntry
SetTcpEntry
GetExtendedTcpTable
GetExtendedTcpTable
GetExtendedUdpTable
GetExtendedUdpTable
FilterConnectCommunicationPort
FilterConnectCommunicationPort
RegSaveKeyExW
RegSaveKeyExW
RegRestoreKeyW
RegRestoreKeyW
RegSaveKeyW
RegSaveKeyW
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegOpenKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyExA
RegSetKeySecurity
RegSetKeySecurity
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
CertOpenStore
CertOpenStore
CertCloseStore
CertCloseStore
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgGetParam
CertFreeCertificateContext
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
ExitWindowsEx
ExitWindowsEx
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
WinHttpConnect
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSendRequest
WinHttpOpen
WinHttpOpen
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpReadData
WinHttpReadData
WinHttpCloseHandle
WinHttpCloseHandle
winhttp
winhttp
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
msvcrt
msvcrt
OS=%i%i^OSLang=%i^OSFull=%s^AVV=%s^AVS=%s^AVA=%s^AVU=%s^IB=%S^IBV=%S^FWE=%s^
OS=%i%i^OSLang=%i^OSFull=%s^AVV=%s^AVS=%s^AVA=%s^AVU=%s^IB=%S^IBV=%S^FWE=%s^
%u%u%u
%u%u%u
PX%sMID3%sSRC
PX%sMID3%sSRC
MACX%s
MACX%s
(Build %d)
(Build %d)
%s (Build %d)
%s (Build %d)
Server 2008 WebServer
Server 2008 WebServer
Server 2003 Web Edition
Server 2003 Web Edition
Windows Version Unknown
Windows Version Unknown
Windows %s %s
Windows %s %s
Windows %s %s %s
Windows %s %s %s
-X
-X
HTTP/1.1 500
HTTP/1.1 500
Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\%s
{C27CCE38-8596-11D1-B16A-00C0F0283688}
{C27CCE38-8596-11D1-B16A-00C0F0283688}
{C1A8AF25-1257-101B-8FB0-0020AF039CA8}
{C1A8AF25-1257-101B-8FB0-0020AF039CA8}
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%i
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%i
20323:TCP
20323:TCP
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
14671:UDP
14671:UDP
c:\windows\explorer.exe
c:\windows\explorer.exe
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\DomainProfile\GloballyOpenPorts
Software\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST
Software\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST
Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86AEEA3A39CAF6F4D8D287BB7F4E228B
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86AEEA3A39CAF6F4D8D287BB7F4E228B
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
255.255.255.255
255.255.255.255
$$$04$$$
$$$04$$$
$$$03$$$
$$$03$$$
$$$02$$$
$$$02$$$
AntiVirusProduct.instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}"
AntiVirusProduct.instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}"
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --siluninstall -name=webroot --nostartmenu --noaddremove -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --siluninstall -name=webroot --nostartmenu --noaddremove -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --userinstallie --userinstallff -name=webroot --nostartmenu --noaddremove --installforallusers -j "%S\pkg" --disablenotes --disableidentities --disablevault --disablecontext --lpbarpath="%S\PKG\WRBar.dll" --lpbarpath64="%S\PKG\WRBar64.dll" -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --userinstallie --userinstallff -name=webroot --nostartmenu --noaddremove --installforallusers -j "%S\pkg" --disablenotes --disableidentities --disablevault --disablecontext --lpbarpath="%S\PKG\WRBar.dll" --lpbarpath64="%S\PKG\WRBar64.dll" -noshut
WRCLOUDALPHA.EXE
WRCLOUDALPHA.EXE
%s %s
%s %s
sShortDate
sShortDate
%a %Y-%m-%d %H:%M
%a %Y-%m-%d %H:%M
%a %d-%m-%Y %H:%M
%a %d-%m-%Y %H:%M
%a %Y-%m-%d %H:%M:%S
%a %Y-%m-%d %H:%M:%S
%a %d-%m-%Y %H:%M:%S
%a %d-%m-%Y %H:%M:%S
%s%I64XXXX
%s%I64XXXX
XXXXXXXXX%I64X
XXXXXXXXX%I64X
UpdateURL
UpdateURL
Software\Classes\winbio.winbiotools
Software\Classes\winbio.winbiotools
Software\Classes\Typelib\{130e4dce-ffac-15e3-5893-74950afeea4c}
Software\Classes\Typelib\{130e4dce-ffac-15e3-5893-74950afeea4c}
Software\Classes\Typelib\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Typelib\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Clsid\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Clsid\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Interface\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Interface\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Typelib\{8a4f328c-c9f4-4449-a0df-a756a6b52abf}
Software\Classes\Typelib\{8a4f328c-c9f4-4449-a0df-a756a6b52abf}
Software\Classes\bho.fffplayer.1
Software\Classes\bho.fffplayer.1
Software\Classes\bho.fffplayer
Software\Classes\bho.fffplayer
Software\Microsoft\Active Setup\Installed Components\{b00589a8-44cb-ba97-5de2-7c733bbee8ed}
Software\Microsoft\Active Setup\Installed Components\{b00589a8-44cb-ba97-5de2-7c733bbee8ed}
%s.i
%s.i
Win32.MalComponent
Win32.MalComponent
Win32.Corrupted
Win32.Corrupted
Software\Microsoft\Windows\CurrentVersion\Policies
Software\Microsoft\Windows\CurrentVersion\Policies
credssp.dll
credssp.dll
Software\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Windows\CurrentVersion\Policies\System
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\qmgr.dll
%SystemRoot%\System32\qmgr.dll
System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
%SystemRoot%\system32\ntmarta.dll
%SystemRoot%\system32\ntmarta.dll
%SystemRoot%\system32\notepad.exe %1
%SystemRoot%\system32\notepad.exe %1
Software\Classes\Applications\notepad.exe\shell\open\command
Software\Classes\Applications\notepad.exe\shell\open\command
System\CurrentControlSet\Control\Session Manager\AppCertDlls
System\CurrentControlSet\Control\Session Manager\AppCertDlls
Software\Microsoft\PCHealth\ErrorReporting
Software\Microsoft\PCHealth\ErrorReporting
DoReport
DoReport
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
WarnOnBadCertRecving
WarnOnBadCertRecving
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Policies\Microsoft\Windows NT\SystemRestore
Software\Policies\Microsoft\Windows NT\SystemRestore
%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
%SystemRoot%\system32\ntvdm.exe
%SystemRoot%\system32\ntvdm.exe
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows NT\CurrentVersion\Windows
comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
explorer.exe
explorer.exe
Software\Classes\.exe\shell\open\command
Software\Classes\.exe\shell\open\command
Software\Classes\exefile\shell\open\command
Software\Classes\exefile\shell\open\command
Software\Classes\.exe
Software\Classes\.exe
dontreportinfectioninformation
dontreportinfectioninformation
Windows\WindowsUpdate
Windows\WindowsUpdate
Windows\WindowsUpdate\AU\NoAutoUpdate
Windows\WindowsUpdate\AU\NoAutoUpdate
DisableCMD
DisableCMD
NoWindowsUpdate
NoWindowsUpdate
%windir%\system32\choice.exe /T 1 /N /D N /M Uninstalling...
%windir%\system32\choice.exe /T 1 /N /D N /M Uninstalling...
#pragma namespace("\\\\.\\root\\SecurityCenter")
#pragma namespace("\\\\.\\root\\SecurityCenter")
[Description("Webroot SecureAnywhere Security Center Integration"),Override("HostingModel")]
[Description("Webroot SecureAnywhere Security Center Integration"),Override("HostingModel")]
Name="AVClientInt.AVClientIntProvider";
Name="AVClientInt.AVClientIntProvider";
ClsId="{D486329C-1488-4CEB-9CC8-D662B732D904}";
ClsId="{D486329C-1488-4CEB-9CC8-D662B732D904}";
SupportsPut="FALSE";
SupportsPut="FALSE";
SupportsGet="TRUE";
SupportsGet="TRUE";
SupportsDelete="FALSE";
SupportsDelete="FALSE";
SupportsEnumeration="TRUE";
SupportsEnumeration="TRUE";
instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}";
instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}";
companyName="Webroot";
companyName="Webroot";
displayName="Webroot SecureAnywhere";
displayName="Webroot SecureAnywhere";
Microsoft\Office\%s\%s\%s\
Microsoft\Office\%s\%s\%s\
http://
http://
WSA_SA_Report-%s
WSA_SA_Report-%s
%a_%Y-%m-%d_%H-%M-%S
%a_%Y-%m-%d_%H-%M-%S
g1.p4.webrootcloudav.com/arm.asp
g1.p4.webrootcloudav.com/arm.asp
symsecureport
symsecureport
SQLANYs_sem5
SQLANYs_sem5
semwebsrv
semwebsrv
Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
memory.dmp
memory.dmp
Microsoft\Windows NT\CurrentVersion\Winlogon\altdefaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\altdefaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername
Microsoft\Windows\CurrentVersion\Explorer\Streams\
Microsoft\Windows\CurrentVersion\Explorer\Streams\
Microsoft\Windows\CurrentVersion\Explorer\DesktopStreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\DesktopStreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
msdownload.tmp\
msdownload.tmp\
Microsoft\Windows\Cookies\index.dat
Microsoft\Windows\Cookies\index.dat
Microsoft\Windows\Temporary Internet Files\index.dat
Microsoft\Windows\Temporary Internet Files\index.dat
Cookies\index.dat
Cookies\index.dat
Local Settings\Temporary Internet Files\Content.IE5\index.dat
Local Settings\Temporary Internet Files\Content.IE5\index.dat
Microsoft\Windows\IEDownloadHistory\index.dat
Microsoft\Windows\IEDownloadHistory\index.dat
Logs\IE9_NR_Setup.log
Logs\IE9_NR_Setup.log
IE9_Main.log
IE9_Main.log
IE9.log
IE9.log
IE8_Main.log
IE8_Main.log
IE8.log
IE8.log
IE7_Main.log
IE7_Main.log
IE7.log
IE7.log
IE Setup Log.txt
IE Setup Log.txt
Microsoft\Windows\History\
Microsoft\Windows\History\
Local Settings\Temporary Internet Files\Content.IE5\
Local Settings\Temporary Internet Files\Content.IE5\
Microsoft\Windows\Temporary Internet Files\
Microsoft\Windows\Temporary Internet Files\
Microsoft\Windows\Cookies\
Microsoft\Windows\Cookies\
Microsoft\Internet Explorer\TypedUrls\
Microsoft\Internet Explorer\TypedUrls\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\
Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery\
Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery\
Microsoft\Internet Explorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU\
Microsoft\Internet Explorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU\
Microsoft\InternetExplorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU\
Microsoft\InternetExplorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Find\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Find\
Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Documents\Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Documents\Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Documents\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Documents\
Microsoft\Windows\Recent\
Microsoft\Windows\Recent\
$Recycle.bin\
$Recycle.bin\
Google\Chrome\User Data\Default\Cache\
Google\Chrome\User Data\Default\Cache\
Mozilla\Firefox\Profiles\
Mozilla\Firefox\Profiles\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install
P4REPORT
P4REPORT
%S\Driver Cache\i386
%S\Driver Cache\i386
%s,%i%i
%s,%i%i
8.0.1.233
8.0.1.233
%s %s%s
%s %s%s
%i-%i-%i-X-X.tmp
%i-%i-%i-X-X.tmp
%s %s%S %s
%s %s%S %s
Microsoft\Windows NT\CurrentVersion
Microsoft\Windows NT\CurrentVersion
\REGISTRY\User\%S
\REGISTRY\User\%S
Microsoft\Windows\CurrentVersion
Microsoft\Windows\CurrentVersion
IG=%s,
IG=%s,
hXXp://anywhere.webrootcloudav.com/zerol/pkgwiscaway.exe
hXXp://anywhere.webrootcloudav.com/zerol/pkgwiscaway.exe
detail.webrootanywhere.com/p4inbound.asp
detail.webrootanywhere.com/p4inbound.asp
hXXp://VVV.webrootanywhere.com/betaeula.asp
hXXp://VVV.webrootanywhere.com/betaeula.asp
*X
*X
%.*s(%d)%s
%.*s(%d)%s
=%%
=%%
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\WRSA.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\WRSA.pdb
O|SSSh
O|SSSh
SSSSh=
SSSSh=
tcSSSh
tcSSSh
SSSSh6
SSSSh6
SSSSh7
SSSSh7
PSSSh
PSSSh
(QPSSSSh,
(QPSSSSh,
SSSSh?
SSSSh?
PIQSSSh
PIQSSSh
RjEQSSSShE
RjEQSSSShE
SSSSh@
SSSSh@
RSSSSSSh
RSSSSSSh
KPjVSSSh
KPjVSSSh
QjfSSSh
QjfSSSh
SShaaa
SShaaa
}.VQR
}.VQR
PSSSSSSh
PSSSSSSh
>\u%f
>\u%f
K Pj.SV
K Pj.SV
SSSh8
SSSh8
O|SSSSh
O|SSSSh
jtSSSSh$
jtSSSSh$
SSh ;
SSh ;
tcPQ
tcPQ
SSSSh
SSSSh
S|Wj.WWh
S|Wj.WWh
jmj SSSh
jmj SSSh
N|Sj.SSh
N|Sj.SSh
jDSSSh
jDSSSh
jJj)SSSh
jJj)SSSh
N|Sj.SSj^jBSSSh
N|Sj.SSj^jBSSSh
SShDDD
SShDDD
SSSSjJj)SSSh
SSSSjJj)SSSh
W|Sj.SSj^jBSSSh
W|Sj.SSj^jBSSSh
V|Sj.SSj^jBSSSh
V|Sj.SSj^jBSSSh
t.SSSV
t.SSSV
zcÃ
zcÃ
Allow users to remove threats without a password
Allow users to remove threats without a password
Allow users to scan without a password
Allow users to scan without a password
This website is already being protected with SecureAnywhere Browser Protection. Remove it from the Browser Protection list to change its Website Filtering options.
This website is already being protected with SecureAnywhere Browser Protection. Remove it from the Browser Protection list to change its Website Filtering options.
This application is being actively protected against keyloggers, screen-grabbers, clipboard stealers, and other information-stealing threats.
This application is being actively protected against keyloggers, screen-grabbers, clipboard stealers, and other information-stealing threats.
Assess the intent of new programs before allowing them to execute
Assess the intent of new programs before allowing them to execute
Would you like to automatically import the settings that were used in your previous installation?
Would you like to automatically import the settings that were used in your previous installation?
Automatically block files when detected on execution
Automatically block files when detected on execution
Caution: Booting into Safe Mode may prevent access to encrypted hard drives. Ensure that you have all encryption keys available if you are using hard disk encryption so that your computer can boot properly. Do you want to continue?
Caution: Booting into Safe Mode may prevent access to encrypted hard drives. Ensure that you have all encryption keys available if you are using hard disk encryption so that your computer can boot properly. Do you want to continue?
Warn when new programs execute that are not trusted
Warn when new programs execute that are not trusted
Protect against keyloggers
Protect against keyloggers
Block phishing and known malicious websites
Block phishing and known malicious websites
Block suspicious access to browser windows
Block suspicious access to browser windows
The current operation cannot be aborted.
The current operation cannot be aborted.
SecureAnywhere was unable to remove threats automatically. Click "Contact Support" to contact our Support engineers.
SecureAnywhere was unable to remove threats automatically. Click "Contact Support" to contact our Support engineers.
Configuration for HTTP websites
Configuration for HTTP websites
Configuration for HTTPS websites
Configuration for HTTPS websites
Would you like SecureAnywhere to continue monitoring and alerting about the Windows Firewall?
Would you like SecureAnywhere to continue monitoring and alerting about the Windows Firewall?
Your keycode has been copied to the clipboard. You can now paste it into any application.
Your keycode has been copied to the clipboard. You can now paste it into any application.
The keycode could not be verified at this time. Ensure that SecureAnywhere is allowed to connect to the Internet and try again.
The keycode could not be verified at this time. Ensure that SecureAnywhere is allowed to connect to the Internet and try again.
Configuration settings could not be exported to the selected file.
Configuration settings could not be exported to the selected file.
Configuration settings could not be imported from the selected file.
Configuration settings could not be imported from the selected file.
SecureAnywhere has detected that the Windows Firewall is currently disabled. It is recommended that you enable the Windows Firewall to receive maximum protection. The firewall built into SecureAnywhere is fully compatible with the Windows Firewall and provides an additional layer of protection.||Would you like to enable the Windows Firewall now?
SecureAnywhere has detected that the Windows Firewall is currently disabled. It is recommended that you enable the Windows Firewall to receive maximum protection. The firewall built into SecureAnywhere is fully compatible with the Windows Firewall and provides an additional layer of protection.||Would you like to enable the Windows Firewall now?
Displaying %s events
Displaying %s events
Displaying %s process events
Displaying %s process events
Enable Password Protection
Enable Password Protection
Password protection is not currently enabled. Do you want to enable it now?
Password protection is not currently enabled. Do you want to enable it now?
Enable "right-click" scanning in Windows Explorer
Enable "right-click" scanning in Windows Explorer
Enter a valid keycode to continue.
Enter a valid keycode to continue.
First Exec - PID: %i
First Exec - PID: %i
A full keycode is required to add custom applications. Would you like to obtain one now?
A full keycode is required to add custom applications. Would you like to obtain one now?
Store Execution History details
Store Execution History details
Hide the SecureAnywhere keycode on-screen
Hide the SecureAnywhere keycode on-screen
SecureAnywhere has detected a modification to the HOSTS file, which may have been created by malicious software. The entry has the contents:||[%S]||Would you like SecureAnywhere to remove this entry?
SecureAnywhere has detected a modification to the HOSTS file, which may have been created by malicious software. The entry has the contents:||[%S]||Would you like SecureAnywhere to remove this entry?
HTTP Proxy
HTTP Proxy
Save non-executable file details to scan logs
Save non-executable file details to scan logs
Enter a valid keycode. If you continue to receive this message, contact SecureAnywhere Support.
Enter a valid keycode. If you continue to receive this message, contact SecureAnywhere Support.
I/O Operations
I/O Operations
A full keycode is required to increase the default security level. Would you like to obtain one now?
A full keycode is required to increase the default security level. Would you like to obtain one now?
A keycode is required to run a full system scan. Would you like to obtain one now?
A keycode is required to run a full system scan. Would you like to obtain one now?
Your SecureAnywhere keycode has been validated and activated. Your computer will now be rescanned to provide the most accurate protection.
Your SecureAnywhere keycode has been validated and activated. Your computer will now be rescanned to provide the most accurate protection.
Enter a keycode to continue.
Enter a keycode to continue.
Loading execution history process events...
Loading execution history process events...
The Execution History log is currently loading.
The Execution History log is currently loading.
Loading %s execution history events...
Loading %s execution history events...
Caution: Your current configuration settings may prevent access to SecureAnywhere. You may want to change your configuration settings now or use the command-line option "WRSA.exe -showgui" to show the SecureAnywhere interface if needed.
Caution: Your current configuration settings may prevent access to SecureAnywhere. You may want to change your configuration settings now or use the command-line option "WRSA.exe -showgui" to show the SecureAnywhere interface if needed.
Operate background functions using fewer CPU resources
Operate background functions using fewer CPU resources
This website is blocked because of a policy added by the user to prevent access.
This website is blocked because of a policy added by the user to prevent access.
This website has been trusted locally and visitation is not blocked.
This website has been trusted locally and visitation is not blocked.
Contact SecureAnywhere Support to upload files larger than 10MB.
Contact SecureAnywhere Support to upload files larger than 10MB.
Insert a keycode for SecureAnywhere.
Insert a keycode for SecureAnywhere.
Password
Password
This file is trying to access stored passwords
This file is trying to access stored passwords
The password entered was incorrect.
The password entered was incorrect.
Error: The entered passwords do not match.
Error: The entered passwords do not match.
PID %i active %s (CPU %s)
PID %i active %s (CPU %s)
PID %i active %s
PID %i active %s
%s (PID: %i) started by %s (PID: %i)
%s (PID: %i) started by %s (PID: %i)
%s (PID: %i) - (Parent PID: %i)
%s (PID: %i) - (Parent PID: %i)
Enter your password below to enter:
Enter your password below to enter:
Enter a password to enable protection.
Enter a password to enable protection.
Protect cookies and saved website data
Protect cookies and saved website data
An attempt to take a screenshot of your computer was detected. This screenshot may contain confidential information as a protected website is currently open. Do you want to allow this screenshot to continue?
An attempt to take a screenshot of your computer was detected. This screenshot may contain confidential information as a protected website is currently open. Do you want to allow this screenshot to continue?
Protect against URL grabbing attacks
Protect against URL grabbing attacks
Port
Port
Randomize the installed filename to bypass certain infections
Randomize the installed filename to bypass certain infections
Allow the process to execute other processes
Allow the process to execute other processes
Allow access to windows with a High integrity level
Allow access to windows with a High integrity level
Allow access to windows with a Medium integrity level
Allow access to windows with a Medium integrity level
Select a configuration file to import
Select a configuration file to import
Select a file to execute
Select a file to execute
Select where you would like to export the configuration:
Select where you would like to export the configuration:
Select a file to report to Webroot
Select a file to report to Webroot
Select a removal script to execute:
Select a removal script to execute:
Show SecureAnywhere in the Windows Action Center
Show SecureAnywhere in the Windows Action Center
Show the "Authenticating Files" popup when a new file is scanned on-execution
Show the "Authenticating Files" popup when a new file is scanned on-execution
Show SecureAnywhere in the Windows Security Center
Show SecureAnywhere in the Windows Security Center
Configuration successfully exported.
Configuration successfully exported.
Are you sure you want to visit this website? The contents could potentially compromise your identity or infect your computer.
Are you sure you want to visit this website? The contents could potentially compromise your identity or infect your computer.
Uninstall Webroot
Uninstall Webroot
Configuration saved. Close and re-open all open web browsers to update active protection.
Configuration saved. Close and re-open all open web browsers to update active protection.
Use the preconfigured policies for changing configuration settings for all websites.
Use the preconfigured policies for changing configuration settings for all websites.
This keycode is valid but has expired. Would you like to renew the keycode now?
This keycode is valid but has expired. Would you like to renew the keycode now?
Enter a valid, complete website name to configure.
Enter a valid, complete website name to configure.
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks
Verify websites when visited to determine legitimacy
Verify websites when visited to determine legitimacy
This website contains a known threat and has been blocked.
This website contains a known threat and has been blocked.
Contact Support
Contact Support
Website determination updated. Close your web browser and open the web page again or refresh the current page to continue browsing.
Website determination updated. Close your web browser and open the web page again or refresh the current page to continue browsing.
