TC makes NOTE!
Do not attempt to post any comments, respondences or suggestions first thing in the mornings right after waking up and before at least drinking a mug of if not 2 of coffee.....
I just messed up, hit the wrong button and lost roughly 30 to 45 minutes of response to your current post/ reply, Pudgie
Will get me some coffee and try to respond again later....good grief....lol
I know the feeling!
It's all good!
Are you sure you could root Webroot out entirely?
There seems to be a dedicated removal tool but sometimes even the special tools may leave leftover directories. There's tools that can find every Anti-virus and provide removal tools. I've recently found https://antivirus-removal-tool.com/ whose Search function revealed leftovers from programs that already were first uninstalled the normal way and then cleaned with the dedicated tools. The search results made removing the remaining files and folders manually quite an easy job. Unfortunately it doesn't find registry entries, though.
For entirely removing each and every instance of any program there's tools like Revo Uninstaller that start with the normal uninstall and continue to track both remaining folders and registry entries. In your case that would require reinstalling Webroot to enable a thorough uninstall with Revo or the likes.
Hey Biz thanks for the link! Yeah I already know the registry will still contain WebRoot entries.....plan to deal w\ that later. While I had WebRoot installed it never showed any instances of attacking\quarantining AHIII as a rogue actor (had the game set up in it to allow it clear passage for several yrs w\o issue prior this current issue cropping up) but I also know that it was integrated w\ Win 10 Security as well (WebRoot used the Windows Security firewall inbound connections whitelist to monitor inbound traffic so it only monitored outbound connections since WSF allowed all outbound connections passage by default so in essence both Win 10 Security & WebRoot were active together (WebRoot was performing the AV while WS was performing mostly malware detection).
Now I have Win 10 Security doing it all....have used it to run full scans 2 times & it has found nothing on any of my drives & thru tracking the active connections IP traffic trails after attempts to run AHIII & failing I can consistently see as soon as I sign in to AHIII (game sends outbound IP to AHIII servers to ACK me) I see rogue outbound IP addresses that won't identify themselves (why I was invoking -f to convert IP to HTTP) that are tying up TCP port 80 to MSN servers (traced all the rogue IP's back to ntwk.MSN.net...Win 10 telemetry) & hold it (established) so that AHIII servers can't download any files\connect to my box (inbound traffic)......will allow the AHIII client to send all the outbound it wants to the AHIII servers (can see all those) as they're going out\being received on other ports outside of TCP port 80 & won't release it for AHIII until I exit the game (AHIII client send outbound IP to AHIII servers to close\disconnect) then this rogue IP will close itself & release TCP port 80. When Hitech had me to go thru my web browser then access the same AHIII servers & downloaded the very same files (removes AHIII client as the front man & uses MS Edge instead) to the client then all functioned as normal so he knew the TCP 80 port was being blocked by some IP address other than AHIII at my end but it would not block other IP's (like my browser) so the only IP addresses that are getting blocked are inbounds from AHIII servers AFTER whatever it is doing it is alerted on outbound IP traffic from sign in from AHIII client on my box to htcgm.hitechcreations.com AHIII server.....
I can't see WebRoot AV doing that (if it did it would have blocked the outbound AHIII traffic as the WSF was set to allow all outbound IP traffic by default & it never did this as AHIII was set to pass thru & the outbound IP tracking confirms this....also for Win Security firewall as well)....but I
can see either Win 10 itself thru some Win Update or some masked virus\trojan residing in Win 10 doing that & either way it points to Win 10 from my vantage standpoint.
The question is which 1 is it?
I know when I change the outbound action in WSF private profile from allow (default) to block (blocks all outbound traffic except what is allowed thru the outbound whitelist rules) w\ AHIII set up in the WSF outbound whitelist rules to pass thru then tested MS Edge & Win Update 1st to see if they got blocked to determine if Windows may also be blocked to ntwk.MSN.net. Then I tried to run AHIII as normal to see if the rogue IP's got blocked on the outbound & AHIII's outbound went thru......all the rogue outbound IP addresses got blocked (so I know they don't exist in the outbound whitelist rules & Win Update doesn't either) but all AHIII's outbound IP addresses went thru as normal but got blocked on inbound the same as before but the seeing of the rogue IP addresses being blocked along w\ Windows Update on outbound traffic points to the 2 being related along w\ the IP trace routes to MSN networks thus the source of this issue is coming from Win 10 itself........
Now what I might do (if Windows lets me do it) at some point in time is to run the Media Creations 2004 tool again to do another reinstall of Windows 10 2004 to see if it can clean up the registry on this pass (had WebRoot installed on the last pass) before I resort to using a 3rd party app. I do like this link you sent to this app as it doesn't need to be installed to run so that's a plus (std Biz operations....
).
I was trying to see if I could fix this w\o having to use any 3rd party apps.......I know this can be a heavy lift but it is also a good way to learn how to get around thru Win 10 & to use it's many features........using the Internet to find any guiding info needed if\when I ran into something that I wasn't familiar with before proceeding to mess w\ it.
For once I want to isolate the source of the issue before resolving it so that the info can be gleaned to help others (like Hitech) if other players run into this somewhere down the road......... To date I've found nothing out on the Internet pointing to this specific issue I have so am going into this kinda blind............
Since I'm retired now I got the spare time (especially since COVID-19 came along) to take this on............
PS--Forgot to mention that I have ran her thru DISM along w\ sfc /scannow a couple of times since & all comes back clean w\ no errors found or fixed......
