Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:16 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:16:54 - CheckSystem - Begin to check system... 23:16:54 - OpenRootDrive - Opening system root volume and physical drive.... 23:16:54 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:16:54 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:16:59 - InstallAndStartDriver - Unable to start AntiZeroAccess driver. StartService last error: 1084 23:17:32 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:17:35 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:17:35 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:17:35 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:29 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:29:56 - CheckSystem - Begin to check system... 23:29:56 - OpenRootDrive - Opening system root volume and physical drive.... 23:29:57 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:29:57 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:29:58 - InstallAndStartDriver - Main driver was installed and now is running. 23:29:58 - CheckSystem - Warning! Disk class driver is INFECTED. 23:30:06 - CheckFile - Warning! File "mrxsmb.sys" is Infected by ZeroAccess Rootkit. 23:30:15 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:30:58 - DoRepair - Begin to perform system repair.... 23:30:58 - DoRepair - System Disk class driver was repaired. 23:30:58 - DoRepair - Infected "mrxsmb.sys" file was renamed. 23:30:58 - DoRepair - Infected "mrxsmb.sys" file was successfully cleaned! 23:30:59 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:30:59 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:30:59 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:38 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:38:48 - CheckSystem - Begin to check system... 23:38:48 - OpenRootDrive - Opening system root volume and physical drive.... 23:38:48 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:38:48 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:38:49 - InstallAndStartDriver - Main driver was installed and now is running. 23:38:49 - CheckSystem - Warning! Disk class driver is INFECTED. 23:38:51 - CheckFile - Warning! File "mrxsmb.sys" is Infected by ZeroAccess Rootkit. 23:38:55 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:39:05 - DoRepair - Begin to perform system repair.... 23:39:05 - DoRepair - System Disk class driver was repaired. 23:39:05 - DoRepair - Infected "mrxsmb.sys" file was renamed. 23:39:05 - DoRepair - Infected "mrxsmb.sys" file was successfully cleaned! 23:39:05 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:39:05 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:39:05 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:46 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:46:32 - CheckSystem - Begin to check system... 23:46:32 - OpenRootDrive - Opening system root volume and physical drive.... 23:46:32 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:46:32 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:46:32 - InstallAndStartDriver - Main driver was installed and now is running. 23:46:32 - CheckSystem - Warning! Disk class driver is INFECTED. 23:46:35 - CheckFile - Warning! File "ipsec.sys" is Infected by ZeroAccess Rootkit. 23:46:38 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:46:50 - DoRepair - Begin to perform system repair.... 23:46:50 - DoRepair - System Disk class driver was repaired. 23:46:50 - DoRepair - Infected "ipsec.sys" file was renamed. 23:46:50 - DoRepair - Infected "ipsec.sys" file was successfully cleaned! 23:46:50 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:46:50 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:46:50 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:46 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:46:59 - CheckSystem - Begin to check system... 23:46:59 - OpenRootDrive - Opening system root volume and physical drive.... 23:46:59 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:46:59 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:47:00 - InstallAndStartDriver - Main driver was installed and now is running. 23:47:00 - CheckSystem - Disk class driver state is OK. 23:47:05 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:47:05 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:47:05 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:47:05 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:47 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:47:23 - CheckSystem - Begin to check system... 23:47:23 - OpenRootDrive - Opening system root volume and physical drive.... 23:47:23 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:47:23 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:47:23 - InstallAndStartDriver - Main driver was installed and now is running. 23:47:23 - CheckSystem - Disk class driver state is OK. 23:47:27 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:47:28 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:47:28 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:47:28 - Execution Ended!