SecureAnywhere Scan Log (Version %S)~|Log saved at %S~|
SecureAnywhere Scan Log (Version %S)~|Log saved at %S~|
(User time: %s - Kernel time: %s)
(User time: %s - Kernel time: %s)
Cycles: %s
Cycles: %s
MD5: %S - Size: %i bytes
MD5: %S - Size: %i bytes
(PID: %i, TID: %i) %s registry entry: %s\%.*s
(PID: %i, TID: %i) %s registry entry: %s\%.*s
(PID: %i, TID: %i) %s file: %.*s
(PID: %i, TID: %i) %s file: %.*s
%s: PID - %i
%s: PID - %i
(PID: %i, TID: %i) %s process: %i - %s
(PID: %i, TID: %i) %s process: %i - %s
(PID: %i, TID: %i) %s named pipe: %.*s
(PID: %i, TID: %i) %s named pipe: %.*s
(PID: %i, TID: %i) %s module: %.*s
(PID: %i, TID: %i) %s module: %.*s
(PID: %i, TID: %i) %s code: %.*s (%S)
(PID: %i, TID: %i) %s code: %.*s (%S)
(PID: %i, TID: %i) %s IP %.*S
(PID: %i, TID: %i) %s IP %.*S
(PID: %i, TID: %i) %s Sector: %I64X - Length: %I64X
(PID: %i, TID: %i) %s Sector: %I64X - Length: %I64X
(PID: %i, TID: %i) %s URL: %.*S
(PID: %i, TID: %i) %s URL: %.*S
(PID: %i, TID: %i) %s service - %.*s - %.*s, (%i, %i)
(PID: %i, TID: %i) %s service - %.*s - %.*s, (%i, %i)
(PID: %i, TID: %i) %s mutex: %.*s
(PID: %i, TID: %i) %s mutex: %.*s
(PID: %i, TID: %i) Logging keystrokes
(PID: %i, TID: %i) Logging keystrokes
(PID: %i, TID: %i) Monitoring Windows events (%i)
(PID: %i, TID: %i) Monitoring Windows events (%i)
(PID: %i, TID: %i) %s section: %.*s
(PID: %i, TID: %i) %s section: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Registry Key: %.*s~|~|Value: %.*s~|Type: X~|New Data: %s~|~|Previous Data: %s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Registry Key: %.*s~|~|Value: %.*s~|Type: X~|New Data: %s~|~|Previous Data: %s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Original Filename: %.*s~|~|New Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Original Filename: %.*s~|~|New Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Target Process ID: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Target Process ID: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Module Name: %.*s~|Image Base: X~|Image Size: X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Module Name: %.*s~|Image Base: X~|Image Size: X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s~|Type: %S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s~|Type: %S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Address: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Address: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Sector: %I64X~|Length: %I64X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Sector: %I64X~|Length: %I64X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|URL: %.*S~|~|Bytes Transferred: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|URL: %.*S~|~|Bytes Transferred: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Caption: %.*S~|Contents: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Caption: %.*S~|Contents: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Service Name: %.*s~|Binary Path: %.*s~|Type: %i~|Start Type: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Service Name: %.*s~|Binary Path: %.*s~|Type: %i~|Start Type: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Mutex: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Mutex: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Windows Hook ID: %i~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Windows Hook ID: %i~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Event Hook Minimum ID: X~|Event Hook Maximum ID: X
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Event Hook Minimum ID: X~|Event Hook Maximum ID: X
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Section: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Section: %.*s
View the Webroot software license agreement
View the Webroot software license agreement
Webroot SecureAnywhere protects your computer from viruses, spyware, trojans, rootkits, and other malicious software.
Webroot SecureAnywhere protects your computer from viruses, spyware, trojans, rootkits, and other malicious software.
Enter your keycode to install and activate your software.
Enter your keycode to install and activate your software.
Help me find my keycode
Help me find my keycode
By clicking Agree and Install, you accept the terms of the Webroot software license agreement.
By clicking Agree and Install, you accept the terms of the Webroot software license agreement.
Want to learn more about Webroot?
Want to learn more about Webroot?
Help and Support
Help and Support
About Webroot SecureAnywhere
About Webroot SecureAnywhere
Login Theft Protection
Login Theft Protection
Protected Websites
Protected Websites
Websites on this list receive custom security to protect any information entered.
Websites on this list receive custom security to protect any information entered.
View/Edit Protected Websites
View/Edit Protected Websites
Password Required
Password Required
Web Threat Shield
Web Threat Shield
3. Close any open programs or web browsers (Recommended but not essential)
3. Close any open programs or web browsers (Recommended but not essential)
Reports
Reports
You may save a scan log, which Technical Support uses for diagnostics.
You may save a scan log, which Technical Support uses for diagnostics.
View an audit log of all monitored executed code. This allows you to manage running processes and identify potential problems quickly.
View an audit log of all monitored executed code. This allows you to manage running processes and identify potential problems quickly.
Not collecting execution history events
Not collecting execution history events
Password:
Password:
Repeat Password:
Repeat Password:
If a Webroot researcher has instructed you to execute a Removal script, select the script to begin.
If a Webroot researcher has instructed you to execute a Removal script, select the script to begin.
Import / Export
Import / Export
Block websites from creating high risk tracking information
Block websites from creating high risk tracking information
Analyze websites for phishing threats
Analyze websites for phishing threats
Enter the website address to protect (e.g. VVV.webroot.com)
Enter the website address to protect (e.g. VVV.webroot.com)
Add Website
Add Website
Analyze search engine results and identify malicious websites before visitation
Analyze search engine results and identify malicious websites before visitation
Detect websites being redirected by the HOSTS file
Detect websites being redirected by the HOSTS file
Look for malware on websites before visitation
Look for malware on websites before visitation
Look for exploits in website content before visitation
Look for exploits in website content before visitation
Website Filter
Website Filter
View/edit the list of blocked websites to change how they should be handled or add new websites to block.
View/edit the list of blocked websites to change how they should be handled or add new websites to block.
View Websites
View Websites
Website
Website
Enter the website address to configure (e.g. VVV.webroot.com)
Enter the website address to configure (e.g. VVV.webroot.com)
You received your keycode by email.
You received your keycode by email.
Your keycode is located on the CD sleeve.
Your keycode is located on the CD sleeve.
If you have misplaced your keycode:
If you have misplaced your keycode:
Contact Webroot Support at hXXp://VVV.webroot.com/support
Contact Webroot Support at hXXp://VVV.webroot.com/support
Help me find my license keycode
Help me find my license keycode
You can also import your settings from another computer using this screen.
You can also import your settings from another computer using this screen.
Import Settings
Import Settings
Export Settings
Export Settings
Activate a new keycode
Activate a new keycode
Keycode:
Keycode:
Enter your new keycode into the field below and click Activate:
Enter your new keycode into the field below and click Activate:
Enter your keycode here...
Enter your keycode here...
Are you sure you want to abort the current operation?
Are you sure you want to abort the current operation?
Identity && Privacy - protect yourself while browsing web sites
Identity && Privacy - protect yourself while browsing web sites
Enter a password that is at least six characters long for better security.
Enter a password that is at least six characters long for better security.
Only executable files can be overridden.
Only executable files can be overridden.
Warning: Clearing the product log will prevent Webroot technical support from assisting you accurately. Are you sure you want to clear the log?
Warning: Clearing the product log will prevent Webroot technical support from assisting you accurately. Are you sure you want to clear the log?
The username or password is invalid.
The username or password is invalid.
I forgot my password
I forgot my password
Downloading Password Management Components...
Downloading Password Management Components...
Installing Password Management...
Installing Password Management...
Windows System
Windows System
Windows Desktop
Windows Desktop
Windows Registry Streams
Windows Registry Streams
Windows Update Temporary folder
Windows Update Temporary folder
Windows Temporary folder
Windows Temporary folder
Clean Index.dat (cleaned on reboot)
Clean Index.dat (cleaned on reboot)
URL history
URL history
Securely erase files by overwriting contents with random data using seven passes and clean free space around files.
Securely erase files by overwriting contents with random data using seven passes and clean free space around files.
Erase files by overwriting contents with random data using three passes.
Erase files by overwriting contents with random data using three passes.
Clean files using standard file deletion techniques, bypassing the Windows Recycle Bin.
Clean files using standard file deletion techniques, bypassing the Windows Recycle Bin.
SecureAnywhere has detected a significant infection on your computer which requires manual assistance to clean. Contact Webroot Support to help clean your computer.
SecureAnywhere has detected a significant infection on your computer which requires manual assistance to clean. Contact Webroot Support to help clean your computer.
Your SecureAnywhere subscription entitles you to use Backup && Sync which makes it easy to share files on your computer and protect your important files from loss. Click "Download and Install" to use this feature.
Your SecureAnywhere subscription entitles you to use Backup && Sync which makes it easy to share files on your computer and protect your important files from loss. Click "Download and Install" to use this feature.
Select specific files and folders to back up to your online storage in the Cloud to protect important files from loss.
Select specific files and folders to back up to your online storage in the Cloud to protect important files from loss.
Webroot Internet Security Complete is already installed on your computer. Use the Sync & Sharing features within WISC to prevent incompatibilities.
Webroot Internet Security Complete is already installed on your computer. Use the Sync & Sharing features within WISC to prevent incompatibilities.
Backup & Sync was not installed successfully. If you continue to receive this error, contact Webroot Support.
Backup & Sync was not installed successfully. If you continue to receive this error, contact Webroot Support.
Your SecureAnywhere subscription entitles you to use Password Management that makes managing your web site logons easy and more secure. Click "Download and Install" to use this feature.
Your SecureAnywhere subscription entitles you to use Password Management that makes managing your web site logons easy and more secure. Click "Download and Install" to use this feature.
Install Password Management
Install Password Management
Manage your personal information, websites, and passwords at your My Webroot account.
Manage your personal information, websites, and passwords at your My Webroot account.
- Automatically fill in your login information for remembered websites
- Automatically fill in your login information for remembered websites
- Create secure, hack-resistant passwords for website logins
- Create secure, hack-resistant passwords for website logins
Password Management makes web browsing easier and more secure.
Password Management makes web browsing easier and more secure.
Password Management is On
Password Management is On
Password Management was not installed successfully. If you continue to receive this error, contact Webroot Support.
Password Management was not installed successfully. If you continue to receive this error, contact Webroot Support.
Password Management
Password Management
SecureAnywhere was unable to restore all files to their original locations and has copied them to a dedicated Quarantine folder located at [%s]. Would you like to view the Quarantine folder now?
SecureAnywhere was unable to restore all files to their original locations and has copied them to a dedicated Quarantine folder located at [%s]. Would you like to view the Quarantine folder now?
The keycode is currently hidden and cannot be copied.
The keycode is currently hidden and cannot be copied.
%-5i %S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i %S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i ...%.*S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i ...%.*S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%S (%S) - %S@%S drive - %i%% Free (%i MB Total), Serial Number: X~|
%S (%S) - %S@%S drive - %i%% Free (%i MB Total), Serial Number: X~|
%S (%S)@%S, Number of Logins: %i, %S~|
%S (%S)@%S, Number of Logins: %i, %S~|
%S on %S@%i MB, %i MHz (Form Factor: %S, Manufacturer ID: %S, Serial Number: %S, Part Number: %S)~|
%S on %S@%i MB, %i MHz (Form Factor: %S, Manufacturer ID: %S, Serial Number: %S, Part Number: %S)~|
%S on %S@%i MB, (Form Factor: %S)~|
%S on %S@%i MB, (Form Factor: %S)~|
%S@%S drive - No media~|
%S@%S drive - No media~|
%S@%S, Last Login: %s, Number of Logins: %i, %S~|
%S@%S, Last Login: %s, Number of Logins: %i, %S~|
%S@%S, Service: %S, Status: X,
%S@%S, Service: %S, Status: X,
%S@(%S) %S, Service: %S, Status: X,$
%S@(%S) %S, Service: %S, Status: X,$
%S@Device ID: %S, Internal Name: %S~|
%S@Device ID: %S, Internal Name: %S~|
%S@Never logged in~|
%S@Never logged in~|
%S@Port: %S, Status: %i, Jobs: %i~|
%S@Port: %S, Status: %i, Jobs: %i~|
%i fragments, %u bytes@%S (MFT: %i)~|
%i fragments, %u bytes@%S (MFT: %i)~|
%s@Minidump: %S~|
%s@Minidump: %S~|
%s@System Analysis completed in %i seconds (%s)~|
%s@System Analysis completed in %i seconds (%s)~|
, Problem code - X,
, Problem code - X,
Active Applications@%i - %i windows (%i visible)~|
Active Applications@%i - %i windows (%i visible)~|
Active Applications@%i windows (%i visible)~|
Active Applications@%i windows (%i visible)~|
Active Directory@%S~|
Active Directory@%S~|
Auto Update State@%S~|
Auto Update State@%S~|
Browser@%S %S~|
Browser@%S %S~|
CPU@%s (%i %S)~|
CPU@%s (%i %S)~|
Common AppData Directory@%S~|
Common AppData Directory@%S~|
Current Processor Speed@%dMHz~|
Current Processor Speed@%dMHz~|
DHCP Server@%s~|
DHCP Server@%s~|
DNS Server@%s~|
DNS Server@%s~|
External Clock Speed@%dMHz~|
External Clock Speed@%dMHz~|
External IP Address@%s~|
External IP Address@%s~|
Gateway@%s~|
Gateway@%s~|
Graphics Card@%s - %iMB Free Video RAM, %iMB Total~|
Graphics Card@%s - %iMB Free Video RAM, %iMB Total~|
Home Page@%S~|
Home Page@%S~|
Hostname@%s~|
Hostname@%s~|
IP Address@%s~|
IP Address@%s~|
IP Mask@%s~|
IP Mask@%s~|
Internet Cache@%i KB (%s)~|
Internet Cache@%i KB (%s)~|
Last Update Check@%S~|
Last Update Check@%S~|
Last Update Download@%S~|
Last Update Download@%S~|
Last Update Install@%S (%i %S ago)~|
Last Update Install@%S (%i %S ago)~|
Last Update Install@%S~|
Last Update Install@%S~|
Maximum Supported RAM Size@%i MB~|
Maximum Supported RAM Size@%i MB~|
Next Scheduled Install Time@%S~|
Next Scheduled Install Time@%S~|
Next Scheduled Update Check@%S~|
Next Scheduled Update Check@%S~|
OS Install Date@%s~|
OS Install Date@%s~|
OS@%s (Language: %i)~|
OS@%s (Language: %i)~|
Operating System
Operating System
Phishing Filter@%S~|
Phishing Filter@%S~|
Search History, URL History, and Recent Playlist
Search History, URL History, and Recent Playlist
Slot %i - %S (%S)@%S - Bus Number: 0xX, Device Number: 0xX, Segment Group Number: 0xX~|
Slot %i - %S (%S)@%S - Bus Number: 0xX, Device Number: 0xX, Segment Group Number: 0xX~|
Spyware Protection@%S %S (%S)~|
Spyware Protection@%S %S (%S)~|
Spyware Protection@%S %S (%S, %S)~|
Spyware Protection@%S %S (%S, %S)~|
System Access Level@%s~|
System Access Level@%s~|
System Boot Drive Device@%S~|
System Boot Drive Device@%S~|
System Directory@%S~|
System Directory@%S~|
System Family@%S~|
System Family@%S~|
System GUID@x-xx-xxxx-xxxx~|
System GUID@x-xx-xxxx-xxxx~|
System Manufacturer@%S~|
System Manufacturer@%S~|
System Product Name@%S~|
System Product Name@%S~|
System Proxy@%S~|
System Proxy@%S~|
System Serial Number@%S~|
System Serial Number@%S~|
System Temporary Files@%i KB (%s)~|
System Temporary Files@%i KB (%s)~|
System Uptime@%S (Tick Count: %i)~|
System Uptime@%S (Tick Count: %i)~|
System Version@%S~|
System Version@%S~|
Third Party Firewall@%S %S (%S)~|
Third Party Firewall@%S %S (%S)~|
UAC Status@%S~|
UAC Status@%S~|
Update Type@%S~|
Update Type@%S~|
User Account Level@%s~|
User Account Level@%s~|
User Temporary Files@%i KB (%s)~|
User Temporary Files@%i KB (%s)~|
Username@%S (%S) - Session ID: %i~|
Username@%S (%S) - Session ID: %i~|
Username@%S - Session ID: %i~|
Username@%S - Session ID: %i~|
Virus Protection@%S %S (%S)~|
Virus Protection@%S %S (%S)~|
Virus Protection@%S %S (%S, %S)~|
Virus Protection@%S %S (%S, %S)~|
Windows Experience Rating
Windows Experience Rating
Windows Firewall@Disabled~|
Windows Firewall@Disabled~|
Windows Firewall@Enabled and Active~|
Windows Firewall@Enabled and Active~|
Windows Updates
Windows Updates
~|~|This new key must be used on all future installations of Webroot software:~|~|%.4s-%.4s-%.4s-%.4s-%.4s~|~|Thank you for upgrading!
~|~|This new key must be used on all future installations of Webroot software:~|~|%.4s-%.4s-%.4s-%.4s-%.4s~|~|Thank you for upgrading!
- Internet Explorer 7.0 and higher, Mozilla Firefox 3.6 and higher; Identity Shield feature in Webroot SecureAnywhere Complete also supports Google Chrome 11 and higher, and Opera 11 and higher
- Internet Explorer 7.0 and higher, Mozilla Firefox 3.6 and higher; Identity Shield feature in Webroot SecureAnywhere Complete also supports Google Chrome 11 and higher, and Opera 11 and higher
All attached devices have reported to be functioning properly.
All attached devices have reported to be functioning properly.
Windows Automatic Updates are disabled
Windows Automatic Updates are disabled
Contact Support by clicking the "?" button in the upper right corner of this window.
Contact Support by clicking the "?" button in the upper right corner of this window.
Create an account to access your security on all your devices online from any Web browser.
Create an account to access your security on all your devices online from any Web browser.
Purchase Webroot SecureAnywhere now for uninterrupted protection.
Purchase Webroot SecureAnywhere now for uninterrupted protection.
Don't waste a second. Get the fastest security ever. Buy Webroot SecureAnywhere.
Don't waste a second. Get the fastest security ever. Buy Webroot SecureAnywhere.
Enter your email address to validate your license key and activate realtime threat prevention:
Enter your email address to validate your license key and activate realtime threat prevention:
Firefox
Firefox
If you have other security software installed on your system, you do not need to uninstall it. Webroot SecureAnywhere software is designed to work alongside your existing security software and will automatically upgrade earlier versions of Webroot or Prevx software. If you do experience any issues, please contact our Support team.
If you have other security software installed on your system, you do not need to uninstall it. Webroot SecureAnywhere software is designed to work alongside your existing security software and will automatically upgrade earlier versions of Webroot or Prevx software. If you do experience any issues, please contact our Support team.
Last Password Change: %i %s ago
Last Password Change: %i %s ago
Malware scanning - detect and report threats
Malware scanning - detect and report threats
Mozilla Firefox - Cached Files
Mozilla Firefox - Cached Files
New Webroot Keycode.txt
New Webroot Keycode.txt
No password configured
No password configured
Operating Systems (32 and 64bit in all Editions)
Operating Systems (32 and 64bit in all Editions)
Please wait until the current operation is complete before shutting down SecureAnywhere.
Please wait until the current operation is complete before shutting down SecureAnywhere.
Please wait until the download of Password Management is finished to download Backup & Sync.
Please wait until the download of Password Management is finished to download Backup & Sync.
Save Keycode and Continue
Save Keycode and Continue
SecureAnywhere is currently managed by the Web Console and all changes need to be applied centrally. Please refer to the SecureAnywhere documentation for further information.
SecureAnywhere is currently managed by the Web Console and all changes need to be applied centrally. Please refer to the SecureAnywhere documentation for further information.
Settings - Currently being managed by the Web Console
Settings - Currently being managed by the Web Console
System Analysis was cancelled and the report may be incomplete.
System Analysis was cancelled and the report may be incomplete.
Screen resolution and bit depth support true color images.
Screen resolution and bit depth support true color images.
The Windows firewall is disabled.
The Windows firewall is disabled.
The credentials used to log into Backup & Sync are invalid. Please login again.
The credentials used to log into Backup & Sync are invalid. Please login again.
There are currently no items in the execution history log.
There are currently no items in the execution history log.
To learn more about Webroot's complete portfolio of security solutions, visit VVV.webroot.com.
To learn more about Webroot's complete portfolio of security solutions, visit VVV.webroot.com.
View Full Report
View Full Report
Visit Webroot.com
Visit Webroot.com
Webroot SecureAnywhere has been successfully installed and is actively protecting your computer. You do not need to do anything further - it will continue running in the background, blocking threats if they try to enter.~|~|Accessing Webroot SecureAnywhere is quick and easy - you can locate it any time in your system tray or notification area. You may need to expand your notification area with the "Up" or "Left" arrow to see the Webroot icon.
Webroot SecureAnywhere has been successfully installed and is actively protecting your computer. You do not need to do anything further - it will continue running in the background, blocking threats if they try to enter.~|~|Accessing Webroot SecureAnywhere is quick and easy - you can locate it any time in your system tray or notification area. You may need to expand your notification area with the "Up" or "Left" arrow to see the Webroot icon.
Webroot SecureAnywhere
Webroot SecureAnywhere
Webroot SecureAnywhere~|(c) 2006-2012
Webroot SecureAnywhere~|(c) 2006-2012
Webroot SecureAnywhere`
Webroot SecureAnywhere`
Webroot System Analyzer
Webroot System Analyzer
Webroot was unable to be installed because the current user account has limited rights. Please elevate the Webroot installer or install using an administrative account.
Webroot was unable to be installed because the current user account has limited rights. Please elevate the Webroot installer or install using an administrative account.
Without this protection, your PC is vulnerable to spyware and virus attacks. Don't waste a second - get the fastest security ever. Buy Webroot SecureAnywhere.
Without this protection, your PC is vulnerable to spyware and virus attacks. Don't waste a second - get the fastest security ever. Buy Webroot SecureAnywhere.
Not all RAM can be used by your 32bit operating system.
Not all RAM can be used by your 32bit operating system.
Protection disabled. Get complete protection with Webroot SecureAnywhere.
Protection disabled. Get complete protection with Webroot SecureAnywhere.
Your account gives you anytime access to your security from any Web browser.
Your account gives you anytime access to your security from any Web browser.
Your Webroot SecureAnywhere trial ends in %i days!
Your Webroot SecureAnywhere trial ends in %i days!
Your Webroot SecureAnywhere trial ends tomorrow!
Your Webroot SecureAnywhere trial ends tomorrow!
Your Webroot SecureAnywhere trial is expired!
Your Webroot SecureAnywhere trial is expired!
Your new keycode is shown below and is also provided in a text file on your computer's desktop. Use this new keycode for all future installations and upgrades.
Your new keycode is shown below and is also provided in a text file on your computer's desktop. Use this new keycode for all future installations and upgrades.
Your operating system is up to date.
Your operating system is up to date.
It is recommended to change your password every 90 days.
It is recommended to change your password every 90 days.
Your hardware is adequate for running your operating system.
Your hardware is adequate for running your operating system.
VVV.geeksquad.com
VVV.geeksquad.com
SecureAnywhere could not be installed. Please contact SecureAnywhere support to assist with your installation.
SecureAnywhere could not be installed. Please contact SecureAnywhere support to assist with your installation.
SecureAnywhere is not compatible with your current operating system. Please consider upgrading your operating system to Windows XP Service Pack 2 or higher.
SecureAnywhere is not compatible with your current operating system. Please consider upgrading your operating system to Windows XP Service Pack 2 or higher.
- Windows XP SP2, SP3
- Windows XP SP2, SP3
- Windows Vista SP1, SP2
- Windows Vista SP1, SP2
- Windows 7 SP0, SP1
- Windows 7 SP0, SP1
I would like to receive alerts, special offers, important product updates, and newsletters from Webroot.
I would like to receive alerts, special offers, important product updates, and newsletters from Webroot.
View the Webroot Privacy Policy
View the Webroot Privacy Policy
Note: Although your settings will be saved locally, your PC is currently centrally managed by the Web Console and your settings may be overwritten on the next database communication.
Note: Although your settings will be saved locally, your PC is currently centrally managed by the Web Console and your settings may be overwritten on the next database communication.
Scan with Webroot
Scan with Webroot
To receive the fastest response to a file inquiry, we recommend writing into our support inbox so that a Webroot researcher will immediately look at the submitted information. Would you like to open a support ticket now?
To receive the fastest response to a file inquiry, we recommend writing into our support inbox so that a Webroot researcher will immediately look at the submitted information. Would you like to open a support ticket now?
A cleanup license key is required to remove threats.
A cleanup license key is required to remove threats.
SecureAnywhere Identity Shield protects your sensitive information on banking, web transacting, and social networking websites while peacefully coexisting with other security software.
SecureAnywhere Identity Shield protects your sensitive information on banking, web transacting, and social networking websites while peacefully coexisting with other security software.
Welcome to Webroot
Welcome to Webroot
Webroot FastScan quickly assesses your PC security by detecting malicious threats using the Webroot Realtime Threat Database while peacefully coexisting with other security software.
Webroot FastScan quickly assesses your PC security by detecting malicious threats using the Webroot Realtime Threat Database while peacefully coexisting with other security software.
Update now to faster, lighter, and more effective protection. Installation will take less than 10 seconds with scans typically taking less than 2 minutes. Webroot SecureAnywhere protects your computer from all types of malicious activity.
Update now to faster, lighter, and more effective protection. Installation will take less than 10 seconds with scans typically taking less than 2 minutes. Webroot SecureAnywhere protects your computer from all types of malicious activity.
You don't need to do anything further. Webroot SecureAnywhere Identity Shield is now helping to protect you and your personal information when you bank, shop, interact, and transact online.
You don't need to do anything further. Webroot SecureAnywhere Identity Shield is now helping to protect you and your personal information when you bank, shop, interact, and transact online.
Aborting the current scan will prevent Webroot from detecting and cleaning all threats. Are you sure you want to abort?
Aborting the current scan will prevent Webroot from detecting and cleaning all threats. Are you sure you want to abort?
SecureAnywhere has detected active threats on your computer and needs a license key to remove them.
SecureAnywhere has detected active threats on your computer and needs a license key to remove them.
Enable enhanced customer support
Enable enhanced customer support
Please wait a few moments and try again. Contact Webroot Support if this error persists.
Please wait a few moments and try again. Contact Webroot Support if this error persists.
The operation failed with error code %i. %s
The operation failed with error code %i. %s
The command you selected did not complete successfully. Contact Webroot Support if this error persists.
The command you selected did not complete successfully. Contact Webroot Support if this error persists.
Backup allows you to automatically back up and access your files securely from a web-based portal.
Backup allows you to automatically back up and access your files securely from a web-based portal.
Web Console
Web Console
SecureAnywhere is using %2.2f%% of your disk space. The average scan time is %4.1f %s.
SecureAnywhere is using %2.2f%% of your disk space. The average scan time is %4.1f %s.
SecureAnywhere has used %2.2f%% of your CPU since installation and %2.3f%% disk space. Average scan time is %4.1f %s.
SecureAnywhere has used %2.2f%% of your CPU since installation and %2.3f%% disk space. Average scan time is %4.1f %s.
Next scan starts in %s.
Next scan starts in %s.
%i%% - %s files scanned. %s %s
%i%% - %s files scanned. %s %s
Scan Complete - %i active %s found in %s. %s
Scan Complete - %i active %s found in %s. %s
Scan ended - %i active %s found in %s. %s
Scan ended - %i active %s found in %s. %s
%s files scanned in %s. No threats found. %s
%s files scanned in %s. No threats found. %s
Scan aborted. %s files scanned in %s. %s
Scan aborted. %s files scanned in %s. %s
Last scanned %s. %s %s %s removed.
Last scanned %s. %s %s %s removed.
Last scanned %s. %s
Last scanned %s. %s
Protection has been active for %s.
Protection has been active for %s.
%s system events have been inspected since installation.
%s system events have been inspected since installation.
%s system events have been inspected since bootup (%s.%c %s since installation).
%s system events have been inspected since bootup (%s.%c %s since installation).
%i%% - Cleaned %s bytes (%i files, %i registry entries). Cleaning %s
%i%% - Cleaned %s bytes (%i files, %i registry entries). Cleaning %s
%i%% - Cleaning %s
%i%% - Cleaning %s
System Cleaner is scheduled to run in %s. So far, it has cleaned %s %s.
System Cleaner is scheduled to run in %s. So far, it has cleaned %s %s.
System Cleaner is scheduled to run in %s.
System Cleaner is scheduled to run in %s.
System Cleaner last cleaned %s. So far, it has cleaned %s %s.
System Cleaner last cleaned %s. So far, it has cleaned %s %s.
Click here for personal support if you have any questions about SecureAnywhere
Click here for personal support if you have any questions about SecureAnywhere
Enable Windows Explorer right click secure file erasing
Enable Windows Explorer right click secure file erasing
SecureAnywhere Backup allows you to back up your files online so that they can be access through the secure portal in the event of hardware malfunction or system problems, or just to provide easier means for sharing files securely.
SecureAnywhere Backup allows you to back up your files online so that they can be access through the secure portal in the event of hardware malfunction or system problems, or just to provide easier means for sharing files securely.
Show Windows Explorer overlay icons
Show Windows Explorer overlay icons
Web requests were denied. Please ensure that proxy settings are correct and log in with your current user credentials.
Web requests were denied. Please ensure that proxy settings are correct and log in with your current user credentials.
A connection is being established with the Webroot Backup && Sync cloud infrastructure.
A connection is being established with the Webroot Backup && Sync cloud infrastructure.
Backup is idle and will next archive files at %S. Files were last archived at %S.
Backup is idle and will next archive files at %S. Files were last archived at %S.
Backup is currently idle and is configured to begin automatically archiving files at %S.
Backup is currently idle and is configured to begin automatically archiving files at %S.
Backup allows you to automatically back up and access your files securely from the SecureAnywhere website.
Backup allows you to automatically back up and access your files securely from the SecureAnywhere website.
Scanning for threats: %s
Scanning for threats: %s
By clicking Agree and Begin Analysis, you accept the terms of the Webroot software license agreement.
By clicking Agree and Begin Analysis, you accept the terms of the Webroot software license agreement.
View report summary
View report summary
Operating system detected
Operating system detected
Detecting operating system information
Detecting operating system information
SecureAnywhere Backup && Sync allows you to protect your data and access it easier by synchronizing it across devices and securely backing it up to prevent data loss. Click "Login" to create your account or log into an existing account.
SecureAnywhere Backup && Sync allows you to protect your data and access it easier by synchronizing it across devices and securely backing it up to prevent data loss. Click "Login" to create your account or log into an existing account.
Please wait until the current operation is complete.
Please wait until the current operation is complete.
Google Chrome
Google Chrome
.text
.text
h.rdata
h.rdata
H.data
H.data
.rsrc
.rsrc
B.reloc
B.reloc
SShhA
SShhA
TransportAddress
TransportAddress
HTTP/
HTTP/
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrkrn.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrkrn.pdb
KeDelayExecutionThread
KeDelayExecutionThread
ZwOpenKey
ZwOpenKey
ZwQueryValueKey
ZwQueryValueKey
ntoskrnl.exe
ntoskrnl.exe
WRITE_PORT_UCHAR
WRITE_PORT_UCHAR
HAL.dll
HAL.dll
TDI.SYS
TDI.SYS
FltCloseClientPort
FltCloseClientPort
FltCloseCommunicationPort
FltCloseCommunicationPort
FltCreateCommunicationPort
FltCreateCommunicationPort
FLTMGR.SYS
FLTMGR.SYS
SeExports
SeExports
ZwCreateKey
ZwCreateKey
ZwSetValueKey
ZwSetValueKey
585=5^5}5
585=5^5}5
"hXXp://crl.verisign.com/tss-ca.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
Thawte Certification1
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
.Class 3 Public Primary Certification Authority0
.Class 3 Public Primary Certification Authority0
hXXp://crl.verisign.com/pca3.crl0
hXXp://crl.verisign.com/pca3.crl0
hXXps://VVV.verisign.com/cps0
hXXps://VVV.verisign.com/cps0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
n.aAHu
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
Webroot Inc.1>0
Webroot Inc.1>0
Webroot Inc.0
Webroot Inc.0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
.pdata
.pdata
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrkrn.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrkrn.pdb
`.data
`.data
@.reloc
@.reloc
WmiExecuteMethodW
WmiExecuteMethodW
NtRequestWaitReplyPort
NtRequestWaitReplyPort
NtConnectPort
NtConnectPort
NtAlpcConnectPort
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
NtAlpcSendWaitReceivePort
NtAlpcCreatePortSection
NtAlpcCreatePortSection
NtRequestPort
NtRequestPort
NtAlpcCreatePort
NtAlpcCreatePort
NtSecureConnectPort
NtSecureConnectPort
NtDeleteKey
NtDeleteKey
NtDeleteValueKey
NtDeleteValueKey
NtSetValueKey
NtSetValueKey
NtDelayExecution
NtDelayExecution
NtCreatePort
NtCreatePort
http:\/\/
http:\/\/
hXXps://
hXXps://
PSOWRX
PSOWRX
hXXp://%.*s
hXXp://%.*s
Chrome_OmniboxView
Chrome_OmniboxView
Chrome_AutocompleteEditView
Chrome_AutocompleteEditView
%s://%S
%s://%S
search.yahoo
search.yahoo
WebDrawText
WebDrawText
webkit
webkit
PSOTBX
PSOTBX
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
MozillaContentWindowClass
MozillaContentWindowClass
MozillaWindowClass
MozillaWindowClass
Chrome_WidgetWin_
Chrome_WidgetWin_
OperaWindowClass
OperaWindowClass
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsagreen.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsagreen.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsared.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsared.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
nspr4.dll
nspr4.dll
advapi32.dll
advapi32.dll
bcrypt.dll
bcrypt.dll
ws2_32.dll
ws2_32.dll
sspicli.dll
sspicli.dll
secur32.dll
secur32.dll
wininet.dll
wininet.dll
ntdll.dll
ntdll.dll
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrusr.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrusr.pdb
>HTTPu6
>HTTPu6
msvcrt.dll
msvcrt.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
SetWindowsHookExW
SetWindowsHookExW
SetWindowsHookExA
SetWindowsHookExA
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
USER32.dll
USER32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
ADVAPI32.dll
ADVAPI32.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
URLDownloadToFileW
URLDownloadToFileW
URLDownloadToFileA
URLDownloadToFileA
urlmon.dll
urlmon.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
OLEACC.dll
OLEACC.dll
RPCRT4.dll
RPCRT4.dll
OLEAUT32.dll
OLEAUT32.dll
UrlIsW
UrlIsW
SHLWAPI.dll
SHLWAPI.dll
Secur32.dll
Secur32.dll
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
WRUsr.dll
WRUsr.dll
\\x3ca href\\x3d\\x22http
\\x3ca href\\x3d\\x22http
@.rsrc
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrusr.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrusr.pdb
%u6HcA
%u6HcA
tù7u HcG
tù7u HcG
?;5URLURLURL
?;5URLURLURL
)|]({\(z['yZ'wY'vX&uW&tV%sU%rT
)|]({\(z['yZ'wY'vX&uW&tV%sU%rT
%sU%rT
%sU%rT
GetCPInfo
GetCPInfo
CertGetCertificateContextProperty
CertGetCertificateContextProperty
_acmdln
_acmdln
_amsg_exit
_amsg_exit
GetAsyncKeyState
GetAsyncKeyState
MapVirtualKeyExW
MapVirtualKeyExW
GetKeyboardLayout
GetKeyboardLayout
keybd_event
keybd_event
UnhookWindowsHookEx
UnhookWindowsHookEx
v.pL>
v.pL>
00000000006
00000000006
20.sp
20.sp
%uV7"iL
%uV7"iL
KERNEL32.DLL
KERNEL32.DLL
CRYPT32.dll
CRYPT32.dll
DDRAW.dll
DDRAW.dll
DSOUND.dll
DSOUND.dll
iphlpapi.dll
iphlpapi.dll
NETAPI32.dll
NETAPI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
WINTRUST.dll
WINTRUST.dll
ddbl.db
ddbl.db
dbk.db
dbk.db
dbj.db
dbj.db
dbi.db
dbi.db
dbh.db
dbh.db
dbg.db
dbg.db
dbf.db
dbf.db
dbe.db
dbe.db
dbd.db
dbd.db
dbc.db
dbc.db
dbb.db
dbb.db
dba.db
dba.db
index.dat
index.dat
content url
content url
searchurl
searchurl
use custom search url
use custom search url
scrnsave.exe
scrnsave.exe
Default_Search_Url
Default_Search_Url
Default_Page_Url
Default_Page_Url
.cn/index
.cn/index
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Software\Microsoft\Windows\CurrentVersion\Media Center\Service\Video
Software\Microsoft\Windows\CurrentVersion\Media Center\Service\Video
Software\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Software\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Software\Microsoft\Ole\appcompat\activationsecuritycheckexemptionlist
Software\Microsoft\Ole\appcompat\activationsecuritycheckexemptionlist
Software\Microsoft\Internet Explorer\UrlSearchHooks
Software\Microsoft\Internet Explorer\UrlSearchHooks
Software\Microsoft\Internet Explorer\Extensions\CmdMapping
Software\Microsoft\Internet Explorer\Extensions\CmdMapping
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
"%ProgramFiles%\Internet Explorer\iexplore.exe"
"%ProgramFiles%\Internet Explorer\iexplore.exe"
"%ProgramFiles%\Mozilla Firefox\firefox.exe"
"%ProgramFiles%\Mozilla Firefox\firefox.exe"
"%ProgramFiles%\Internet Explorer\iexplore.exe" %1
"%ProgramFiles%\Internet Explorer\iexplore.exe" %1
rundll32.exe url.dll,FileProtocolHandler %l
rundll32.exe url.dll,FileProtocolHandler %l
rundll32.exe url.dll,TelnetProtocolHandler %l
rundll32.exe url.dll,TelnetProtocolHandler %l
rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
regedit.exe "%1"
regedit.exe "%1"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
"%SystemRoot%\System32\msiexec.exe" /i "%1" %*
"%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Package
Msi.Package
%SystemRoot%\system32\mmc.exe "%1" %*
%SystemRoot%\system32\mmc.exe "%1" %*
.mpeg
.mpeg
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
"%SystemRoot%\System32\WScript.exe" "%1" %*
"%SystemRoot%\System32\WScript.exe" "%1" %*
rundll32.exe shdocvw.dll,OpenURL %l
rundll32.exe shdocvw.dll,OpenURL %l
%SystemRoot%\system32\NOTEPAD.EXE %1
%SystemRoot%\system32\NOTEPAD.EXE %1
"%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome
"%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome
%SystemRoot%\system32\mshta.exe "%1" %*
%SystemRoot%\system32\mshta.exe "%1" %*
cmdfile
cmdfile
"%SystemRoot%\hh.exe" %1
"%SystemRoot%\hh.exe" %1
chm.file
chm.file
ieuser.exe
ieuser.exe
crashreporter.exe
crashreporter.exe
plugin-container.exe
plugin-container.exe
epic.exe
epic.exe
waol.exe
waol.exe
iron.exe
iron.exe
safari.exe
safari.exe
firefox
firefox
winlogon.exe
winlogon.exe
spoolsv.exe
spoolsv.exe
services.exe
services.exe
audiodg.exe
audiodg.exe
svchost.exe
svchost.exe
lsass.exe
lsass.exe
consent.exe
consent.exe
dwm.exe
dwm.exe
lsm.exe
lsm.exe
procexp64.exe
procexp64.exe
procexp.exe
procexp.exe
dplp2.exe
dplp2.exe
dplp.exe
dplp.exe
watchdogx64.exe
watchdogx64.exe
flashcookiecleaner.exe
flashcookiecleaner.exe
shredder.exe
shredder.exe
atieclxx.exe
atieclxx.exe
atiesrxx.exe
atiesrxx.exe
searchfilterhost.exe
searchfilterhost.exe
werfault.exe
werfault.exe
ravcpl64.exe
ravcpl64.exe
nvtray.exe
nvtray.exe
clpsla.exe
clpsla.exe
clps.exe
clps.exe
mtxagent.exe
mtxagent.exe
googleupdate.exe
googleupdate.exe
googlecrashhandler.exe
googlecrashhandler.exe
downloaderapp.exe
downloaderapp.exe
ccleaner.exe
ccleaner.exe
ccleaner64.exe
ccleaner64.exe
conhost.exe
conhost.exe
irperl.exe
irperl.exe
fswscs.exe
fswscs.exe
bsplayer.exe
bsplayer.exe
wow_helper.exe
wow_helper.exe
realplay.exe
realplay.exe
nmake.exe
nmake.exe
cl.exe
cl.exe
winrar.exe
winrar.exe
fsdomnodeie.dll
fsdomnodeie.dll
jhook.dll
jhook.dll
yzshadow.exe
yzshadow.exe
yahoomessenger.exe
yahoomessenger.exe
wspace.exe
wspace.exe
wlmail.exe
wlmail.exe
wdict32.exe
wdict32.exe
vmware-vmx.exe
vmware-vmx.exe
vmware.exe
vmware.exe
ultramon.exe
ultramon.exe
translateclient.exe
translateclient.exe
totalcmd.exe
totalcmd.exe
thunderbird.exe
thunderbird.exe
stpass.exe
stpass.exe
splwow64.exe
splwow64.exe
skype.exe
skype.exe
sidebar.exe
sidebar.exe
sllauncher.exe
sllauncher.exe
sbrender.exe
sbrender.exe
rocketdock.exe
rocketdock.exe
robotaskbaricon.exe
robotaskbaricon.exe
roboform.dll
roboform.dll
robo.exe
robo.exe
popupblocker.exe
popupblocker.exe
pdfvista.exe
pdfvista.exe
patrol.exe
patrol.exe
packpro.exe
packpro.exe
outlook.exe
outlook.exe
opstm080.exe
opstm080.exe
opera.exe
opera.exe
notepad .exe
notepad .exe
mvtapp.exe
mvtapp.exe
msnmsgr.exe
msnmsgr.exe
fsocrserver.exe
fsocrserver.exe
jfw.exe
jfw.exe
iexplore.exe
iexplore.exe
helppane.exe
helppane.exe
google.exe
google.exe
gamebooster.exe
gamebooster.exe
firefox.exe
firefox.exe
excel.exe
excel.exe
eudora.exe
eudora.exe
eqgame.exe
eqgame.exe
dsNetworkConnect.exe
dsNetworkConnect.exe
dllhost.exe
dllhost.exe
digsby.exe
digsby.exe
communicator.exe
communicator.exe
crazy browser.exe
crazy browser.exe
ctfmon.exe
ctfmon.exe
chrome.exe
chrome.exe
bttray.exe
bttray.exe
babylon.exe
babylon.exe
ati2evxx.exe
ati2evxx.exe
aolsoftware.exe
aolsoftware.exe
admunch64.exe
admunch64.exe
admunch.exe
admunch.exe
adblock.exe
adblock.exe
acrotray.exe
acrotray.exe
acrord32.exe
acrord32.exe
acrodist.exe
acrodist.exe
acrobat.exe
acrobat.exe
verclsid.exe
verclsid.exe
wrbar.exe
wrbar.exe
WRSyncManager.exe
WRSyncManager.exe
wrinstall.exe
wrinstall.exe
snippingtool.exe
snippingtool.exe
Portugu
Portugu
s (Brazilian Portuguese)
s (Brazilian Portuguese)
Ftaskmgr.exe
Ftaskmgr.exe
csrss.exe
csrss.exe
"%s" %s
"%s" %s
"%s" %S
"%s" %S
HKEY_USERS
HKEY_USERS
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
%s\%s
%s\%s
%c:\%s
%c:\%s
%s:%i
%s:%i
msiexec
msiexec
%drivers%
%drivers%
*\windows\system32\drivers\*
*\windows\system32\drivers\*
%fonts%
%fonts%
*\windows\fonts\*
*\windows\fonts\*
%%restore%%\%s
%%restore%%\%s
\\?hostname?\?share?\%s
\\?hostname?\?share?\%s
%%winsxs%%\%s
%%winsxs%%\%s
c:\windows/
c:\windows/
windows\system32/
windows\system32/
Webroot
Webroot
WRusr.dll
WRusr.dll
\\.\%c:
\\.\%c:
Windows\System32\windbg48.sys
Windows\System32\windbg48.sys
m0rpheus.tpl
m0rpheus.tpl
%SystemRoot%\System32\svchost.exe
%SystemRoot%\System32\svchost.exe
mscoree.dll
mscoree.dll
%S(%s)
%S(%s)
tcpip
tcpip
.net clr
.net clr
%S(%s\%s\, %s)
%S(%s\%s\, %s)
%S(HKLM\Software\Classes\%s\, %s)
%S(HKLM\Software\Classes\%s\, %s)
%S(%s\%s\)
%S(%s\%s\)
%S(%s\Software\Classes\%s\)
%S(%s\Software\Classes\%s\)
%S(%s\%s\%s)
%S(%s\%s\%s)
/scanfile="%s"
/scanfile="%s"
%s\sfc.exe
%s\sfc.exe
Writing MBR> New Data: [%S]
Writing MBR> New Data: [%S]
Executing Command> %s
Executing Command> %s
Terminating Module Parent> %i - %s
Terminating Module Parent> %i - %s
Closing Handle> %i - PID: %i - %s
Closing Handle> %i - PID: %i - %s
Renaming Registry Key> %s\%s to %s\%s
Renaming Registry Key> %s\%s to %s\%s
Deleting File> %s
Deleting File> %s
Writing Registry Value> %s\%s - %s
Writing Registry Value> %s\%s - %s
Writing File Data> %s - [New Data: %s]
Writing File Data> %s - [New Data: %s]
Deleting Directory> %s
Deleting Directory> %s
Deleting Registry Value> %s\%s - %s
Deleting Registry Value> %s\%s - %s
Deleting Registry Key> %s\%s
Deleting Registry Key> %s\%s
Fixing LSP> %S
Fixing LSP> %S
Core Component> Un-patching file [%s] - New Size: %i bytes
Core Component> Un-patching file [%s] - New Size: %i bytes
Copying File> %s to %s
Copying File> %s to %s
Terminating Process> %i - %s
Terminating Process> %i - %s
Stopping Service> %s
Stopping Service> %s
Deleting Service> %s
Deleting Service> %s
Starting Routine> %s...
Starting Routine> %s...
\\.\pipe\WRSynUM2
\\.\pipe\WRSynUM2
\\.\WRSYNAPSE
\\.\WRSYNAPSE
\temporary asp.net files\
\temporary asp.net files\
\opera\temporary_downloads\
\opera\temporary_downloads\
\microsoft.net\framework\
\microsoft.net\framework\
\$recycle.bin\S-
\$recycle.bin\S-
mbam.exe
mbam.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncExcl
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncExcl
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncGreen
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncGreen
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncYellow
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncYellow
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncRed
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncRed
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32
%s\Symantec\
%s\Symantec\
%s\Common Files\Symantec Shared\
%s\Common Files\Symantec Shared\
%s\Symantec.cloud\
%s\Symantec.cloud\
\\.\pipe\
\\.\pipe\
wmiprvse.exe
wmiprvse.exe
\Slow.pvx
\Slow.pvx
\Slowusr.pvx
\Slowusr.pvx
%i %s
%i %s
%s %S - %i%%, %i %s)
%s %S - %i%%, %i %s)
%s - %s
%s - %s
hXXps://*
hXXps://*
hXXp://*
hXXp://*
%ProgramFiles%\Webroot\WRSA.exe
%ProgramFiles%\Webroot\WRSA.exe
%S - %s
%S - %s
InstallLogo.bmp
InstallLogo.bmp
\\?\%c:
\\?\%c:
%i %s, %i %s
%i %s, %i %s
%i %s,
%i %s,
s\\.\PhysicalDrive%i
s\\.\PhysicalDrive%i
[%C] %s
[%C] %s
[%C] %s [MD5: %S] [Flags: X.%i]
[%C] %s [MD5: %S] [Flags: X.%i]
[%C] %s [MD5: %S] [Flags: X.%i] [Threat: %S]
[%C] %s [MD5: %S] [Flags: X.%i] [Threat: %S]
[%S] - CPU: %i%%, Physical Memory: %i%%, Virtual Memory: %i%%, Page File: %i%%, Processes: %i
[%S] - CPU: %i%%, Physical Memory: %i%%, Virtual Memory: %i%%, Page File: %i%%, Processes: %i
res%i.db
res%i.db
-%i-%i.tmp
-%i-%i.tmp
bcdedit.exe
bcdedit.exe
autorun.inf
autorun.inf
\services.exe
\services.exe
\drivers\pciide.sys
\drivers\pciide.sys
\drivers\smbe.sys
\drivers\smbe.sys
\drivers\eubkmon.sys
\drivers\eubkmon.sys
\drivers\acpi.sys
\drivers\acpi.sys
\drivers\wdf01000.sys
\drivers\wdf01000.sys
\drivers\cdrom.sys
\drivers\cdrom.sys
\drivers\serial.sys
\drivers\serial.sys
\drivers\ipsec.sys
\drivers\ipsec.sys
\drivers\tcpip.sys
\drivers\tcpip.sys
\drivers\afd.sys
\drivers\afd.sys
\drivers\rdbss.sys
\drivers\rdbss.sys
\drivers\mrxsmb.sys
\drivers\mrxsmb.sys
\drivers\netbt.sys
\drivers\netbt.sys
\microsoft.net\
\microsoft.net\
.crdownload
.crdownload
.partial
.partial
\windows\installer\
\windows\installer\
\config.msi\
\config.msi\
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
{98C3BECF-DD5F-44D2-8EF3-
{98C3BECF-DD5F-44D2-8EF3-
rundll32.exe
rundll32.exe
http*://
http*://
hXXp://VVV.
hXXp://VVV.
opera
opera
%S(%s, %.*S)
%S(%s, %.*S)
%S(%s, %s)
%S(%s, %s)
%S(%s, 0x%S)
%S(%s, 0x%S)
Temp\%.*S-%S-%.*S.WR
Temp\%.*S-%S-%.*S.WR
\\.\pipe\WRSVCPipe
\\.\pipe\WRSVCPipe
%S(%i)
%S(%i)
desktop.ini
desktop.ini
%s %s %s
%s %s %s
%i (%s %s)
%i (%s %s)
%s: %s
%s: %s
PKG\WRSyncManager.exe
PKG\WRSyncManager.exe
PKG\files_zh_cn_qt.qm
PKG\files_zh_cn_qt.qm
PKG\files_zh_cn.qm
PKG\files_zh_cn.qm
PKG\files_de_de_qt.qm
PKG\files_de_de_qt.qm
PKG\files_de_de.qm
PKG\files_de_de.qm
PKG\files_es_es_qt.qm
PKG\files_es_es_qt.qm
PKG\files_es_es.qm
PKG\files_es_es.qm
PKG\files_ja_jp_qt.qm
PKG\files_ja_jp_qt.qm
PKG\files_ja_jp.qm
PKG\files_ja_jp.qm
PKG\files_en_us_qt.qm
PKG\files_en_us_qt.qm
PKG\files_en_us.qm
PKG\files_en_us.qm
PKG\WRBar.dll
PKG\WRBar.dll
%s (%s)
%s (%s)
*.mpeg, *.avi, *.mp4
*.mpeg, *.avi, *.mp4
*.mp3, *.m4a
*.mp3, *.m4a
*.jpg, *.jpeg, *.png
*.jpg, *.jpeg, *.png
*.xls, *.xlsx
*.xls, *.xlsx
*.doc, *.docx
*.doc, *.docx
%s (%S)
%s (%S)
%s - %S
%s - %S
%s\Administrator
%s\Administrator
%C:%s
%C:%s
A:\%s
A:\%s
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
WRHTTP
WRHTTP
dst%2S.db
dst%2S.db
Chrome
Chrome
Opera
Opera
Software\Mozilla\Mozilla Firefox
Software\Mozilla\Mozilla Firefox
http\shell\open\command
http\shell\open\command
Software\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
&OLDLIC=%s
&OLDLIC=%s
hXXp://products.webroot.com/disp2012/?CMD=P40IPM&LIC=%S&LANG=%S&email=%s&optin=%S&DeviceMID=%S&InstanceMID=%S
hXXp://products.webroot.com/disp2012/?CMD=P40IPM&LIC=%S&LANG=%S&email=%s&optin=%S&DeviceMID=%S&InstanceMID=%S
partnerno=%S&MIDHEX=%S&datelogged=%S&Lastinfected=%S&Currentbads=%i&highbads=%i&mediumbads=%i&Lowbads=%i&identifynownowvalue=%S
partnerno=%S&MIDHEX=%S&datelogged=%S&Lastinfected=%S&Currentbads=%i&highbads=%i&mediumbads=%i&Lowbads=%i&identifynownowvalue=%S
I%S(%s\%s\%s, %s)
I%S(%s\%s\%s, %s)
%S(%s\%s\%s, %s%s%s)
%S(%s\%s\%s, %s%s%s)
%S(%s, 0)
%S(%s, 0)
%s\drivers\%s.sys
%s\drivers\%s.sys
%s\2i
%s\2i
Pipe
Pipe
%s\%s\%i
%s\%s\%i
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
dow.lac
dow.lac
centro.txt
centro.txt
1.pac
1.pac
AutoConfigUrl
AutoConfigUrl
hXXp://
hXXp://
Software\classes\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command
Software\classes\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
ekrn.exe
ekrn.exe
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -safe-mode
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -safe-mode
firefox.exe\shell\safemode\command
firefox.exe\shell\safemode\command
firefox.exe\shell\open\command
firefox.exe\shell\open\command
iexplore.exe\shell\open\command
iexplore.exe\shell\open\command
\WRSYNAPSEPORT
\WRSYNAPSEPORT
%s\%s.lnk
%s\%s.lnk
%s\%s\%s.lnk
%s\%s\%s.lnk
%s\%s\%s\%s.lnk
%s\%s\%s\%s.lnk
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}
{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}
{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}
{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}
{C14874EA-ACE4-4A47-8A81-18C4D1C40868}
{C14874EA-ACE4-4A47-8A81-18C4D1C40868}
{1914B27A-33C8-46F8-A1C2-F993268D4564}
{1914B27A-33C8-46F8-A1C2-F993268D4564}
{69D72956-317C-44bd-B369-8E44D4EF9802}
{69D72956-317C-44bd-B369-8E44D4EF9802}
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
"%S%s" %S%S
"%S%s" %S%S
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
XXX.tmp
XXX.tmp
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Uninstall\Webroot Software
Software\Microsoft\Windows\CurrentVersion\Uninstall\Webroot Software
\Webroot\Security\Current\Products\WISE
\Webroot\Security\Current\Products\WISE
\Webroot\Security\Current\Products\WAV
\Webroot\Security\Current\Products\WAV
\Webroot\Security\Current\Products\WISC
\Webroot\Security\Current\Products\WISC
rSoftware\Web Filtering
rSoftware\Web Filtering
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
5db%i.db
5db%i.db
System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
%s %S %S
%s %S %S
dbo%i-e.db
dbo%i-e.db
dbo%i-%I64X.db
dbo%i-%I64X.db
dbm%i.db
dbm%i.db
tPKG\WRBar.exe
tPKG\WRBar.exe
PKG\LPBar.dll
PKG\LPBar.dll
%s\wrSync%i.dat
%s\wrSync%i.dat
%s\icon%i.ico
%s\icon%i.ico
t%s_%i
t%s_%i
%s %s %S - %s
%s %s %S - %s
%s %s %s %S - %s
%s %s %s %S - %s
%S?LANG=%S
%S?LANG=%S
%s\Webroot\Spy Sweeper\install.dat
%s\Webroot\Spy Sweeper\install.dat
Software\Webroot\Install
Software\Webroot\Install
notepad.exe
notepad.exe
hXXp://VVV.webroot.com
hXXp://VVV.webroot.com
%S %S
%S %S
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
%s %i:00 %s %s
%s %i:00 %s %s
*.exe
*.exe
%s %i %s
%s %i %s
WRSA.exe
WRSA.exe
%i:i %s
%i:i %s
SystemCleaner.log
SystemCleaner.log
%s\SecureAnywhere Console.lnk
%s\SecureAnywhere Console.lnk
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
UMTX-%s
UMTX-%s
CURRENT_USER\%s
CURRENT_USER\%s
MACHINE\%s
MACHINE\%s
\explorer.exe
\explorer.exe
%s\sysnative
%s\sysnative
%s\WRData
%s\WRData
%s - [%S] %i files scanned, %i %s found in %s
%s - [%S] %i files scanned, %i %s found in %s
si3112r.sys
si3112r.sys
atmdlc.sys
atmdlc.sys
C:\$MBR.1
C:\$MBR.1
\??\%c:\
\??\%c:\
%S(%s\%s\%s\)
%S(%s\%s\%s\)
%System%\webcheck.dll
%System%\webcheck.dll
rundll32 shell32,Control_RunDLL "sysdm.cpl"
rundll32 shell32,Control_RunDLL "sysdm.cpl"
logonui.exe
logonui.exe
userinit.exe,
userinit.exe,
%S(%s\%.*s\, %I64X)
%S(%s\%.*s\, %I64X)
W%S(%s\%.*s, %I64X-%I64X)
W%S(%s\%.*s, %I64X-%I64X)
%S(%s\%.*s\)
%S(%s\%.*s\)
%S(%s\%.*s\%.*s)
%S(%s\%.*s\%.*s)
%S(%s\%.*s, %.*s)
%S(%s\%.*s, %.*s)
%S(%I64X, %I64X)
%S(%I64X, %I64X)
_reg.tmp
_reg.tmp
%UserProfile%\Local Settings\Application Data
%UserProfile%\Local Settings\Application Data
%UserProfile%
%UserProfile%
hXXp://twitter.com/*
hXXp://twitter.com/*
hXXp://VVV.facebook.com/*
hXXp://VVV.facebook.com/*
Generating license key... (less than two minutes remaining)
Generating license key... (less than two minutes remaining)
Building your SecureAnywhere web console... (less than one minute remaining)
Building your SecureAnywhere web console... (less than one minute remaining)
Preparing the web console for first time use... (less than one minute remaining)
Preparing the web console for first time use... (less than one minute remaining)
Finalizing your SecureAnywhere web console... (less than 10 seconds remaining)
Finalizing your SecureAnywhere web console... (less than 10 seconds remaining)
SysAnalyzerLog-%S.log
SysAnalyzerLog-%S.log
%s (%i bytes)
%s (%i bytes)
%S(%s, %S)
%S(%s, %S)
%S(Removing %s...#(PX5: %S - MD5: %S))
%S(Removing %s...#(PX5: %S - MD5: %S))
TcpTimedWaitDelay
TcpTimedWaitDelay
MaxUserPort
MaxUserPort
TcpNumConnections
TcpNumConnections
ActiveProcesses.log
ActiveProcesses.log
webdrive
webdrive
\Dell Support Center\
\Dell Support Center\
;"%s"
;"%s"
WR.mof
WR.mof
wbem\mofcomp.exe
wbem\mofcomp.exe
%S - Removing %s
%S - Removing %s
%S - Removing %s - %s
%S - Removing %s - %s
%S - Removing %s - %i bytes
%S - Removing %s - %i bytes
%s\%i.bat
%s\%i.bat
WRTemp_%i_X
WRTemp_%i_X
%s\WR%i.exe
%s\WR%i.exe
libAllegro.dll
libAllegro.dll
Lang.dat
Lang.dat
dbq.db
dbq.db
5WRupdate%i.exe
5WRupdate%i.exe
%s\%S.html
%s\%S.html
%s\%S.bmp
%s\%S.bmp
Duration: %s
Duration: %s
%S (Hostname: %S - Local IP: %S)
%S (Hostname: %S - Local IP: %S)
Scan Started: %S
Scan Started: %S
%s/%s
%s/%s
%s\System\CurrentControlSet\Enum\ROOT\LEGACY_%s\0000
%s\System\CurrentControlSet\Enum\ROOT\LEGACY_%s\0000
%s\Services\%s
%s\Services\%s
Embedded Web Browser from: hXXp://bsalsa.com/
Embedded Web Browser from: hXXp://bsalsa.com/
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Classes\.exe\shell
Software\Classes\.exe\shell
Software\Policies\Microsoft\Windows\System
Software\Policies\Microsoft\Windows\System
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
System\CurrentControlSet\Services\Tcpip\Parameters
System\CurrentControlSet\Services\Tcpip\Parameters
%S(Removing rootkits - Please wait...#)
%S(Removing rootkits - Please wait...#)
Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
SavUI.exe
SavUI.exe
SymCorpUI.exe
SymCorpUI.exe
DoScan.EXE
DoScan.EXE
SNAC.EXE
SNAC.EXE
Rtvscan.exe
Rtvscan.exe
DefWatch.exe
DefWatch.exe
ccSvcHst.exe
ccSvcHst.exe
SmcGui.exe
SmcGui.exe
Smc.exe
Smc.exe
SemSvc.exe
SemSvc.exe
dbsrv9.exe
dbsrv9.exe
CCApp.exe
CCApp.exe
vptray.exe
vptray.exe
AMSadmin.exe
AMSadmin.exe
VPC32.exe
VPC32.exe
NMain.exe
NMain.exe
Msiexec.exe
Msiexec.exe
"%s\installTeefer.exe" -u -l2 -f "\install.log"
"%s\installTeefer.exe" -u -l2 -f "\install.log"
Microsoft.VC90.CRT.manifest
Microsoft.VC90.CRT.manifest
msvcr90.dll
msvcr90.dll
msvcp90.dll
msvcp90.dll
%s\temp
%s\temp
%s\checksum.exe
%s\checksum.exe
%s\temp\tmpremove.exe
%s\temp\tmpremove.exe
dbp.db
dbp.db
Webroot\Sync
Webroot\Sync
This removal tool only supports Windows XP.
This removal tool only supports Windows XP.
PKG\WebrootShellExt.dll
PKG\WebrootShellExt.dll
\AGENTCOMMANDS.txt
\AGENTCOMMANDS.txt
Software\Classes\CLSID\%s\%s
Software\Classes\CLSID\%s\%s
%s\shell\open\command
%s\shell\open\command
%S\%s
%S\%s
%s\prefetch
%s\prefetch
%SYSTEMDRIVE%\RECYCLER
%SYSTEMDRIVE%\RECYCLER
%SYSTEMDRIVE%
%SYSTEMDRIVE%
~tmp.hiv
~tmp.hiv
%s\temp\WR-X.tmp
%s\temp\WR-X.tmp
%s\Start Menu\Programs\Startup
%s\Start Menu\Programs\Startup
WSATemp.exe
WSATemp.exe
dbn.db
dbn.db
%s-%i
%s-%i
*.log
*.log
lwrSync.dll
lwrSync.dll
PxPlugin.dll
PxPlugin.dll
A file was in use during the cleanup operation and could not be cleaned. A reboot is required to fully remove this file.
A file was in use during the cleanup operation and could not be cleaned. A reboot is required to fully remove this file.
PKG.tmp
PKG.tmp
Software\Google\Chrome
Software\Google\Chrome
ace%i.db
ace%i.db
Win32.%S %s
Win32.%S %s
\%s%s
\%s%s
NetworkEvents.log
NetworkEvents.log
WRLog.log
WRLog.log
WEH-Tcp
WEH-Tcp
RDP-Tcp
RDP-Tcp
WRrem%i.exe
WRrem%i.exe
&CNTID=%S&SNUM=%S&CType=%S
&CNTID=%S&SNUM=%S&CType=%S
&%S=%S
&%S=%S
hXXp://%S?%S=%S%S&%S=%S&%S=%S&%S=%S&LANG=%S&VER=%i%i%i%i
hXXp://%S?%S=%S%S&%S=%S&%S=%S&%S=%S&LANG=%S&VER=%i%i%i%i
%S?UPD=%S&LANG=%S
%S?UPD=%S&LANG=%S
To ensure the highest quality experience with SecureAnywhere, we recommend contacting our Support and Sales team to assist with your deployment. Would you like to contact them now?
To ensure the highest quality experience with SecureAnywhere, we recommend contacting our Support and Sales team to assist with your deployment. Would you like to contact them now?
Opening your web console...
Opening your web console...
Your web console has been created and you can now easily deploy SecureAnywhere to other PCs and centrally manage configuration policies without needing any extra hardware.
Your web console has been created and you can now easily deploy SecureAnywhere to other PCs and centrally manage configuration policies without needing any extra hardware.
Log-in to your Web Console
Log-in to your Web Console
SecureAnywhere Endpoint Protection provides an easy to use, web-based console to manage the security of all of the devices in your organization.
SecureAnywhere Endpoint Protection provides an easy to use, web-based console to manage the security of all of the devices in your organization.
By clicking Agree and Begin, you accept the terms of the Webroot software license agreement.
By clicking Agree and Begin, you accept the terms of the Webroot software license agreement.
rtmp%d
rtmp%d
\\.\DISPLAY
\\.\DISPLAY
\Windows\explorer.exe
\Windows\explorer.exe
\Device\Tcp
\Device\Tcp
\Device\Udp
\Device\Udp
\Device\NamedPipe
\Device\NamedPipe
\System32\spoolsv.exe
\System32\spoolsv.exe
\System32\services.exe
\System32\services.exe
\System32\winlogon.exe
\System32\winlogon.exe
\System32\lsass.exe
\System32\lsass.exe
\System32\svchost.exe
\System32\svchost.exe
\System32\lsm.exe
\System32\lsm.exe
\System32\csrss.exe
\System32\csrss.exe
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
WRkrn.sys
WRkrn.sys
(c) Webroot 2006-2012
(c) Webroot 2006-2012
user32.dll
user32.dll
shdocvw.dll
shdocvw.dll
ieframe.dll
ieframe.dll
rpcrt4.dll
rpcrt4.dll
WINDOW: %s - %s
WINDOW: %s - %s
ShXXps://
ShXXps://
tmpremove.exe
tmpremove.exe
smc.exe
smc.exe
msctf.dll
msctf.dll
browseui.dll
browseui.dll
dwmapi.dll
dwmapi.dll
uxtheme.dll
uxtheme.dll
"%s" %S"%s"
"%s" %S"%s"
hXXps://VVV.webroot.com
hXXps://VVV.webroot.com
eSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
eSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
RapportKE64
RapportKE64
RapportKELL
RapportKELL
wsock32.dll
wsock32.dll
%s\%s\%s\%s
%s\%s\%s\%s
wrSync4.dat
wrSync4.dat
wrSync3.dat
wrSync3.dat
wrSync2.dat
wrSync2.dat
wrSync1.dat
wrSync1.dat
Webr
Webr
WRSA.exe_2008_rwx_01001000_00205000:
SUPPORTHOME
SUPPORTHOME
WEBROOTHOME
WEBROOTHOME
SUPPORT
SUPPORT
/exeshowaddremove
/exeshowaddremove
-proxyport=
-proxyport=
-proxypass=
-proxypass=
-key=
-key=
/key=
/key=
DlExec
DlExec
TempKeycode
TempKeycode
ChangeKeyCode
ChangeKeyCode
virusscan.jotti.org
virusscan.jotti.org
VVV.virustotal.com
VVV.virustotal.com
sophos.com
sophos.com
grisoft.com
grisoft.com
pandasoftware.com
pandasoftware.com
trendmicro.com
trendmicro.com
virustotal.com
virustotal.com
f-secure.com
f-secure.com
kaspersky.com
kaspersky.com
mcafee.com
mcafee.com
webroot.com symantec.com
webroot.com symantec.com
webrootanywhere.com
webrootanywhere.com
webrootcloudav.com
webrootcloudav.com
prevxinfo.com
prevxinfo.com
prevx.com
prevx.com
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
hXXp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
hXXp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
hXXp://VVV.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
scrnsave.scr
scrnsave.scr
res://ieframe.dll/securityatrisk.htm
res://ieframe.dll/securityatrisk.htm
res://ieframe.dll/repost.htm
res://ieframe.dll/repost.htm
res://ieframe.dll/offcancl.htm
res://ieframe.dll/offcancl.htm
res://ieframe.dll/noaddoninfo.htm
res://ieframe.dll/noaddoninfo.htm
res://ieframe.dll/noaddon.htm
res://ieframe.dll/noaddon.htm
res://ieframe.dll/inprivate.htm
res://ieframe.dll/inprivate.htm
res://ieframe.dll/navcancl.htm
res://ieframe.dll/navcancl.htm
res://mshtml.dll/blank.htm
res://mshtml.dll/blank.htm
C:\Windows\system32\blank.htm
C:\Windows\system32\blank.htm
hXXp://go.microsoft.com/fwlink/?LinkId=54896
hXXp://go.microsoft.com/fwlink/?LinkId=54896
hXXp://go.microsoft.com/fwlink/?LinkId=69157
hXXp://go.microsoft.com/fwlink/?LinkId=69157
BURLT
BURLT
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\CurrentVersion\App Paths
Terminal Server Client\TransportExtensions
Terminal Server Client\TransportExtensions
Ole\AppCompat\ActivationSecurityCheckExemptionList
Ole\AppCompat\ActivationSecurityCheckExemptionList
.html
.html
UrlSearchHooks
UrlSearchHooks
Extensions\CmdMapping
Extensions\CmdMapping
Keyboard Layouts
Keyboard Layouts
Userinstallable.drivers
Userinstallable.drivers
LoginScript
LoginScript
rdpwd\Tds\tcp
rdpwd\Tds\tcp
Cmdline
Cmdline
SetupExecute
SetupExecute
Image File Execution Options
Image File Execution Options
wowcmdline
wowcmdline
cmdline
cmdline
Windows
Windows
SCRNSAVE.EXE
SCRNSAVE.EXE
KeyFileName
KeyFileName
Explorer\ShellExecuteHooks
Explorer\ShellExecuteHooks
PendingFileRenameOperations
PendingFileRenameOperations
FileRenameOperations
FileRenameOperations
BootExecute
BootExecute
Software\Policies\Microsoft\Windows\System\Scripts
Software\Policies\Microsoft\Windows\System\Scripts
AppCertDlls
AppCertDlls
DefaultPassword
DefaultPassword
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
$$^^URL
$$^^URL
ProxyPort
ProxyPort
ProxyPassword
ProxyPassword
UninstallKey
UninstallKey
websec
websec
UPDATEURL
UPDATEURL
ERRURL
ERRURL
URLSTR
URLSTR
URLFILEUPLOAD
URLFILEUPLOAD
URLINBOUND
URLINBOUND
URLSLAP
URLSLAP
hXXp://webcache.google
hXXp://webcache.google
hXXp://developers.facebook.com
hXXp://developers.facebook.com
hXXp://static.ak.fbcdn.net
hXXp://static.ak.fbcdn.net
hXXp://VVV.facebook.com
hXXp://VVV.facebook.com
video.ak.fbcdn.net
video.ak.fbcdn.net
VVV.facebook.com
VVV.facebook.com
driver.cab
driver.cab
sp1.cab
sp1.cab
sp2.cab
sp2.cab
sp3.cab
sp3.cab
A suspicious file was detected: %S - %s - X
A suspicious file was detected: %S - %s - X
Applied unique machine ID: X
Applied unique machine ID: X
In-memory infection identified: %S
In-memory infection identified: %S
Configuration Saved: %s
Configuration Saved: %s
Removed invalid LSP chain entry: %S
Removed invalid LSP chain entry: %S
Connected to %s
Connected to %s
Monitoring process %S [%s]. Type: %i (%i)
Monitoring process %S [%s]. Type: %i (%i)
End passive write scan (%i file(s))
End passive write scan (%i file(s))
Begin passive write scan (%i file(s))
Begin passive write scan (%i file(s))
Saved the product log to %S
Saved the product log to %S
Rule Overridden: MD5: %s, Size: %i bytes, ID: X, Result: %i
Rule Overridden: MD5: %s, Size: %i bytes, ID: X, Result: %i
Website determination changed: %S [Level: X] [Type: X]
Website determination changed: %S [Level: X] [Type: X]
>>> Service started [%s]
>>> Service started [%s]
SLevel updated to %s
SLevel updated to %s
Applied license key: %s
Applied license key: %s
Executed cleanup script: %S
Executed cleanup script: %S
Submitted file at user request: %S
Submitted file at user request: %S
Updating from %S
Updating from %S
Scan Results: Files Scanned: %i, Duration: %S, Malicious Files: %i
Scan Results: Files Scanned: %i, Duration: %S, Malicious Files: %i
Scan Started: %S [ID: %i - Flags: %i/%i]
Scan Started: %S [ID: %i - Flags: %i/%i]
Configuration imported from %S
Configuration imported from %S
Configuration exported to %S
Configuration exported to %S
Cleanup tool %i executed
Cleanup tool %i executed
Determination flags modified: %S - MD5: %s, Size: %i bytes, Flags: X
Determination flags modified: %S - MD5: %s, Size: %i bytes, Flags: X
Blocked process from accessing protected data: %S [Type: %i]
Blocked process from accessing protected data: %S [Type: %i]
Closed network connection: [X.%i - X.%i]
Closed network connection: [X.%i - X.%i]
Blocked process from connecting to the Internet: %S [MD5: %s]
Blocked process from connecting to the Internet: %S [MD5: %s]
Infection found in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
Infection found in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
File blocked in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
File blocked in realtime: %S [MD5: %s, Size: %i bytes] [%i/X] [%s]
Blocked website: %s
Blocked website: %s
Rolled back infection: %S
Rolled back infection: %S
Infection detected: %S [MD5: %s] [%i/X] [%s]
Infection detected: %S [MD5: %s] [%i/X] [%s]
Installation successfully completed (%s/%s)
Installation successfully completed (%s/%s)
GetWindowsDirectoryA
GetWindowsDirectoryA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CallNamedPipeW
CallNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
GetNamedPipeClientProcessId
GetNamedPipeClientProcessId
CreateIoCompletionPort
CreateIoCompletionPort
%m/%d %I:%M %p
%m/%d %I:%M %p
%d/%m %I:%M %p
%d/%m %I:%M %p
127.0.0.1
127.0.0.1
_CorExeMain
_CorExeMain
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.3
g%i.p4.webrootcloudav.com/arm.asp
g%i.p4.webrootcloudav.com/arm.asp
000000000000000
000000000000000
Win32.Override.1
Win32.Override.1
Win32.LocalInfect.3
Win32.LocalInfect.3
Win32.LocalInfect.1
Win32.LocalInfect.1
Win32.AutoBlock.1
Win32.AutoBlock.1
Win32.UserAdded
Win32.UserAdded
Win32.RuleBlock.1
Win32.RuleBlock.1
Win32.Untrusted.1
Win32.Untrusted.1
Caution.Rootkit
Caution.Rootkit
Community.OuterEdge
Community.OuterEdge
Community.Heuristic
Community.Heuristic
Win32.LocalADS
Win32.LocalADS
Win32.LocalInfect.0
Win32.LocalInfect.0
Win32.LocalInfect.2
Win32.LocalInfect.2
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,MM=Y,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,MM=Y,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,LSysC:%I64X,TSysC:%I64X,
ScanSeq:%i,ScanType:%s,VM:%c,L:%s,LSysC:%I64X,TSysC:%I64X,
%commonfiles%
%commonfiles%
Êche%
Êche%
%cookies%
%cookies%
úvorites%
úvorites%
%documents%
%documents%
%start%
%start%
%startup%
%startup%
Þsktop%
Þsktop%
VVV.google.com
VVV.google.com
if exist "%s" goto d
if exist "%s" goto d
Nspr4Hook::hookerPrOpenTcpSocket
Nspr4Hook::hookerPrOpenTcpSocket
if exist "%s"
if exist "%s"
VVV.bing.com
VVV.bing.com
ru.brans.pl
ru.brans.pl
proxim.ircgalaxy.pl
proxim.ircgalaxy.pl
irc.zief.pl
irc.zief.pl
core.ircgalaxy.pl
core.ircgalaxy.pl
kernel32.dll
kernel32.dll
SLAPKEY
SLAPKEY
%s/arm.asp
%s/arm.asp
%s/aot.asp
%s/aot.asp
184.72.40.115
184.72.40.115
174.129.33.10
174.129.33.10
79.125.105.211
79.125.105.211
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
arm.asp
arm.asp
%Y-%m-%d %H:%M:%S.000
%Y-%m-%d %H:%M:%S.000
serverexecutable
serverexecutable
%s\wininit.ini
%s\wininit.ini
1%iX%s^%s
1%iX%s^%s
DEX%s^
DEX%s^
C0X%s^
C0X%s^
C1X%s^%s
C1X%s^%s
C2X%s^
C2X%s^
(%i %s)
(%i %s)
Removing all components... %c
Removing all components... %c
.pvxdtr
.pvxdtr
https
https
PACKED_EXE,
PACKED_EXE,
[Ovr=X*Age=%i*Pop=%i*Dir=%i*Adv=%i*],
[Ovr=X*Age=%i*Pop=%i*Dir=%i*Adv=%i*],
00000000000000000000
00000000000000000000
00000000
00000000
0000000000000000
0000000000000000
00000000000000
00000000000000
URLBlob
URLBlob
Start: X. End: X. Seq: X. DB: X. Install: X. Command: %s. Parameters: %s
Start: X. End: X. Seq: X. DB: X. Install: X. Command: %s. Parameters: %s
reg %s /f
reg %s /f
%x %x
%x %x
1.2.3
1.2.3
%m-%d
%m-%d
hXXp://
hXXp://
%2sX
%2sX
%2ss
%2ss
JOBHTTP
JOBHTTP
$$$01$$$
$$$01$$$
%S,%s,
%S,%s,
WSASME.EXE
WSASME.EXE
operating systems
operating systems
%C:\boot.ini
%C:\boot.ini
%s\%S
%s\%S
"%S\%s",SynProc %i
"%S\%s",SynProc %i
XXX
XXX
v8.0.1.233
v8.0.1.233
@.dll
@.dll
%S\%s.dll
%S\%s.dll
SetTcpEntry
SetTcpEntry
GetExtendedTcpTable
GetExtendedTcpTable
GetExtendedUdpTable
GetExtendedUdpTable
FilterConnectCommunicationPort
FilterConnectCommunicationPort
RegSaveKeyExW
RegSaveKeyExW
RegRestoreKeyW
RegRestoreKeyW
RegSaveKeyW
RegSaveKeyW
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegOpenKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyExA
RegSetKeySecurity
RegSetKeySecurity
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
CertOpenStore
CertOpenStore
CertCloseStore
CertCloseStore
CryptMsgClose
CryptMsgClose
CertFindCertificateInStore
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgGetParam
CertFreeCertificateContext
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
ExitWindowsEx
ExitWindowsEx
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
WinHttpConnect
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSendRequest
WinHttpOpen
WinHttpOpen
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpReadData
WinHttpReadData
WinHttpCloseHandle
WinHttpCloseHandle
winhttp
winhttp
CryptCATCatalogInfoFromContext
CryptCATCatalogInfoFromContext
msvcrt
msvcrt
OS=%i%i^OSLang=%i^OSFull=%s^AVV=%s^AVS=%s^AVA=%s^AVU=%s^IB=%S^IBV=%S^FWE=%s^
OS=%i%i^OSLang=%i^OSFull=%s^AVV=%s^AVS=%s^AVA=%s^AVU=%s^IB=%S^IBV=%S^FWE=%s^
%u%u%u
%u%u%u
PX%sMID3%sSRC
PX%sMID3%sSRC
MACX%s
MACX%s
(Build %d)
(Build %d)
%s (Build %d)
%s (Build %d)
Server 2008 WebServer
Server 2008 WebServer
Server 2003 Web Edition
Server 2003 Web Edition
Windows Version Unknown
Windows Version Unknown
Windows %s %s
Windows %s %s
Windows %s %s %s
Windows %s %s %s
-X
-X
HTTP/1.1 500
HTTP/1.1 500
Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\%s
{C27CCE38-8596-11D1-B16A-00C0F0283688}
{C27CCE38-8596-11D1-B16A-00C0F0283688}
{C1A8AF25-1257-101B-8FB0-0020AF039CA8}
{C1A8AF25-1257-101B-8FB0-0020AF039CA8}
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%i
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%i
20323:TCP
20323:TCP
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
14671:UDP
14671:UDP
c:\windows\explorer.exe
c:\windows\explorer.exe
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\PublicProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\StandardProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\DomainProfile\GloballyOpenPorts
System\CurrentControlSet\Services\SharedAccess\FirewallPolicy\DomainProfile\GloballyOpenPorts
Software\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST
Software\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST
Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86AEEA3A39CAF6F4D8D287BB7F4E228B
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86AEEA3A39CAF6F4D8D287BB7F4E228B
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
255.255.255.255
255.255.255.255
$$$04$$$
$$$04$$$
$$$03$$$
$$$03$$$
$$$02$$$
$$$02$$$
AntiVirusProduct.instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}"
AntiVirusProduct.instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}"
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --siluninstall -name=webroot --nostartmenu --noaddremove -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --siluninstall -name=webroot --nostartmenu --noaddremove -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --userinstallie --userinstallff -name=webroot --nostartmenu --noaddremove --installforallusers -j "%S\pkg" --disablenotes --disableidentities --disablevault --disablecontext --lpbarpath="%S\PKG\WRBar.dll" --lpbarpath64="%S\PKG\WRBar64.dll" -noshut
-ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --userinstallie --userinstallff -name=webroot --nostartmenu --noaddremove --installforallusers -j "%S\pkg" --disablenotes --disableidentities --disablevault --disablecontext --lpbarpath="%S\PKG\WRBar.dll" --lpbarpath64="%S\PKG\WRBar64.dll" -noshut
WRCLOUDALPHA.EXE
WRCLOUDALPHA.EXE
%s %s
%s %s
sShortDate
sShortDate
%a %Y-%m-%d %H:%M
%a %Y-%m-%d %H:%M
%a %d-%m-%Y %H:%M
%a %d-%m-%Y %H:%M
%a %Y-%m-%d %H:%M:%S
%a %Y-%m-%d %H:%M:%S
%a %d-%m-%Y %H:%M:%S
%a %d-%m-%Y %H:%M:%S
%s%I64XXXX
%s%I64XXXX
XXXXXXXXX%I64X
XXXXXXXXX%I64X
UpdateURL
UpdateURL
Software\Classes\winbio.winbiotools
Software\Classes\winbio.winbiotools
Software\Classes\Typelib\{130e4dce-ffac-15e3-5893-74950afeea4c}
Software\Classes\Typelib\{130e4dce-ffac-15e3-5893-74950afeea4c}
Software\Classes\Typelib\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Typelib\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Clsid\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Clsid\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Interface\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Interface\{86727a1a-8140-4cfa-abfa-1620398fcec5}
Software\Classes\Typelib\{8a4f328c-c9f4-4449-a0df-a756a6b52abf}
Software\Classes\Typelib\{8a4f328c-c9f4-4449-a0df-a756a6b52abf}
Software\Classes\bho.fffplayer.1
Software\Classes\bho.fffplayer.1
Software\Classes\bho.fffplayer
Software\Classes\bho.fffplayer
Software\Microsoft\Active Setup\Installed Components\{b00589a8-44cb-ba97-5de2-7c733bbee8ed}
Software\Microsoft\Active Setup\Installed Components\{b00589a8-44cb-ba97-5de2-7c733bbee8ed}
%s.i
%s.i
Win32.MalComponent
Win32.MalComponent
Win32.Corrupted
Win32.Corrupted
Software\Microsoft\Windows\CurrentVersion\Policies
Software\Microsoft\Windows\CurrentVersion\Policies
credssp.dll
credssp.dll
Software\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Windows\CurrentVersion\Policies\System
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\qmgr.dll
%SystemRoot%\System32\qmgr.dll
System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
%SystemRoot%\system32\ntmarta.dll
%SystemRoot%\system32\ntmarta.dll
%SystemRoot%\system32\notepad.exe %1
%SystemRoot%\system32\notepad.exe %1
Software\Classes\Applications\notepad.exe\shell\open\command
Software\Classes\Applications\notepad.exe\shell\open\command
System\CurrentControlSet\Control\Session Manager\AppCertDlls
System\CurrentControlSet\Control\Session Manager\AppCertDlls
Software\Microsoft\PCHealth\ErrorReporting
Software\Microsoft\PCHealth\ErrorReporting
DoReport
DoReport
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
WarnOnBadCertRecving
WarnOnBadCertRecving
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
Software\Policies\Microsoft\Windows NT\SystemRestore
Software\Policies\Microsoft\Windows NT\SystemRestore
%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
%SystemRoot%\system32\ntvdm.exe
%SystemRoot%\system32\ntvdm.exe
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows NT\CurrentVersion\Windows
comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
explorer.exe
explorer.exe
Software\Classes\.exe\shell\open\command
Software\Classes\.exe\shell\open\command
Software\Classes\exefile\shell\open\command
Software\Classes\exefile\shell\open\command
Software\Classes\.exe
Software\Classes\.exe
dontreportinfectioninformation
dontreportinfectioninformation
Windows\WindowsUpdate
Windows\WindowsUpdate
Windows\WindowsUpdate\AU\NoAutoUpdate
Windows\WindowsUpdate\AU\NoAutoUpdate
DisableCMD
DisableCMD
NoWindowsUpdate
NoWindowsUpdate
%windir%\system32\choice.exe /T 1 /N /D N /M Uninstalling...
%windir%\system32\choice.exe /T 1 /N /D N /M Uninstalling...
#pragma namespace("\\\\.\\root\\SecurityCenter")
#pragma namespace("\\\\.\\root\\SecurityCenter")
[Description("Webroot SecureAnywhere Security Center Integration"),Override("HostingModel")]
[Description("Webroot SecureAnywhere Security Center Integration"),Override("HostingModel")]
Name="AVClientInt.AVClientIntProvider";
Name="AVClientInt.AVClientIntProvider";
ClsId="{D486329C-1488-4CEB-9CC8-D662B732D904}";
ClsId="{D486329C-1488-4CEB-9CC8-D662B732D904}";
SupportsPut="FALSE";
SupportsPut="FALSE";
SupportsGet="TRUE";
SupportsGet="TRUE";
SupportsDelete="FALSE";
SupportsDelete="FALSE";
SupportsEnumeration="TRUE";
SupportsEnumeration="TRUE";
instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}";
instanceGuid="{D486329C-1488-4CEB-9CC8-D662B732D904}";
companyName="Webroot";
companyName="Webroot";
displayName="Webroot SecureAnywhere";
displayName="Webroot SecureAnywhere";
Microsoft\Office\%s\%s\%s\
Microsoft\Office\%s\%s\%s\
http://
http://
WSA_SA_Report-%s
WSA_SA_Report-%s
%a_%Y-%m-%d_%H-%M-%S
%a_%Y-%m-%d_%H-%M-%S
g1.p4.webrootcloudav.com/arm.asp
g1.p4.webrootcloudav.com/arm.asp
symsecureport
symsecureport
SQLANYs_sem5
SQLANYs_sem5
semwebsrv
semwebsrv
Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
memory.dmp
memory.dmp
Microsoft\Windows NT\CurrentVersion\Winlogon\altdefaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\altdefaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername
Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername
Microsoft\Windows\CurrentVersion\Explorer\Streams\
Microsoft\Windows\CurrentVersion\Explorer\Streams\
Microsoft\Windows\CurrentVersion\Explorer\DesktopStreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\DesktopStreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
msdownload.tmp\
msdownload.tmp\
Microsoft\Windows\Cookies\index.dat
Microsoft\Windows\Cookies\index.dat
Microsoft\Windows\Temporary Internet Files\index.dat
Microsoft\Windows\Temporary Internet Files\index.dat
Cookies\index.dat
Cookies\index.dat
Local Settings\Temporary Internet Files\Content.IE5\index.dat
Local Settings\Temporary Internet Files\Content.IE5\index.dat
Microsoft\Windows\IEDownloadHistory\index.dat
Microsoft\Windows\IEDownloadHistory\index.dat
Logs\IE9_NR_Setup.log
Logs\IE9_NR_Setup.log
IE9_Main.log
IE9_Main.log
IE9.log
IE9.log
IE8_Main.log
IE8_Main.log
IE8.log
IE8.log
IE7_Main.log
IE7_Main.log
IE7.log
IE7.log
IE Setup Log.txt
IE Setup Log.txt
Microsoft\Windows\History\
Microsoft\Windows\History\
Local Settings\Temporary Internet Files\Content.IE5\
Local Settings\Temporary Internet Files\Content.IE5\
Microsoft\Windows\Temporary Internet Files\
Microsoft\Windows\Temporary Internet Files\
Microsoft\Windows\Cookies\
Microsoft\Windows\Cookies\
Microsoft\Internet Explorer\TypedUrls\
Microsoft\Internet Explorer\TypedUrls\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\
Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery\
Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery\
Microsoft\Internet Explorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU\
Microsoft\Internet Explorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU\
Microsoft\InternetExplorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU\
Microsoft\InternetExplorer\ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Find\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Find\
Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Documents\Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Documents\Menu\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Documents\
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Documents\
Microsoft\Windows\Recent\
Microsoft\Windows\Recent\
$Recycle.bin\
$Recycle.bin\
Google\Chrome\User Data\Default\Cache\
Google\Chrome\User Data\Default\Cache\
Mozilla\Firefox\Profiles\
Mozilla\Firefox\Profiles\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install
P4REPORT
P4REPORT
%S\Driver Cache\i386
%S\Driver Cache\i386
%s,%i%i
%s,%i%i
8.0.1.233
8.0.1.233
%s %s%s
%s %s%s
%i-%i-%i-X-X.tmp
%i-%i-%i-X-X.tmp
%s %s%S %s
%s %s%S %s
Microsoft\Windows NT\CurrentVersion
Microsoft\Windows NT\CurrentVersion
\REGISTRY\User\%S
\REGISTRY\User\%S
Microsoft\Windows\CurrentVersion
Microsoft\Windows\CurrentVersion
IG=%s,
IG=%s,
hXXp://anywhere.webrootcloudav.com/zerol/pkgwiscaway.exe
hXXp://anywhere.webrootcloudav.com/zerol/pkgwiscaway.exe
detail.webrootanywhere.com/p4inbound.asp
detail.webrootanywhere.com/p4inbound.asp
hXXp://VVV.webrootanywhere.com/betaeula.asp
hXXp://VVV.webrootanywhere.com/betaeula.asp
*X
*X
%.*s(%d)%s
%.*s(%d)%s
=%%
=%%
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\WRSA.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\WRSA.pdb
O|SSSh
O|SSSh
SSSSh=
SSSSh=
tcSSSh
tcSSSh
SSSSh6
SSSSh6
SSSSh7
SSSSh7
PSSSh
PSSSh
(QPSSSSh,
(QPSSSSh,
SSSSh?
SSSSh?
PIQSSSh
PIQSSSh
RjEQSSSShE
RjEQSSSShE
SSSSh@
SSSSh@
RSSSSSSh
RSSSSSSh
KPjVSSSh
KPjVSSSh
QjfSSSh
QjfSSSh
SShaaa
SShaaa
}.VQR
}.VQR
PSSSSSSh
PSSSSSSh
>\u%f
>\u%f
K Pj.SV
K Pj.SV
SSSh8
SSSh8
O|SSSSh
O|SSSSh
jtSSSSh$
jtSSSSh$
SSh ;
SSh ;
tcPQ
tcPQ
SSSSh
SSSSh
S|Wj.WWh
S|Wj.WWh
jmj SSSh
jmj SSSh
N|Sj.SSh
N|Sj.SSh
jDSSSh
jDSSSh
jJj)SSSh
jJj)SSSh
N|Sj.SSj^jBSSSh
N|Sj.SSj^jBSSSh
SShDDD
SShDDD
SSSSjJj)SSSh
SSSSjJj)SSSh
W|Sj.SSj^jBSSSh
W|Sj.SSj^jBSSSh
V|Sj.SSj^jBSSSh
V|Sj.SSj^jBSSSh
t.SSSV
t.SSSV
zcÃ
zcÃ
Allow users to remove threats without a password
Allow users to remove threats without a password
Allow users to scan without a password
Allow users to scan without a password
This website is already being protected with SecureAnywhere Browser Protection. Remove it from the Browser Protection list to change its Website Filtering options.
This website is already being protected with SecureAnywhere Browser Protection. Remove it from the Browser Protection list to change its Website Filtering options.
This application is being actively protected against keyloggers, screen-grabbers, clipboard stealers, and other information-stealing threats.
This application is being actively protected against keyloggers, screen-grabbers, clipboard stealers, and other information-stealing threats.
Assess the intent of new programs before allowing them to execute
Assess the intent of new programs before allowing them to execute
Would you like to automatically import the settings that were used in your previous installation?
Would you like to automatically import the settings that were used in your previous installation?
Automatically block files when detected on execution
Automatically block files when detected on execution
Caution: Booting into Safe Mode may prevent access to encrypted hard drives. Ensure that you have all encryption keys available if you are using hard disk encryption so that your computer can boot properly. Do you want to continue?
Caution: Booting into Safe Mode may prevent access to encrypted hard drives. Ensure that you have all encryption keys available if you are using hard disk encryption so that your computer can boot properly. Do you want to continue?
Warn when new programs execute that are not trusted
Warn when new programs execute that are not trusted
Protect against keyloggers
Protect against keyloggers
Block phishing and known malicious websites
Block phishing and known malicious websites
Block suspicious access to browser windows
Block suspicious access to browser windows
The current operation cannot be aborted.
The current operation cannot be aborted.
SecureAnywhere was unable to remove threats automatically. Click "Contact Support" to contact our Support engineers.
SecureAnywhere was unable to remove threats automatically. Click "Contact Support" to contact our Support engineers.
Configuration for HTTP websites
Configuration for HTTP websites
Configuration for HTTPS websites
Configuration for HTTPS websites
Would you like SecureAnywhere to continue monitoring and alerting about the Windows Firewall?
Would you like SecureAnywhere to continue monitoring and alerting about the Windows Firewall?
Your keycode has been copied to the clipboard. You can now paste it into any application.
Your keycode has been copied to the clipboard. You can now paste it into any application.
The keycode could not be verified at this time. Ensure that SecureAnywhere is allowed to connect to the Internet and try again.
The keycode could not be verified at this time. Ensure that SecureAnywhere is allowed to connect to the Internet and try again.
Configuration settings could not be exported to the selected file.
Configuration settings could not be exported to the selected file.
Configuration settings could not be imported from the selected file.
Configuration settings could not be imported from the selected file.
SecureAnywhere has detected that the Windows Firewall is currently disabled. It is recommended that you enable the Windows Firewall to receive maximum protection. The firewall built into SecureAnywhere is fully compatible with the Windows Firewall and provides an additional layer of protection.||Would you like to enable the Windows Firewall now?
SecureAnywhere has detected that the Windows Firewall is currently disabled. It is recommended that you enable the Windows Firewall to receive maximum protection. The firewall built into SecureAnywhere is fully compatible with the Windows Firewall and provides an additional layer of protection.||Would you like to enable the Windows Firewall now?
Displaying %s events
Displaying %s events
Displaying %s process events
Displaying %s process events
Enable Password Protection
Enable Password Protection
Password protection is not currently enabled. Do you want to enable it now?
Password protection is not currently enabled. Do you want to enable it now?
Enable "right-click" scanning in Windows Explorer
Enable "right-click" scanning in Windows Explorer
Enter a valid keycode to continue.
Enter a valid keycode to continue.
First Exec - PID: %i
First Exec - PID: %i
A full keycode is required to add custom applications. Would you like to obtain one now?
A full keycode is required to add custom applications. Would you like to obtain one now?
Store Execution History details
Store Execution History details
Hide the SecureAnywhere keycode on-screen
Hide the SecureAnywhere keycode on-screen
SecureAnywhere has detected a modification to the HOSTS file, which may have been created by malicious software. The entry has the contents:||[%S]||Would you like SecureAnywhere to remove this entry?
SecureAnywhere has detected a modification to the HOSTS file, which may have been created by malicious software. The entry has the contents:||[%S]||Would you like SecureAnywhere to remove this entry?
HTTP Proxy
HTTP Proxy
Save non-executable file details to scan logs
Save non-executable file details to scan logs
Enter a valid keycode. If you continue to receive this message, contact SecureAnywhere Support.
Enter a valid keycode. If you continue to receive this message, contact SecureAnywhere Support.
I/O Operations
I/O Operations
A full keycode is required to increase the default security level. Would you like to obtain one now?
A full keycode is required to increase the default security level. Would you like to obtain one now?
A keycode is required to run a full system scan. Would you like to obtain one now?
A keycode is required to run a full system scan. Would you like to obtain one now?
Your SecureAnywhere keycode has been validated and activated. Your computer will now be rescanned to provide the most accurate protection.
Your SecureAnywhere keycode has been validated and activated. Your computer will now be rescanned to provide the most accurate protection.
Enter a keycode to continue.
Enter a keycode to continue.
Loading execution history process events...
Loading execution history process events...
The Execution History log is currently loading.
The Execution History log is currently loading.
Loading %s execution history events...
Loading %s execution history events...
Caution: Your current configuration settings may prevent access to SecureAnywhere. You may want to change your configuration settings now or use the command-line option "WRSA.exe -showgui" to show the SecureAnywhere interface if needed.
Caution: Your current configuration settings may prevent access to SecureAnywhere. You may want to change your configuration settings now or use the command-line option "WRSA.exe -showgui" to show the SecureAnywhere interface if needed.
Operate background functions using fewer CPU resources
Operate background functions using fewer CPU resources
This website is blocked because of a policy added by the user to prevent access.
This website is blocked because of a policy added by the user to prevent access.
This website has been trusted locally and visitation is not blocked.
This website has been trusted locally and visitation is not blocked.
Contact SecureAnywhere Support to upload files larger than 10MB.
Contact SecureAnywhere Support to upload files larger than 10MB.
Insert a keycode for SecureAnywhere.
Insert a keycode for SecureAnywhere.
Password
Password
This file is trying to access stored passwords
This file is trying to access stored passwords
The password entered was incorrect.
The password entered was incorrect.
Error: The entered passwords do not match.
Error: The entered passwords do not match.
PID %i active %s (CPU %s)
PID %i active %s (CPU %s)
PID %i active %s
PID %i active %s
%s (PID: %i) started by %s (PID: %i)
%s (PID: %i) started by %s (PID: %i)
%s (PID: %i) - (Parent PID: %i)
%s (PID: %i) - (Parent PID: %i)
Enter your password below to enter:
Enter your password below to enter:
Enter a password to enable protection.
Enter a password to enable protection.
Protect cookies and saved website data
Protect cookies and saved website data
An attempt to take a screenshot of your computer was detected. This screenshot may contain confidential information as a protected website is currently open. Do you want to allow this screenshot to continue?
An attempt to take a screenshot of your computer was detected. This screenshot may contain confidential information as a protected website is currently open. Do you want to allow this screenshot to continue?
Protect against URL grabbing attacks
Protect against URL grabbing attacks
Port
Port
Randomize the installed filename to bypass certain infections
Randomize the installed filename to bypass certain infections
Allow the process to execute other processes
Allow the process to execute other processes
Allow access to windows with a High integrity level
Allow access to windows with a High integrity level
Allow access to windows with a Medium integrity level
Allow access to windows with a Medium integrity level
Select a configuration file to import
Select a configuration file to import
Select a file to execute
Select a file to execute
Select where you would like to export the configuration:
Select where you would like to export the configuration:
Select a file to report to Webroot
Select a file to report to Webroot
Select a removal script to execute:
Select a removal script to execute:
Show SecureAnywhere in the Windows Action Center
Show SecureAnywhere in the Windows Action Center
Show the "Authenticating Files" popup when a new file is scanned on-execution
Show the "Authenticating Files" popup when a new file is scanned on-execution
Show SecureAnywhere in the Windows Security Center
Show SecureAnywhere in the Windows Security Center
Configuration successfully exported.
Configuration successfully exported.
Are you sure you want to visit this website? The contents could potentially compromise your identity or infect your computer.
Are you sure you want to visit this website? The contents could potentially compromise your identity or infect your computer.
Uninstall Webroot
Uninstall Webroot
Configuration saved. Close and re-open all open web browsers to update active protection.
Configuration saved. Close and re-open all open web browsers to update active protection.
Use the preconfigured policies for changing configuration settings for all websites.
Use the preconfigured policies for changing configuration settings for all websites.
This keycode is valid but has expired. Would you like to renew the keycode now?
This keycode is valid but has expired. Would you like to renew the keycode now?
Enter a valid, complete website name to configure.
Enter a valid, complete website name to configure.
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks
Verify websites when visited to determine legitimacy
Verify websites when visited to determine legitimacy
This website contains a known threat and has been blocked.
This website contains a known threat and has been blocked.
Contact Support
Contact Support
Website determination updated. Close your web browser and open the web page again or refresh the current page to continue browsing.
Website determination updated. Close your web browser and open the web page again or refresh the current page to continue browsing.
SecureAnywhere Scan Log (Version %S)~|Log saved at %S~|
SecureAnywhere Scan Log (Version %S)~|Log saved at %S~|
(User time: %s - Kernel time: %s)
(User time: %s - Kernel time: %s)
Cycles: %s
Cycles: %s
MD5: %S - Size: %i bytes
MD5: %S - Size: %i bytes
(PID: %i, TID: %i) %s registry entry: %s\%.*s
(PID: %i, TID: %i) %s registry entry: %s\%.*s
(PID: %i, TID: %i) %s file: %.*s
(PID: %i, TID: %i) %s file: %.*s
%s: PID - %i
%s: PID - %i
(PID: %i, TID: %i) %s process: %i - %s
(PID: %i, TID: %i) %s process: %i - %s
(PID: %i, TID: %i) %s named pipe: %.*s
(PID: %i, TID: %i) %s named pipe: %.*s
(PID: %i, TID: %i) %s module: %.*s
(PID: %i, TID: %i) %s module: %.*s
(PID: %i, TID: %i) %s code: %.*s (%S)
(PID: %i, TID: %i) %s code: %.*s (%S)
(PID: %i, TID: %i) %s IP %.*S
(PID: %i, TID: %i) %s IP %.*S
(PID: %i, TID: %i) %s Sector: %I64X - Length: %I64X
(PID: %i, TID: %i) %s Sector: %I64X - Length: %I64X
(PID: %i, TID: %i) %s URL: %.*S
(PID: %i, TID: %i) %s URL: %.*S
(PID: %i, TID: %i) %s service - %.*s - %.*s, (%i, %i)
(PID: %i, TID: %i) %s service - %.*s - %.*s, (%i, %i)
(PID: %i, TID: %i) %s mutex: %.*s
(PID: %i, TID: %i) %s mutex: %.*s
(PID: %i, TID: %i) Logging keystrokes
(PID: %i, TID: %i) Logging keystrokes
(PID: %i, TID: %i) Monitoring Windows events (%i)
(PID: %i, TID: %i) Monitoring Windows events (%i)
(PID: %i, TID: %i) %s section: %.*s
(PID: %i, TID: %i) %s section: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Registry Key: %.*s~|~|Value: %.*s~|Type: X~|New Data: %s~|~|Previous Data: %s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Registry Key: %.*s~|~|Value: %.*s~|Type: X~|New Data: %s~|~|Previous Data: %s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Original Filename: %.*s~|~|New Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Original Filename: %.*s~|~|New Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Target Process ID: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Target Process ID: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Module Name: %.*s~|Image Base: X~|Image Size: X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Module Name: %.*s~|Image Base: X~|Image Size: X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s~|Type: %S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Filename: %.*s~|Type: %S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Address: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Address: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Sector: %I64X~|Length: %I64X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Sector: %I64X~|Length: %I64X~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|URL: %.*S~|~|Bytes Transferred: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|URL: %.*S~|~|Bytes Transferred: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Caption: %.*S~|Contents: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Caption: %.*S~|Contents: %.*S~|
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Service Name: %.*s~|Binary Path: %.*s~|Type: %i~|Start Type: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Service Name: %.*s~|Binary Path: %.*s~|Type: %i~|Start Type: %i
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Mutex: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Mutex: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Windows Hook ID: %i~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Windows Hook ID: %i~|Filename: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Event Hook Minimum ID: X~|Event Hook Maximum ID: X
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Event Hook Minimum ID: X~|Event Hook Maximum ID: X
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Section: %.*s
Process ID: %i~|Thread ID: %i~|Event Type: %s~|Access: %s~|~|Section: %.*s
View the Webroot software license agreement
View the Webroot software license agreement
Webroot SecureAnywhere protects your computer from viruses, spyware, trojans, rootkits, and other malicious software.
Webroot SecureAnywhere protects your computer from viruses, spyware, trojans, rootkits, and other malicious software.
Enter your keycode to install and activate your software.
Enter your keycode to install and activate your software.
Help me find my keycode
Help me find my keycode
By clicking Agree and Install, you accept the terms of the Webroot software license agreement.
By clicking Agree and Install, you accept the terms of the Webroot software license agreement.
Want to learn more about Webroot?
Want to learn more about Webroot?
Help and Support
Help and Support
About Webroot SecureAnywhere
About Webroot SecureAnywhere
Login Theft Protection
Login Theft Protection
Protected Websites
Protected Websites
Websites on this list receive custom security to protect any information entered.
Websites on this list receive custom security to protect any information entered.
View/Edit Protected Websites
View/Edit Protected Websites
Password Required
Password Required
Web Threat Shield
Web Threat Shield
3. Close any open programs or web browsers (Recommended but not essential)
3. Close any open programs or web browsers (Recommended but not essential)
Reports
Reports
You may save a scan log, which Technical Support uses for diagnostics.
You may save a scan log, which Technical Support uses for diagnostics.
View an audit log of all monitored executed code. This allows you to manage running processes and identify potential problems quickly.
View an audit log of all monitored executed code. This allows you to manage running processes and identify potential problems quickly.
Not collecting execution history events
Not collecting execution history events
Password:
Password:
Repeat Password:
Repeat Password:
If a Webroot researcher has instructed you to execute a Removal script, select the script to begin.
If a Webroot researcher has instructed you to execute a Removal script, select the script to begin.
Import / Export
Import / Export
Block websites from creating high risk tracking information
Block websites from creating high risk tracking information
Analyze websites for phishing threats
Analyze websites for phishing threats
Enter the website address to protect (e.g. VVV.webroot.com)
Enter the website address to protect (e.g. VVV.webroot.com)
Add Website
Add Website
Analyze search engine results and identify malicious websites before visitation
Analyze search engine results and identify malicious websites before visitation
Detect websites being redirected by the HOSTS file
Detect websites being redirected by the HOSTS file
Look for malware on websites before visitation
Look for malware on websites before visitation
Look for exploits in website content before visitation
Look for exploits in website content before visitation
Website Filter
Website Filter
View/edit the list of blocked websites to change how they should be handled or add new websites to block.
View/edit the list of blocked websites to change how they should be handled or add new websites to block.
View Websites
View Websites
Website
Website
Enter the website address to configure (e.g. VVV.webroot.com)
Enter the website address to configure (e.g. VVV.webroot.com)
You received your keycode by email.
You received your keycode by email.
Your keycode is located on the CD sleeve.
Your keycode is located on the CD sleeve.
If you have misplaced your keycode:
If you have misplaced your keycode:
Contact Webroot Support at hXXp://VVV.webroot.com/support
Contact Webroot Support at hXXp://VVV.webroot.com/support
Help me find my license keycode
Help me find my license keycode
You can also import your settings from another computer using this screen.
You can also import your settings from another computer using this screen.
Import Settings
Import Settings
Export Settings
Export Settings
Activate a new keycode
Activate a new keycode
Keycode:
Keycode:
Enter your new keycode into the field below and click Activate:
Enter your new keycode into the field below and click Activate:
Enter your keycode here...
Enter your keycode here...
Are you sure you want to abort the current operation?
Are you sure you want to abort the current operation?
Identity && Privacy - protect yourself while browsing web sites
Identity && Privacy - protect yourself while browsing web sites
Enter a password that is at least six characters long for better security.
Enter a password that is at least six characters long for better security.
Only executable files can be overridden.
Only executable files can be overridden.
Warning: Clearing the product log will prevent Webroot technical support from assisting you accurately. Are you sure you want to clear the log?
Warning: Clearing the product log will prevent Webroot technical support from assisting you accurately. Are you sure you want to clear the log?
The username or password is invalid.
The username or password is invalid.
I forgot my password
I forgot my password
Downloading Password Management Components...
Downloading Password Management Components...
Installing Password Management...
Installing Password Management...
Windows System
Windows System
Windows Desktop
Windows Desktop
Windows Registry Streams
Windows Registry Streams
Windows Update Temporary folder
Windows Update Temporary folder
Windows Temporary folder
Windows Temporary folder
Clean Index.dat (cleaned on reboot)
Clean Index.dat (cleaned on reboot)
URL history
URL history
Securely erase files by overwriting contents with random data using seven passes and clean free space around files.
Securely erase files by overwriting contents with random data using seven passes and clean free space around files.
Erase files by overwriting contents with random data using three passes.
Erase files by overwriting contents with random data using three passes.
Clean files using standard file deletion techniques, bypassing the Windows Recycle Bin.
Clean files using standard file deletion techniques, bypassing the Windows Recycle Bin.
SecureAnywhere has detected a significant infection on your computer which requires manual assistance to clean. Contact Webroot Support to help clean your computer.
SecureAnywhere has detected a significant infection on your computer which requires manual assistance to clean. Contact Webroot Support to help clean your computer.
Your SecureAnywhere subscription entitles you to use Backup && Sync which makes it easy to share files on your computer and protect your important files from loss. Click "Download and Install" to use this feature.
Your SecureAnywhere subscription entitles you to use Backup && Sync which makes it easy to share files on your computer and protect your important files from loss. Click "Download and Install" to use this feature.
Select specific files and folders to back up to your online storage in the Cloud to protect important files from loss.
Select specific files and folders to back up to your online storage in the Cloud to protect important files from loss.
Webroot Internet Security Complete is already installed on your computer. Use the Sync & Sharing features within WISC to prevent incompatibilities.
Webroot Internet Security Complete is already installed on your computer. Use the Sync & Sharing features within WISC to prevent incompatibilities.
Backup & Sync was not installed successfully. If you continue to receive this error, contact Webroot Support.
Backup & Sync was not installed successfully. If you continue to receive this error, contact Webroot Support.
Your SecureAnywhere subscription entitles you to use Password Management that makes managing your web site logons easy and more secure. Click "Download and Install" to use this feature.
Your SecureAnywhere subscription entitles you to use Password Management that makes managing your web site logons easy and more secure. Click "Download and Install" to use this feature.
Install Password Management
Install Password Management
Manage your personal information, websites, and passwords at your My Webroot account.
Manage your personal information, websites, and passwords at your My Webroot account.
- Automatically fill in your login information for remembered websites
- Automatically fill in your login information for remembered websites
- Create secure, hack-resistant passwords for website logins
- Create secure, hack-resistant passwords for website logins
Password Management makes web browsing easier and more secure.
Password Management makes web browsing easier and more secure.
Password Management is On
Password Management is On
Password Management was not installed successfully. If you continue to receive this error, contact Webroot Support.
Password Management was not installed successfully. If you continue to receive this error, contact Webroot Support.
Password Management
Password Management
SecureAnywhere was unable to restore all files to their original locations and has copied them to a dedicated Quarantine folder located at [%s]. Would you like to view the Quarantine folder now?
SecureAnywhere was unable to restore all files to their original locations and has copied them to a dedicated Quarantine folder located at [%s]. Would you like to view the Quarantine folder now?
The keycode is currently hidden and cannot be copied.
The keycode is currently hidden and cannot be copied.
%-5i %S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i %S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i ...%.*S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%-5i ...%.*S@Working Set: %-4iMB ^ Virtual: %-4iMB ^ Handles: %-4i ^ User Objects: %-4i ^ Kernel Time: d:d:d:d ^ User Time: d:d:d:d ^ Page Faults: %-7i ^ Parent PID: %-5i ^ Session ID: %-2i ^ Commandline: [%S]~|
%S (%S) - %S@%S drive - %i%% Free (%i MB Total), Serial Number: X~|
%S (%S) - %S@%S drive - %i%% Free (%i MB Total), Serial Number: X~|
%S (%S)@%S, Number of Logins: %i, %S~|
%S (%S)@%S, Number of Logins: %i, %S~|
%S on %S@%i MB, %i MHz (Form Factor: %S, Manufacturer ID: %S, Serial Number: %S, Part Number: %S)~|
%S on %S@%i MB, %i MHz (Form Factor: %S, Manufacturer ID: %S, Serial Number: %S, Part Number: %S)~|
%S on %S@%i MB, (Form Factor: %S)~|
%S on %S@%i MB, (Form Factor: %S)~|
%S@%S drive - No media~|
%S@%S drive - No media~|
%S@%S, Last Login: %s, Number of Logins: %i, %S~|
%S@%S, Last Login: %s, Number of Logins: %i, %S~|
%S@%S, Service: %S, Status: X,
%S@%S, Service: %S, Status: X,
%S@(%S) %S, Service: %S, Status: X,$
%S@(%S) %S, Service: %S, Status: X,$
%S@Device ID: %S, Internal Name: %S~|
%S@Device ID: %S, Internal Name: %S~|
%S@Never logged in~|
%S@Never logged in~|
%S@Port: %S, Status: %i, Jobs: %i~|
%S@Port: %S, Status: %i, Jobs: %i~|
%i fragments, %u bytes@%S (MFT: %i)~|
%i fragments, %u bytes@%S (MFT: %i)~|
%s@Minidump: %S~|
%s@Minidump: %S~|
%s@System Analysis completed in %i seconds (%s)~|
%s@System Analysis completed in %i seconds (%s)~|
, Problem code - X,
, Problem code - X,
Active Applications@%i - %i windows (%i visible)~|
Active Applications@%i - %i windows (%i visible)~|
Active Applications@%i windows (%i visible)~|
Active Applications@%i windows (%i visible)~|
Active Directory@%S~|
Active Directory@%S~|
Auto Update State@%S~|
Auto Update State@%S~|
Browser@%S %S~|
Browser@%S %S~|
CPU@%s (%i %S)~|
CPU@%s (%i %S)~|
Common AppData Directory@%S~|
Common AppData Directory@%S~|
Current Processor Speed@%dMHz~|
Current Processor Speed@%dMHz~|
DHCP Server@%s~|
DHCP Server@%s~|
DNS Server@%s~|
DNS Server@%s~|
External Clock Speed@%dMHz~|
External Clock Speed@%dMHz~|
External IP Address@%s~|
External IP Address@%s~|
Gateway@%s~|
Gateway@%s~|
Graphics Card@%s - %iMB Free Video RAM, %iMB Total~|
Graphics Card@%s - %iMB Free Video RAM, %iMB Total~|
Home Page@%S~|
Home Page@%S~|
Hostname@%s~|
Hostname@%s~|
IP Address@%s~|
IP Address@%s~|
IP Mask@%s~|
IP Mask@%s~|
Internet Cache@%i KB (%s)~|
Internet Cache@%i KB (%s)~|
Last Update Check@%S~|
Last Update Check@%S~|
Last Update Download@%S~|
Last Update Download@%S~|
Last Update Install@%S (%i %S ago)~|
Last Update Install@%S (%i %S ago)~|
Last Update Install@%S~|
Last Update Install@%S~|
Maximum Supported RAM Size@%i MB~|
Maximum Supported RAM Size@%i MB~|
Next Scheduled Install Time@%S~|
Next Scheduled Install Time@%S~|
Next Scheduled Update Check@%S~|
Next Scheduled Update Check@%S~|
OS Install Date@%s~|
OS Install Date@%s~|
OS@%s (Language: %i)~|
OS@%s (Language: %i)~|
Operating System
Operating System
Phishing Filter@%S~|
Phishing Filter@%S~|
Search History, URL History, and Recent Playlist
Search History, URL History, and Recent Playlist
Slot %i - %S (%S)@%S - Bus Number: 0xX, Device Number: 0xX, Segment Group Number: 0xX~|
Slot %i - %S (%S)@%S - Bus Number: 0xX, Device Number: 0xX, Segment Group Number: 0xX~|
Spyware Protection@%S %S (%S)~|
Spyware Protection@%S %S (%S)~|
Spyware Protection@%S %S (%S, %S)~|
Spyware Protection@%S %S (%S, %S)~|
System Access Level@%s~|
System Access Level@%s~|
System Boot Drive Device@%S~|
System Boot Drive Device@%S~|
System Directory@%S~|
System Directory@%S~|
System Family@%S~|
System Family@%S~|
System GUID@x-xx-xxxx-xxxx~|
System GUID@x-xx-xxxx-xxxx~|
System Manufacturer@%S~|
System Manufacturer@%S~|
System Product Name@%S~|
System Product Name@%S~|
System Proxy@%S~|
System Proxy@%S~|
System Serial Number@%S~|
System Serial Number@%S~|
System Temporary Files@%i KB (%s)~|
System Temporary Files@%i KB (%s)~|
System Uptime@%S (Tick Count: %i)~|
System Uptime@%S (Tick Count: %i)~|
System Version@%S~|
System Version@%S~|
Third Party Firewall@%S %S (%S)~|
Third Party Firewall@%S %S (%S)~|
UAC Status@%S~|
UAC Status@%S~|
Update Type@%S~|
Update Type@%S~|
User Account Level@%s~|
User Account Level@%s~|
User Temporary Files@%i KB (%s)~|
User Temporary Files@%i KB (%s)~|
Username@%S (%S) - Session ID: %i~|
Username@%S (%S) - Session ID: %i~|
Username@%S - Session ID: %i~|
Username@%S - Session ID: %i~|
Virus Protection@%S %S (%S)~|
Virus Protection@%S %S (%S)~|
Virus Protection@%S %S (%S, %S)~|
Virus Protection@%S %S (%S, %S)~|
Windows Experience Rating
Windows Experience Rating
Windows Firewall@Disabled~|
Windows Firewall@Disabled~|
Windows Firewall@Enabled and Active~|
Windows Firewall@Enabled and Active~|
Windows Updates
Windows Updates
~|~|This new key must be used on all future installations of Webroot software:~|~|%.4s-%.4s-%.4s-%.4s-%.4s~|~|Thank you for upgrading!
~|~|This new key must be used on all future installations of Webroot software:~|~|%.4s-%.4s-%.4s-%.4s-%.4s~|~|Thank you for upgrading!
- Internet Explorer 7.0 and higher, Mozilla Firefox 3.6 and higher; Identity Shield feature in Webroot SecureAnywhere Complete also supports Google Chrome 11 and higher, and Opera 11 and higher
- Internet Explorer 7.0 and higher, Mozilla Firefox 3.6 and higher; Identity Shield feature in Webroot SecureAnywhere Complete also supports Google Chrome 11 and higher, and Opera 11 and higher
All attached devices have reported to be functioning properly.
All attached devices have reported to be functioning properly.
Windows Automatic Updates are disabled
Windows Automatic Updates are disabled
Contact Support by clicking the "?" button in the upper right corner of this window.
Contact Support by clicking the "?" button in the upper right corner of this window.
Create an account to access your security on all your devices online from any Web browser.
Create an account to access your security on all your devices online from any Web browser.
Purchase Webroot SecureAnywhere now for uninterrupted protection.
Purchase Webroot SecureAnywhere now for uninterrupted protection.
Don't waste a second. Get the fastest security ever. Buy Webroot SecureAnywhere.
Don't waste a second. Get the fastest security ever. Buy Webroot SecureAnywhere.
Enter your email address to validate your license key and activate realtime threat prevention:
Enter your email address to validate your license key and activate realtime threat prevention:
Firefox
Firefox
If you have other security software installed on your system, you do not need to uninstall it. Webroot SecureAnywhere software is designed to work alongside your existing security software and will automatically upgrade earlier versions of Webroot or Prevx software. If you do experience any issues, please contact our Support team.
If you have other security software installed on your system, you do not need to uninstall it. Webroot SecureAnywhere software is designed to work alongside your existing security software and will automatically upgrade earlier versions of Webroot or Prevx software. If you do experience any issues, please contact our Support team.
Last Password Change: %i %s ago
Last Password Change: %i %s ago
Malware scanning - detect and report threats
Malware scanning - detect and report threats
Mozilla Firefox - Cached Files
Mozilla Firefox - Cached Files
New Webroot Keycode.txt
New Webroot Keycode.txt
No password configured
No password configured
Operating Systems (32 and 64bit in all Editions)
Operating Systems (32 and 64bit in all Editions)
Please wait until the current operation is complete before shutting down SecureAnywhere.
Please wait until the current operation is complete before shutting down SecureAnywhere.
Please wait until the download of Password Management is finished to download Backup & Sync.
Please wait until the download of Password Management is finished to download Backup & Sync.
Save Keycode and Continue
Save Keycode and Continue
SecureAnywhere is currently managed by the Web Console and all changes need to be applied centrally. Please refer to the SecureAnywhere documentation for further information.
SecureAnywhere is currently managed by the Web Console and all changes need to be applied centrally. Please refer to the SecureAnywhere documentation for further information.
Settings - Currently being managed by the Web Console
Settings - Currently being managed by the Web Console
System Analysis was cancelled and the report may be incomplete.
System Analysis was cancelled and the report may be incomplete.
Screen resolution and bit depth support true color images.
Screen resolution and bit depth support true color images.
The Windows firewall is disabled.
The Windows firewall is disabled.
The credentials used to log into Backup & Sync are invalid. Please login again.
The credentials used to log into Backup & Sync are invalid. Please login again.
There are currently no items in the execution history log.
There are currently no items in the execution history log.
To learn more about Webroot's complete portfolio of security solutions, visit VVV.webroot.com.
To learn more about Webroot's complete portfolio of security solutions, visit VVV.webroot.com.
View Full Report
View Full Report
Visit Webroot.com
Visit Webroot.com
Webroot SecureAnywhere has been successfully installed and is actively protecting your computer. You do not need to do anything further - it will continue running in the background, blocking threats if they try to enter.~|~|Accessing Webroot SecureAnywhere is quick and easy - you can locate it any time in your system tray or notification area. You may need to expand your notification area with the "Up" or "Left" arrow to see the Webroot icon.
Webroot SecureAnywhere has been successfully installed and is actively protecting your computer. You do not need to do anything further - it will continue running in the background, blocking threats if they try to enter.~|~|Accessing Webroot SecureAnywhere is quick and easy - you can locate it any time in your system tray or notification area. You may need to expand your notification area with the "Up" or "Left" arrow to see the Webroot icon.
Webroot SecureAnywhere
Webroot SecureAnywhere
Webroot SecureAnywhere~|(c) 2006-2012
Webroot SecureAnywhere~|(c) 2006-2012
Webroot SecureAnywhere`
Webroot SecureAnywhere`
Webroot System Analyzer
Webroot System Analyzer
Webroot was unable to be installed because the current user account has limited rights. Please elevate the Webroot installer or install using an administrative account.
Webroot was unable to be installed because the current user account has limited rights. Please elevate the Webroot installer or install using an administrative account.
Without this protection, your PC is vulnerable to spyware and virus attacks. Don't waste a second - get the fastest security ever. Buy Webroot SecureAnywhere.
Without this protection, your PC is vulnerable to spyware and virus attacks. Don't waste a second - get the fastest security ever. Buy Webroot SecureAnywhere.
Not all RAM can be used by your 32bit operating system.
Not all RAM can be used by your 32bit operating system.
Protection disabled. Get complete protection with Webroot SecureAnywhere.
Protection disabled. Get complete protection with Webroot SecureAnywhere.
Your account gives you anytime access to your security from any Web browser.
Your account gives you anytime access to your security from any Web browser.
Your Webroot SecureAnywhere trial ends in %i days!
Your Webroot SecureAnywhere trial ends in %i days!
Your Webroot SecureAnywhere trial ends tomorrow!
Your Webroot SecureAnywhere trial ends tomorrow!
Your Webroot SecureAnywhere trial is expired!
Your Webroot SecureAnywhere trial is expired!
Your new keycode is shown below and is also provided in a text file on your computer's desktop. Use this new keycode for all future installations and upgrades.
Your new keycode is shown below and is also provided in a text file on your computer's desktop. Use this new keycode for all future installations and upgrades.
Your operating system is up to date.
Your operating system is up to date.
It is recommended to change your password every 90 days.
It is recommended to change your password every 90 days.
Your hardware is adequate for running your operating system.
Your hardware is adequate for running your operating system.
VVV.geeksquad.com
VVV.geeksquad.com
SecureAnywhere could not be installed. Please contact SecureAnywhere support to assist with your installation.
SecureAnywhere could not be installed. Please contact SecureAnywhere support to assist with your installation.
SecureAnywhere is not compatible with your current operating system. Please consider upgrading your operating system to Windows XP Service Pack 2 or higher.
SecureAnywhere is not compatible with your current operating system. Please consider upgrading your operating system to Windows XP Service Pack 2 or higher.
- Windows XP SP2, SP3
- Windows XP SP2, SP3
- Windows Vista SP1, SP2
- Windows Vista SP1, SP2
- Windows 7 SP0, SP1
- Windows 7 SP0, SP1
I would like to receive alerts, special offers, important product updates, and newsletters from Webroot.
I would like to receive alerts, special offers, important product updates, and newsletters from Webroot.
View the Webroot Privacy Policy
View the Webroot Privacy Policy
Note: Although your settings will be saved locally, your PC is currently centrally managed by the Web Console and your settings may be overwritten on the next database communication.
Note: Although your settings will be saved locally, your PC is currently centrally managed by the Web Console and your settings may be overwritten on the next database communication.
Scan with Webroot
Scan with Webroot
To receive the fastest response to a file inquiry, we recommend writing into our support inbox so that a Webroot researcher will immediately look at the submitted information. Would you like to open a support ticket now?
To receive the fastest response to a file inquiry, we recommend writing into our support inbox so that a Webroot researcher will immediately look at the submitted information. Would you like to open a support ticket now?
A cleanup license key is required to remove threats.
A cleanup license key is required to remove threats.
SecureAnywhere Identity Shield protects your sensitive information on banking, web transacting, and social networking websites while peacefully coexisting with other security software.
SecureAnywhere Identity Shield protects your sensitive information on banking, web transacting, and social networking websites while peacefully coexisting with other security software.
Welcome to Webroot
Welcome to Webroot
Webroot FastScan quickly assesses your PC security by detecting malicious threats using the Webroot Realtime Threat Database while peacefully coexisting with other security software.
Webroot FastScan quickly assesses your PC security by detecting malicious threats using the Webroot Realtime Threat Database while peacefully coexisting with other security software.
Update now to faster, lighter, and more effective protection. Installation will take less than 10 seconds with scans typically taking less than 2 minutes. Webroot SecureAnywhere protects your computer from all types of malicious activity.
Update now to faster, lighter, and more effective protection. Installation will take less than 10 seconds with scans typically taking less than 2 minutes. Webroot SecureAnywhere protects your computer from all types of malicious activity.
You don't need to do anything further. Webroot SecureAnywhere Identity Shield is now helping to protect you and your personal information when you bank, shop, interact, and transact online.
You don't need to do anything further. Webroot SecureAnywhere Identity Shield is now helping to protect you and your personal information when you bank, shop, interact, and transact online.
Aborting the current scan will prevent Webroot from detecting and cleaning all threats. Are you sure you want to abort?
Aborting the current scan will prevent Webroot from detecting and cleaning all threats. Are you sure you want to abort?
SecureAnywhere has detected active threats on your computer and needs a license key to remove them.
SecureAnywhere has detected active threats on your computer and needs a license key to remove them.
Enable enhanced customer support
Enable enhanced customer support
Please wait a few moments and try again. Contact Webroot Support if this error persists.
Please wait a few moments and try again. Contact Webroot Support if this error persists.
The operation failed with error code %i. %s
The operation failed with error code %i. %s
The command you selected did not complete successfully. Contact Webroot Support if this error persists.
The command you selected did not complete successfully. Contact Webroot Support if this error persists.
Backup allows you to automatically back up and access your files securely from a web-based portal.
Backup allows you to automatically back up and access your files securely from a web-based portal.
Web Console
Web Console
SecureAnywhere is using %2.2f%% of your disk space. The average scan time is %4.1f %s.
SecureAnywhere is using %2.2f%% of your disk space. The average scan time is %4.1f %s.
SecureAnywhere has used %2.2f%% of your CPU since installation and %2.3f%% disk space. Average scan time is %4.1f %s.
SecureAnywhere has used %2.2f%% of your CPU since installation and %2.3f%% disk space. Average scan time is %4.1f %s.
Next scan starts in %s.
Next scan starts in %s.
%i%% - %s files scanned. %s %s
%i%% - %s files scanned. %s %s
Scan Complete - %i active %s found in %s. %s
Scan Complete - %i active %s found in %s. %s
Scan ended - %i active %s found in %s. %s
Scan ended - %i active %s found in %s. %s
%s files scanned in %s. No threats found. %s
%s files scanned in %s. No threats found. %s
Scan aborted. %s files scanned in %s. %s
Scan aborted. %s files scanned in %s. %s
Last scanned %s. %s %s %s removed.
Last scanned %s. %s %s %s removed.
Last scanned %s. %s
Last scanned %s. %s
Protection has been active for %s.
Protection has been active for %s.
%s system events have been inspected since installation.
%s system events have been inspected since installation.
%s system events have been inspected since bootup (%s.%c %s since installation).
%s system events have been inspected since bootup (%s.%c %s since installation).
%i%% - Cleaned %s bytes (%i files, %i registry entries). Cleaning %s
%i%% - Cleaned %s bytes (%i files, %i registry entries). Cleaning %s
%i%% - Cleaning %s
%i%% - Cleaning %s
System Cleaner is scheduled to run in %s. So far, it has cleaned %s %s.
System Cleaner is scheduled to run in %s. So far, it has cleaned %s %s.
System Cleaner is scheduled to run in %s.
System Cleaner is scheduled to run in %s.
System Cleaner last cleaned %s. So far, it has cleaned %s %s.
System Cleaner last cleaned %s. So far, it has cleaned %s %s.
Click here for personal support if you have any questions about SecureAnywhere
Click here for personal support if you have any questions about SecureAnywhere
Enable Windows Explorer right click secure file erasing
Enable Windows Explorer right click secure file erasing
SecureAnywhere Backup allows you to back up your files online so that they can be access through the secure portal in the event of hardware malfunction or system problems, or just to provide easier means for sharing files securely.
SecureAnywhere Backup allows you to back up your files online so that they can be access through the secure portal in the event of hardware malfunction or system problems, or just to provide easier means for sharing files securely.
Show Windows Explorer overlay icons
Show Windows Explorer overlay icons
Web requests were denied. Please ensure that proxy settings are correct and log in with your current user credentials.
Web requests were denied. Please ensure that proxy settings are correct and log in with your current user credentials.
A connection is being established with the Webroot Backup && Sync cloud infrastructure.
A connection is being established with the Webroot Backup && Sync cloud infrastructure.
Backup is idle and will next archive files at %S. Files were last archived at %S.
Backup is idle and will next archive files at %S. Files were last archived at %S.
Backup is currently idle and is configured to begin automatically archiving files at %S.
Backup is currently idle and is configured to begin automatically archiving files at %S.
Backup allows you to automatically back up and access your files securely from the SecureAnywhere website.
Backup allows you to automatically back up and access your files securely from the SecureAnywhere website.
Scanning for threats: %s
Scanning for threats: %s
By clicking Agree and Begin Analysis, you accept the terms of the Webroot software license agreement.
By clicking Agree and Begin Analysis, you accept the terms of the Webroot software license agreement.
View report summary
View report summary
Operating system detected
Operating system detected
Detecting operating system information
Detecting operating system information
SecureAnywhere Backup && Sync allows you to protect your data and access it easier by synchronizing it across devices and securely backing it up to prevent data loss. Click "Login" to create your account or log into an existing account.
SecureAnywhere Backup && Sync allows you to protect your data and access it easier by synchronizing it across devices and securely backing it up to prevent data loss. Click "Login" to create your account or log into an existing account.
Please wait until the current operation is complete.
Please wait until the current operation is complete.
Google Chrome
Google Chrome
.text
.text
h.rdata
h.rdata
H.data
H.data
.rsrc
.rsrc
B.reloc
B.reloc
SShhA
SShhA
TransportAddress
TransportAddress
HTTP/
HTTP/
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrkrn.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrkrn.pdb
KeDelayExecutionThread
KeDelayExecutionThread
ZwOpenKey
ZwOpenKey
ZwQueryValueKey
ZwQueryValueKey
ntoskrnl.exe
ntoskrnl.exe
WRITE_PORT_UCHAR
WRITE_PORT_UCHAR
HAL.dll
HAL.dll
TDI.SYS
TDI.SYS
FltCloseClientPort
FltCloseClientPort
FltCloseCommunicationPort
FltCloseCommunicationPort
FltCreateCommunicationPort
FltCreateCommunicationPort
FLTMGR.SYS
FLTMGR.SYS
SeExports
SeExports
ZwCreateKey
ZwCreateKey
ZwSetValueKey
ZwSetValueKey
585=5^5}5
585=5^5}5
"hXXp://crl.verisign.com/tss-ca.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
Thawte Certification1
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
.Class 3 Public Primary Certification Authority0
.Class 3 Public Primary Certification Authority0
hXXp://crl.verisign.com/pca3.crl0
hXXp://crl.verisign.com/pca3.crl0
hXXps://VVV.verisign.com/cps0
hXXps://VVV.verisign.com/cps0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
n.aAHu
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
Webroot Inc.1>0
Webroot Inc.1>0
Webroot Inc.0
Webroot Inc.0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
.pdata
.pdata
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrkrn.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrkrn.pdb
`.data
`.data
@.reloc
@.reloc
WmiExecuteMethodW
WmiExecuteMethodW
NtRequestWaitReplyPort
NtRequestWaitReplyPort
NtConnectPort
NtConnectPort
NtAlpcConnectPort
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
NtAlpcSendWaitReceivePort
NtAlpcCreatePortSection
NtAlpcCreatePortSection
NtRequestPort
NtRequestPort
NtAlpcCreatePort
NtAlpcCreatePort
NtSecureConnectPort
NtSecureConnectPort
NtDeleteKey
NtDeleteKey
NtDeleteValueKey
NtDeleteValueKey
NtSetValueKey
NtSetValueKey
NtDelayExecution
NtDelayExecution
NtCreatePort
NtCreatePort
http:\/\/
http:\/\/
hXXps://
hXXps://
PSOWRX
PSOWRX
hXXp://%.*s
hXXp://%.*s
Chrome_OmniboxView
Chrome_OmniboxView
Chrome_AutocompleteEditView
Chrome_AutocompleteEditView
%s://%S
%s://%S
search.yahoo
search.yahoo
WebDrawText
WebDrawText
webkit
webkit
PSOTBX
PSOTBX
Chrome_RenderWidgetHostHWND
Chrome_RenderWidgetHostHWND
MozillaContentWindowClass
MozillaContentWindowClass
MozillaWindowClass
MozillaWindowClass
Chrome_WidgetWin_
Chrome_WidgetWin_
OperaWindowClass
OperaWindowClass
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsagreen.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsagreen.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsared.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
\x3ca\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20padding:\x200pt;\x20margin:\x200pt;\x20width:\x20auto;\x22\x20target=\x22_blank\x22\x20href=\x22hXXp://VVV.webroot.com\x22\x20border=\x220\x22\x3e\x3cimg\x20src=\x22hXXp://anywhere.webrootcloudav.com/wsared.png\x22\x20style=\x22position:\x20relative;\x20display:\x20inline;\x20border:\x200pt\x20none;\x20margin:\x200pt;\x20height:\x2013px;\x20float:\x20none;\x20width:\x2022px;\x20border=\x220\x22\x3e\x3c/a\x3e
nspr4.dll
nspr4.dll
advapi32.dll
advapi32.dll
bcrypt.dll
bcrypt.dll
ws2_32.dll
ws2_32.dll
sspicli.dll
sspicli.dll
secur32.dll
secur32.dll
wininet.dll
wininet.dll
ntdll.dll
ntdll.dll
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrusr.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\wrusr.pdb
>HTTPu6
>HTTPu6
msvcrt.dll
msvcrt.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
SetWindowsHookExW
SetWindowsHookExW
SetWindowsHookExA
SetWindowsHookExA
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
USER32.dll
USER32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
ADVAPI32.dll
ADVAPI32.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
URLDownloadToFileW
URLDownloadToFileW
URLDownloadToFileA
URLDownloadToFileA
urlmon.dll
urlmon.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
OLEACC.dll
OLEACC.dll
RPCRT4.dll
RPCRT4.dll
OLEAUT32.dll
OLEAUT32.dll
UrlIsW
UrlIsW
SHLWAPI.dll
SHLWAPI.dll
Secur32.dll
Secur32.dll
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
WRUsr.dll
WRUsr.dll
\\x3ca href\\x3d\\x22http
\\x3ca href\\x3d\\x22http
@.rsrc
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrusr.pdb
d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_amd64\amd64\wrusr.pdb
%u6HcA
%u6HcA
tù7u HcG
tù7u HcG
?;5URLURLURL
?;5URLURLURL
)|]({\(z['yZ'wY'vX&uW&tV%sU%rT
)|]({\(z['yZ'wY'vX&uW&tV%sU%rT
%sU%rT
%sU%rT
GetCPInfo
GetCPInfo
CertGetCertificateContextProperty
CertGetCertificateContextProperty
_acmdln
_acmdln
_amsg_exit
_amsg_exit
GetAsyncKeyState
GetAsyncKeyState
MapVirtualKeyExW
MapVirtualKeyExW
GetKeyboardLayout
GetKeyboardLayout
keybd_event
keybd_event
UnhookWindowsHookEx
UnhookWindowsHookEx
v.pL>
v.pL>
00000000006
00000000006
20.sp
20.sp
ddbl.db
ddbl.db
dbk.db
dbk.db
dbj.db
dbj.db
dbi.db
dbi.db
dbh.db
dbh.db
dbg.db
dbg.db
dbf.db
dbf.db
dbe.db
dbe.db
dbd.db
dbd.db
dbc.db
dbc.db
dbb.db
dbb.db
dba.db
dba.db
index.dat
index.dat
content url
content url
searchurl
searchurl
use custom search url
use custom search url
scrnsave.exe
scrnsave.exe
Default_Search_Url
Default_Search_Url
Default_Page_Url
Default_Page_Url
.cn/index
.cn/index
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Software\Microsoft\Windows\CurrentVersion\Media Center\Service\Video
Software\Microsoft\Windows\CurrentVersion\Media Center\Service\Video
Software\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Software\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Software\Microsoft\Ole\appcompat\activationsecuritycheckexemptionlist
Software\Microsoft\Ole\appcompat\activationsecuritycheckexemptionlist
Software\Microsoft\Internet Explorer\UrlSearchHooks
Software\Microsoft\Internet Explorer\UrlSearchHooks
Software\Microsoft\Internet Explorer\Extensions\CmdMapping
Software\Microsoft\Internet Explorer\Extensions\CmdMapping
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
"%ProgramFiles%\Internet Explorer\iexplore.exe"
"%ProgramFiles%\Internet Explorer\iexplore.exe"
"%ProgramFiles%\Mozilla Firefox\firefox.exe"
"%ProgramFiles%\Mozilla Firefox\firefox.exe"
"%ProgramFiles%\Internet Explorer\iexplore.exe" %1
"%ProgramFiles%\Internet Explorer\iexplore.exe" %1
rundll32.exe url.dll,FileProtocolHandler %l
rundll32.exe url.dll,FileProtocolHandler %l
rundll32.exe url.dll,TelnetProtocolHandler %l
rundll32.exe url.dll,TelnetProtocolHandler %l
rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
regedit.exe "%1"
regedit.exe "%1"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
"%SystemRoot%\System32\msiexec.exe" /i "%1" %*
"%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Package
Msi.Package
%SystemRoot%\system32\mmc.exe "%1" %*
%SystemRoot%\system32\mmc.exe "%1" %*
.mpeg
.mpeg
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
"%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
"%SystemRoot%\System32\WScript.exe" "%1" %*
"%SystemRoot%\System32\WScript.exe" "%1" %*
rundll32.exe shdocvw.dll,OpenURL %l
rundll32.exe shdocvw.dll,OpenURL %l
%SystemRoot%\system32\NOTEPAD.EXE %1
%SystemRoot%\system32\NOTEPAD.EXE %1
"%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome
"%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome
%SystemRoot%\system32\mshta.exe "%1" %*
%SystemRoot%\system32\mshta.exe "%1" %*
cmdfile
cmdfile
"%SystemRoot%\hh.exe" %1
"%SystemRoot%\hh.exe" %1
chm.file
chm.file
ieuser.exe
ieuser.exe
crashreporter.exe
crashreporter.exe
plugin-container.exe
plugin-container.exe
epic.exe
epic.exe
waol.exe
waol.exe
iron.exe
iron.exe
safari.exe
safari.exe
firefox
firefox
winlogon.exe
winlogon.exe
spoolsv.exe
spoolsv.exe
services.exe
services.exe
audiodg.exe
audiodg.exe
svchost.exe
svchost.exe
lsass.exe
lsass.exe
consent.exe
consent.exe
dwm.exe
dwm.exe
lsm.exe
lsm.exe
procexp64.exe
procexp64.exe
procexp.exe
procexp.exe
dplp2.exe
dplp2.exe
dplp.exe
dplp.exe
watchdogx64.exe
watchdogx64.exe
flashcookiecleaner.exe
flashcookiecleaner.exe
shredder.exe
shredder.exe
atieclxx.exe
atieclxx.exe
atiesrxx.exe
atiesrxx.exe
searchfilterhost.exe
searchfilterhost.exe
werfault.exe
werfault.exe
ravcpl64.exe
ravcpl64.exe
nvtray.exe
nvtray.exe
clpsla.exe
clpsla.exe
clps.exe
clps.exe
mtxagent.exe
mtxagent.exe
googleupdate.exe
googleupdate.exe
googlecrashhandler.exe
googlecrashhandler.exe
downloaderapp.exe
downloaderapp.exe
ccleaner.exe
ccleaner.exe
ccleaner64.exe
ccleaner64.exe
conhost.exe
conhost.exe
irperl.exe
irperl.exe
fswscs.exe
fswscs.exe
bsplayer.exe
bsplayer.exe
wow_helper.exe
wow_helper.exe
realplay.exe
realplay.exe
nmake.exe
nmake.exe
cl.exe
cl.exe
winrar.exe
winrar.exe
fsdomnodeie.dll
fsdomnodeie.dll
jhook.dll
jhook.dll
yzshadow.exe
yzshadow.exe
yahoomessenger.exe
yahoomessenger.exe
wspace.exe
wspace.exe
wlmail.exe
wlmail.exe
wdict32.exe
wdict32.exe
vmware-vmx.exe
vmware-vmx.exe
vmware.exe
vmware.exe
ultramon.exe
ultramon.exe
translateclient.exe
translateclient.exe
totalcmd.exe
totalcmd.exe
thunderbird.exe
thunderbird.exe
stpass.exe
stpass.exe
splwow64.exe
splwow64.exe
skype.exe
skype.exe
sidebar.exe
sidebar.exe
sllauncher.exe
sllauncher.exe
sbrender.exe
sbrender.exe
rocketdock.exe
rocketdock.exe
robotaskbaricon.exe
robotaskbaricon.exe
roboform.dll
roboform.dll
robo.exe
robo.exe
popupblocker.exe
popupblocker.exe
pdfvista.exe
pdfvista.exe
patrol.exe
patrol.exe
packpro.exe
packpro.exe
outlook.exe
outlook.exe
opstm080.exe
opstm080.exe
opera.exe
opera.exe
notepad .exe
notepad .exe
mvtapp.exe
mvtapp.exe
msnmsgr.exe
msnmsgr.exe
fsocrserver.exe
fsocrserver.exe
jfw.exe
jfw.exe
iexplore.exe
iexplore.exe
helppane.exe
helppane.exe
google.exe
google.exe
gamebooster.exe
gamebooster.exe
firefox.exe
firefox.exe
excel.exe
excel.exe
eudora.exe
eudora.exe
eqgame.exe
eqgame.exe
dsNetworkConnect.exe
dsNetworkConnect.exe
dllhost.exe
dllhost.exe
digsby.exe
digsby.exe
communicator.exe
communicator.exe
crazy browser.exe
crazy browser.exe
ctfmon.exe
ctfmon.exe
chrome.exe
chrome.exe
bttray.exe
bttray.exe
babylon.exe
babylon.exe
ati2evxx.exe
ati2evxx.exe
aolsoftware.exe
aolsoftware.exe
admunch64.exe
admunch64.exe
admunch.exe
admunch.exe
adblock.exe
adblock.exe
acrotray.exe
acrotray.exe
acrord32.exe
acrord32.exe
acrodist.exe
acrodist.exe
acrobat.exe
acrobat.exe
verclsid.exe
verclsid.exe
wrbar.exe
wrbar.exe
WRSyncManager.exe
WRSyncManager.exe
wrinstall.exe
wrinstall.exe
snippingtool.exe
snippingtool.exe
Portugu
Portugu
s (Brazilian Portuguese)
s (Brazilian Portuguese)
Ftaskmgr.exe
Ftaskmgr.exe
csrss.exe
csrss.exe
"%s" %s
"%s" %s
"%s" %S
"%s" %S
HKEY_USERS
HKEY_USERS
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
%s\%s
%s\%s
%c:\%s
%c:\%s
%s:%i
%s:%i
msiexec
msiexec
%drivers%
%drivers%
*\windows\system32\drivers\*
*\windows\system32\drivers\*
%fonts%
%fonts%
*\windows\fonts\*
*\windows\fonts\*
%%restore%%\%s
%%restore%%\%s
\\?hostname?\?share?\%s
\\?hostname?\?share?\%s
%%winsxs%%\%s
%%winsxs%%\%s
c:\windows/
c:\windows/
windows\system32/
windows\system32/
Webroot
Webroot
WRusr.dll
WRusr.dll
\\.\%c:
\\.\%c:
Windows\System32\windbg48.sys
Windows\System32\windbg48.sys
m0rpheus.tpl
m0rpheus.tpl
%SystemRoot%\System32\svchost.exe
%SystemRoot%\System32\svchost.exe
mscoree.dll
mscoree.dll
%S(%s)
%S(%s)
tcpip
tcpip
.net clr
.net clr
%S(%s\%s\, %s)
%S(%s\%s\, %s)
%S(HKLM\Software\Classes\%s\, %s)
%S(HKLM\Software\Classes\%s\, %s)
%S(%s\%s\)
%S(%s\%s\)
%S(%s\Software\Classes\%s\)
%S(%s\Software\Classes\%s\)
%S(%s\%s\%s)
%S(%s\%s\%s)
/scanfile="%s"
/scanfile="%s"
%s\sfc.exe
%s\sfc.exe
Writing MBR> New Data: [%S]
Writing MBR> New Data: [%S]
Executing Command> %s
Executing Command> %s
Terminating Module Parent> %i - %s
Terminating Module Parent> %i - %s
Closing Handle> %i - PID: %i - %s
Closing Handle> %i - PID: %i - %s
Renaming Registry Key> %s\%s to %s\%s
Renaming Registry Key> %s\%s to %s\%s
Deleting File> %s
Deleting File> %s
Writing Registry Value> %s\%s - %s
Writing Registry Value> %s\%s - %s
Writing File Data> %s - [New Data: %s]
Writing File Data> %s - [New Data: %s]
Deleting Directory> %s
Deleting Directory> %s
Deleting Registry Value> %s\%s - %s
Deleting Registry Value> %s\%s - %s
Deleting Registry Key> %s\%s
Deleting Registry Key> %s\%s
Fixing LSP> %S
Fixing LSP> %S
Core Component> Un-patching file [%s] - New Size: %i bytes
Core Component> Un-patching file [%s] - New Size: %i bytes
Copying File> %s to %s
Copying File> %s to %s
Terminating Process> %i - %s
Terminating Process> %i - %s
Stopping Service> %s
Stopping Service> %s
Deleting Service> %s
Deleting Service> %s
Starting Routine> %s...
Starting Routine> %s...
\\.\pipe\WRSynUM2
\\.\pipe\WRSynUM2
\\.\WRSYNAPSE
\\.\WRSYNAPSE
\temporary asp.net files\
\temporary asp.net files\
\opera\temporary_downloads\
\opera\temporary_downloads\
\microsoft.net\framework\
\microsoft.net\framework\
\$recycle.bin\S-
\$recycle.bin\S-
mbam.exe
mbam.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncExcl
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncExcl
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncGreen
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncGreen
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncYellow
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncYellow
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncRed
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\_WrSyncRed
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32
CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802}\InProcServer32
%s\Symantec\
%s\Symantec\
%s\Common Files\Symantec Shared\
%s\Common Files\Symantec Shared\
%s\Symantec.cloud\
%s\Symantec.cloud\
\\.\pipe\
\\.\pipe\
wmiprvse.exe
wmiprvse.exe
\Slow.pvx
\Slow.pvx
\Slowusr.pvx
\Slowusr.pvx
%i %s
%i %s
%s %S - %i%%, %i %s)
%s %S - %i%%, %i %s)
%s - %s
%s - %s
hXXps://*
hXXps://*
hXXp://*
hXXp://*
%ProgramFiles%\Webroot\WRSA.exe
%ProgramFiles%\Webroot\WRSA.exe
%S - %s
%S - %s
InstallLogo.bmp
InstallLogo.bmp
\\?\%c:
\\?\%c:
%i %s, %i %s
%i %s, %i %s
%i %s,
%i %s,
s\\.\PhysicalDrive%i
s\\.\PhysicalDrive%i
[%C] %s
[%C] %s
[%C] %s [MD5: %S] [Flags: X.%i]
[%C] %s [MD5: %S] [Flags: X.%i]
[%C] %s [MD5: %S] [Flags: X.%i] [Threat: %S]
[%C] %s [MD5: %S] [Flags: X.%i] [Threat: %S]
[%S] - CPU: %i%%, Physical Memory: %i%%, Virtual Memory: %i%%, Page File: %i%%, Processes: %i
[%S] - CPU: %i%%, Physical Memory: %i%%, Virtual Memory: %i%%, Page File: %i%%, Processes: %i
res%i.db
res%i.db
-%i-%i.tmp
-%i-%i.tmp
bcdedit.exe
bcdedit.exe
autorun.inf
autorun.inf
\services.exe
\services.exe
\drivers\pciide.sys
\drivers\pciide.sys
\drivers\smbe.sys
\drivers\smbe.sys
\drivers\eubkmon.sys
\drivers\eubkmon.sys
\drivers\acpi.sys
\drivers\acpi.sys
\drivers\wdf01000.sys
\drivers\wdf01000.sys
\drivers\cdrom.sys
\drivers\cdrom.sys
\drivers\serial.sys
\drivers\serial.sys
\drivers\ipsec.sys
\drivers\ipsec.sys
\drivers\tcpip.sys
\drivers\tcpip.sys
\drivers\afd.sys
\drivers\afd.sys
\drivers\rdbss.sys
\drivers\rdbss.sys
\drivers\mrxsmb.sys
\drivers\mrxsmb.sys
\drivers\netbt.sys
\drivers\netbt.sys
\microsoft.net\
\microsoft.net\
.crdownload
.crdownload
.partial
.partial
\windows\installer\
\windows\installer\
\config.msi\
\config.msi\
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
{98C3BECF-DD5F-44D2-8EF3-
{98C3BECF-DD5F-44D2-8EF3-
rundll32.exe
rundll32.exe
http*://
http*://
hXXp://VVV.
hXXp://VVV.
opera
opera
%S(%s, %.*S)
%S(%s, %.*S)
%S(%s, %s)
%S(%s, %s)
%S(%s, 0x%S)
%S(%s, 0x%S)
Temp\%.*S-%S-%.*S.WR
Temp\%.*S-%S-%.*S.WR
\\.\pipe\WRSVCPipe
\\.\pipe\WRSVCPipe
%S(%i)
%S(%i)
desktop.ini
desktop.ini
%s %s %s
%s %s %s
%i (%s %s)
%i (%s %s)
%s: %s
%s: %s
PKG\WRSyncManager.exe
PKG\WRSyncManager.exe
PKG\files_zh_cn_qt.qm
PKG\files_zh_cn_qt.qm
PKG\files_zh_cn.qm
PKG\files_zh_cn.qm
PKG\files_de_de_qt.qm
PKG\files_de_de_qt.qm
PKG\files_de_de.qm
PKG\files_de_de.qm
PKG\files_es_es_qt.qm
PKG\files_es_es_qt.qm
PKG\files_es_es.qm
PKG\files_es_es.qm
PKG\files_ja_jp_qt.qm
PKG\files_ja_jp_qt.qm
PKG\files_ja_jp.qm
PKG\files_ja_jp.qm
PKG\files_en_us_qt.qm
PKG\files_en_us_qt.qm
PKG\files_en_us.qm
PKG\files_en_us.qm
PKG\WRBar.dll
PKG\WRBar.dll
%s (%s)
%s (%s)
*.mpeg, *.avi, *.mp4
*.mpeg, *.avi, *.mp4
*.mp3, *.m4a
*.mp3, *.m4a
*.jpg, *.jpeg, *.png
*.jpg, *.jpeg, *.png
*.xls, *.xlsx
*.xls, *.xlsx
*.doc, *.docx
*.doc, *.docx
%s (%S)
%s (%S)
%s - %S
%s - %S
%s\Administrator
%s\Administrator
%C:%s
%C:%s
A:\%s
A:\%s
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
WRHTTP
WRHTTP
dst%2S.db
dst%2S.db
Chrome
Chrome
Opera
Opera
Software\Mozilla\Mozilla Firefox
Software\Mozilla\Mozilla Firefox
http\shell\open\command
http\shell\open\command
Software\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
&OLDLIC=%s
&OLDLIC=%s
hXXp://products.webroot.com/disp2012/?CMD=P40IPM&LIC=%S&LANG=%S&email=%s&optin=%S&DeviceMID=%S&InstanceMID=%S
hXXp://products.webroot.com/disp2012/?CMD=P40IPM&LIC=%S&LANG=%S&email=%s&optin=%S&DeviceMID=%S&InstanceMID=%S
partnerno=%S&MIDHEX=%S&datelogged=%S&Lastinfected=%S&Currentbads=%i&highbads=%i&mediumbads=%i&Lowbads=%i&identifynownowvalue=%S
partnerno=%S&MIDHEX=%S&datelogged=%S&Lastinfected=%S&Currentbads=%i&highbads=%i&mediumbads=%i&Lowbads=%i&identifynownowvalue=%S
I%S(%s\%s\%s, %s)
I%S(%s\%s\%s, %s)
%S(%s\%s\%s, %s%s%s)
%S(%s\%s\%s, %s%s%s)
%S(%s, 0)
%S(%s, 0)
%s\drivers\%s.sys
%s\drivers\%s.sys
%s\2i
%s\2i
Pipe
Pipe
%s\%s\%i
%s\%s\%i
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
dow.lac
dow.lac
centro.txt
centro.txt
1.pac
1.pac
AutoConfigUrl
AutoConfigUrl
hXXp://
hXXp://
Software\classes\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command
Software\classes\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
ekrn.exe
ekrn.exe
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -safe-mode
"%ProgramFiles%\Mozilla Firefox\firefox.exe" -safe-mode
firefox.exe\shell\safemode\command
firefox.exe\shell\safemode\command
firefox.exe\shell\open\command
firefox.exe\shell\open\command
iexplore.exe\shell\open\command
iexplore.exe\shell\open\command
\WRSYNAPSEPORT
\WRSYNAPSEPORT
%s\%s.lnk
%s\%s.lnk
%s\%s\%s.lnk
%s\%s\%s.lnk
%s\%s\%s\%s.lnk
%s\%s\%s\%s.lnk
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}
{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}
{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}
{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}
{C14874EA-ACE4-4A47-8A81-18C4D1C40868}
{C14874EA-ACE4-4A47-8A81-18C4D1C40868}
{1914B27A-33C8-46F8-A1C2-F993268D4564}
{1914B27A-33C8-46F8-A1C2-F993268D4564}
{69D72956-317C-44bd-B369-8E44D4EF9802}
{69D72956-317C-44bd-B369-8E44D4EF9802}
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
"%S%s" %S%S
"%S%s" %S%S
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
XXX.tmp
XXX.tmp
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Uninstall\Webroot Software
Software\Microsoft\Windows\CurrentVersion\Uninstall\Webroot Software
\Webroot\Security\Current\Products\WISE
\Webroot\Security\Current\Products\WISE
\Webroot\Security\Current\Products\WAV
\Webroot\Security\Current\Products\WAV
\Webroot\Security\Current\Products\WISC
\Webroot\Security\Current\Products\WISC
rSoftware\Web Filtering
rSoftware\Web Filtering
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
5db%i.db
5db%i.db
System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
%s %S %S
%s %S %S
dbo%i-e.db
dbo%i-e.db
dbo%i-%I64X.db
dbo%i-%I64X.db
dbm%i.db
dbm%i.db
tPKG\WRBar.exe
tPKG\WRBar.exe
PKG\LPBar.dll
PKG\LPBar.dll
%s\wrSync%i.dat
%s\wrSync%i.dat
%s\icon%i.ico
%s\icon%i.ico
t%s_%i
t%s_%i
%s %s %S - %s
%s %s %S - %s
%s %s %s %S - %s
%s %s %s %S - %s
%S?LANG=%S
%S?LANG=%S
%s\Webroot\Spy Sweeper\install.dat
%s\Webroot\Spy Sweeper\install.dat
Software\Webroot\Install
Software\Webroot\Install
notepad.exe
notepad.exe
hXXp://VVV.webroot.com
hXXp://VVV.webroot.com
%S %S
%S %S
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
%s %i:00 %s %s
%s %i:00 %s %s
*.exe
*.exe
%s %i %s
%s %i %s
WRSA.exe
WRSA.exe
%i:i %s
%i:i %s
SystemCleaner.log
SystemCleaner.log
%s\SecureAnywhere Console.lnk
%s\SecureAnywhere Console.lnk
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
UMTX-%s
UMTX-%s
CURRENT_USER\%s
CURRENT_USER\%s
MACHINE\%s
MACHINE\%s
\explorer.exe
\explorer.exe
%s\sysnative
%s\sysnative
%s\WRData
%s\WRData
%s - [%S] %i files scanned, %i %s found in %s
%s - [%S] %i files scanned, %i %s found in %s
si3112r.sys
si3112r.sys
atmdlc.sys
atmdlc.sys
C:\$MBR.1
C:\$MBR.1
\??\%c:\
\??\%c:\
%S(%s\%s\%s\)
%S(%s\%s\%s\)
%System%\webcheck.dll
%System%\webcheck.dll
rundll32 shell32,Control_RunDLL "sysdm.cpl"
rundll32 shell32,Control_RunDLL "sysdm.cpl"
logonui.exe
logonui.exe
userinit.exe,
userinit.exe,
%S(%s\%.*s\, %I64X)
%S(%s\%.*s\, %I64X)
W%S(%s\%.*s, %I64X-%I64X)
W%S(%s\%.*s, %I64X-%I64X)
%S(%s\%.*s\)
%S(%s\%.*s\)
%S(%s\%.*s\%.*s)
%S(%s\%.*s\%.*s)
%S(%s\%.*s, %.*s)
%S(%s\%.*s, %.*s)
%S(%I64X, %I64X)
%S(%I64X, %I64X)
_reg.tmp
_reg.tmp
%UserProfile%\Local Settings\Application Data
%UserProfile%\Local Settings\Application Data
%UserProfile%
%UserProfile%
hXXp://twitter.com/*
hXXp://twitter.com/*
hXXp://VVV.facebook.com/*
hXXp://VVV.facebook.com/*
Generating license key... (less than two minutes remaining)
Generating license key... (less than two minutes remaining)
Building your SecureAnywhere web console... (less than one minute remaining)
Building your SecureAnywhere web console... (less than one minute remaining)
Preparing the web console for first time use... (less than one minute remaining)
Preparing the web console for first time use... (less than one minute remaining)
Finalizing your SecureAnywhere web console... (less than 10 seconds remaining)
Finalizing your SecureAnywhere web console... (less than 10 seconds remaining)
SysAnalyzerLog-%S.log
SysAnalyzerLog-%S.log
%s (%i bytes)
%s (%i bytes)
%S(%s, %S)
%S(%s, %S)
%S(Removing %s...#(PX5: %S - MD5: %S))
%S(Removing %s...#(PX5: %S - MD5: %S))
TcpTimedWaitDelay
TcpTimedWaitDelay
MaxUserPort
MaxUserPort
TcpNumConnections
TcpNumConnections
ActiveProcesses.log
ActiveProcesses.log
webdrive
webdrive
\Dell Support Center\
\Dell Support Center\
;"%s"
;"%s"
WR.mof
WR.mof
wbem\mofcomp.exe
wbem\mofcomp.exe
%S - Removing %s
%S - Removing %s
%S - Removing %s - %s
%S - Removing %s - %s
%S - Removing %s - %i bytes
%S - Removing %s - %i bytes
%s\%i.bat
%s\%i.bat
WRTemp_%i_X
WRTemp_%i_X
%s\WR%i.exe
%s\WR%i.exe
libAllegro.dll
libAllegro.dll
Lang.dat
Lang.dat
dbq.db
dbq.db
5WRupdate%i.exe
5WRupdate%i.exe
%s\%S.html
%s\%S.html
%s\%S.bmp
%s\%S.bmp
Duration: %s
Duration: %s
%S (Hostname: %S - Local IP: %S)
%S (Hostname: %S - Local IP: %S)
Scan Started: %S
Scan Started: %S
%s/%s
%s/%s
%s\System\CurrentControlSet\Enum\ROOT\LEGACY_%s\0000
%s\System\CurrentControlSet\Enum\ROOT\LEGACY_%s\0000
%s\Services\%s
%s\Services\%s
Embedded Web Browser from: hXXp://bsalsa.com/
Embedded Web Browser from: hXXp://bsalsa.com/
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Classes\.exe\shell
Software\Classes\.exe\shell
Software\Policies\Microsoft\Windows\System
Software\Policies\Microsoft\Windows\System
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
System\CurrentControlSet\Services\Tcpip\Parameters
System\CurrentControlSet\Services\Tcpip\Parameters
%S(Removing rootkits - Please wait...#)
%S(Removing rootkits - Please wait...#)
Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
SavUI.exe
SavUI.exe
SymCorpUI.exe
SymCorpUI.exe
DoScan.EXE
DoScan.EXE
SNAC.EXE
SNAC.EXE
Rtvscan.exe
Rtvscan.exe
DefWatch.exe
DefWatch.exe
ccSvcHst.exe
ccSvcHst.exe
SmcGui.exe
SmcGui.exe
Smc.exe
Smc.exe
SemSvc.exe
SemSvc.exe
dbsrv9.exe
dbsrv9.exe
CCApp.exe
CCApp.exe
vptray.exe
vptray.exe
AMSadmin.exe
AMSadmin.exe
VPC32.exe
VPC32.exe
NMain.exe
NMain.exe
Msiexec.exe
Msiexec.exe
"%s\installTeefer.exe" -u -l2 -f "\install.log"
"%s\installTeefer.exe" -u -l2 -f "\install.log"
Microsoft.VC90.CRT.manifest
Microsoft.VC90.CRT.manifest
msvcr90.dll
msvcr90.dll
msvcp90.dll
msvcp90.dll
%s\temp
%s\temp
%s\checksum.exe
%s\checksum.exe
%s\temp\tmpremove.exe
%s\temp\tmpremove.exe
dbp.db
dbp.db
Webroot\Sync
Webroot\Sync
This removal tool only supports Windows XP.
This removal tool only supports Windows XP.
PKG\WebrootShellExt.dll
PKG\WebrootShellExt.dll
\AGENTCOMMANDS.txt
\AGENTCOMMANDS.txt
Software\Classes\CLSID\%s\%s
Software\Classes\CLSID\%s\%s
%s\shell\open\command
%s\shell\open\command
%S\%s
%S\%s
%s\prefetch
%s\prefetch
%SYSTEMDRIVE%\RECYCLER
%SYSTEMDRIVE%\RECYCLER
%SYSTEMDRIVE%
%SYSTEMDRIVE%
~tmp.hiv
~tmp.hiv
%s\temp\WR-X.tmp
%s\temp\WR-X.tmp
%s\Start Menu\Programs\Startup
%s\Start Menu\Programs\Startup
WSATemp.exe
WSATemp.exe
dbn.db
dbn.db
%s-%i
%s-%i
*.log
*.log
lwrSync.dll
lwrSync.dll
PxPlugin.dll
PxPlugin.dll
A file was in use during the cleanup operation and could not be cleaned. A reboot is required to fully remove this file.
A file was in use during the cleanup operation and could not be cleaned. A reboot is required to fully remove this file.
PKG.tmp
PKG.tmp
Software\Google\Chrome
Software\Google\Chrome
ace%i.db
ace%i.db
Win32.%S %s
Win32.%S %s
\%s%s
\%s%s
NetworkEvents.log
NetworkEvents.log
WRLog.log
WRLog.log
WEH-Tcp
WEH-Tcp
RDP-Tcp
RDP-Tcp
WRrem%i.exe
WRrem%i.exe
&CNTID=%S&SNUM=%S&CType=%S
&CNTID=%S&SNUM=%S&CType=%S
&%S=%S
&%S=%S
hXXp://%S?%S=%S%S&%S=%S&%S=%S&%S=%S&LANG=%S&VER=%i%i%i%i
hXXp://%S?%S=%S%S&%S=%S&%S=%S&%S=%S&LANG=%S&VER=%i%i%i%i
%S?UPD=%S&LANG=%S
%S?UPD=%S&LANG=%S
To ensure the highest quality experience with SecureAnywhere, we recommend contacting our Support and Sales team to assist with your deployment. Would you like to contact them now?
To ensure the highest quality experience with SecureAnywhere, we recommend contacting our Support and Sales team to assist with your deployment. Would you like to contact them now?
Opening your web console...
Opening your web console...
Your web console has been created and you can now easily deploy SecureAnywhere to other PCs and centrally manage configuration policies without needing any extra hardware.
Your web console has been created and you can now easily deploy SecureAnywhere to other PCs and centrally manage configuration policies without needing any extra hardware.
Log-in to your Web Console
Log-in to your Web Console
SecureAnywhere Endpoint Protection provides an easy to use, web-based console to manage the security of all of the devices in your organization.
SecureAnywhere Endpoint Protection provides an easy to use, web-based console to manage the security of all of the devices in your organization.
By clicking Agree and Begin, you accept the terms of the Webroot software license agreement.
By clicking Agree and Begin, you accept the terms of the Webroot software license agreement.
rtmp%d
rtmp%d
\\.\DISPLAY
\\.\DISPLAY
\Windows\explorer.exe
\Windows\explorer.exe
\Device\Tcp
\Device\Tcp
\Device\Udp
\Device\Udp
\Device\NamedPipe
\Device\NamedPipe
\System32\spoolsv.exe
\System32\spoolsv.exe
\System32\services.exe
\System32\services.exe
\System32\winlogon.exe
\System32\winlogon.exe
\System32\lsass.exe
\System32\lsass.exe
\System32\svchost.exe
\System32\svchost.exe
\System32\lsm.exe
\System32\lsm.exe
\System32\csrss.exe
\System32\csrss.exe
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
WRkrn.sys
WRkrn.sys
(c) Webroot 2006-2012
(c) Webroot 2006-2012
user32.dll
user32.dll
shdocvw.dll
shdocvw.dll
ieframe.dll
ieframe.dll
rpcrt4.dll
rpcrt4.dll
WINDOW: %s - %s
WINDOW: %s - %s
ShXXps://
ShXXps://
tmpremove.exe
tmpremove.exe
smc.exe
smc.exe
msctf.dll
msctf.dll
browseui.dll
browseui.dll
dwmapi.dll
dwmapi.dll
uxtheme.dll
uxtheme.dll
"%s" %S"%s"
"%s" %S"%s"
hXXps://VVV.webroot.com
hXXps://VVV.webroot.com
eSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
eSoftware\Microsoft\Windows\CurrentVersion\Internet Settings
RapportKE64
RapportKE64
RapportKELL
RapportKELL
wsock32.dll
wsock32.dll
%s\%s\%s\%s
%s\%s\%s\%s
wrSync4.dat
wrSync4.dat
wrSync3.dat
wrSync3.dat
wrSync2.dat
wrSync2.dat
wrSync1.dat
wrSync1.dat
Webr
Webr