Jump to content

Recommended Posts

Hi I ran a scan with FRST64.exe and it found a boot kit.

but I'm not sure if this is a real boot kit my computer or not

I run the Chimera boot loader to be able to boot into Mac OS X

and Windows  I have the log attached

My computer has been running normaly but my steam libary randomly open the other day.


Somebody Please Help :excl:


(the Addition.txt has the info)


Also please tell me if I have other malware on my computer.



Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.




Chimera might have made FRST thinking you are infected - let´s see:



Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).





  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.
Link to post
Share on other sites

its Chrashed on the first scan i turn off bit deffender .

aswMBr log

aswMBR version Copyright© 2011 AVAST Software
Run date: 2014-02-17 12:37:25
12:37:25.175    OS Version: Windows x64 6.2.9200
12:37:25.175    Number of processors: 4 586 0x3A09
12:37:25.175    ComputerName: TROYS-PC  UserName: Troy
12:37:25.304    Initialize success
12:37:36.870    AVAST engine defs: 14021700
12:37:39.824    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
12:37:39.824    Disk 0 Vendor: Samsung_SSD_840_Series DXT08B0Q Size: 114473MB BusType: 11
12:37:39.825    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000030
12:37:39.826    Disk 1 Vendor: Samsung_SSD_840_EVO_120GB EXT0BB0Q Size: 114473MB BusType: 11
12:37:39.827    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000032
12:37:39.828    Disk 2 Vendor: ST1000DM003-1CH162 CC46 Size: 953869MB BusType: 11
12:37:39.833    Disk 0 MBR read successfully
12:37:39.835    Disk 0 MBR scan
12:37:39.837    Disk 0 Windows 7 default MBR code
12:37:39.838    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS       114071 MB offset 2048
12:37:39.840    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          399 MB offset 233619456
12:37:39.847    Disk 0 scanning C:\Windows\system32\drivers
12:37:41.877    Service scanning
12:37:42.366    Service BdfNdisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys **LOCKED** 5
12:37:42.379    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
12:37:42.389    Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 5
12:37:47.398    Modules scanning
12:37:47.400    Disk 0 trace - called modules:
12:37:47.403    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
12:37:47.405    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00002f43060]
12:37:47.407    3 CLASSPNP.SYS[fffff80000f66abb] -> nt!IofCallDriver -> [0xffffe0000114bae0]
12:37:47.410    5 ACPI.sys[fffff8000047c5f1] -> nt!IofCallDriver -> \Device\0000002f[0xffffe0000114d060]
12:37:47.579    AVAST engine scan C:\Windows
12:37:47.947    AVAST engine scan C:\Windows\system32
12:38:28.906    AVAST engine scan C:\Windows\system32\drivers
12:38:31.622    AVAST engine scan C:\Users\Troy
12:39:30.015    AVAST engine scan C:\ProgramData
12:39:50.595    Scan finished successfully
12:40:02.508    Disk 0 MBR has been saved successfully to "C:\Users\Troy\Desktop\MBR.dat"
12:40:02.511    The log file has been saved successfully to "C:\Users\Troy\Desktop\aswMBR.txt"

ListParts64 Log


Disk: 1
Partition 2
Type    : 48465300-0000-11aa-aa11-00306543ecac
Hidden  : Yes
Required: No
Attrib  : 0000000000000000

There is no volume associated with this partition.


Disk: 1
Partition 3
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0X8000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         New Volume   NTFS   Partition    127 MB  Healthy            


Partitions of Disk 2:

Disk ID: 68ECC841

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB   1024 B


Disk: 2
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     S   Storage      NTFS   Partition    931 GB  Healthy            

============================== MBR Partition Table ==================

Partitions of Disk 0:
Disk ID: B95E7607
Partition 1: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=399 MB) - (Type=07 NTFS)

Partitions of Disk 1:
Disk ID: 00000000

Partition : GPT Partition TypePartition 00: (Active) - (Size=0) - (Type=00 ATTENTION ===> 0 byte partition bootkit.

Partitions of Disk 2:
Disk ID: 68ECC841
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

The boot configuration data store could not be opened.
The requested system device cannot be found.

****** End Of Log ******

Link to post
Share on other sites

Thank you for waiting.


I´ve contacted the author of FRST and he explained that we´re facing a so called false positive here.

Your computer isn´t infected by a bootkit.


Let´s do a system scan from outside:



Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v3.019 - Report created 19/02/2014 at 15:47:48
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : Troy - TROYS-PC
# Running from : C:\Users\Troy\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\S

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\4gv9dv24.default\prefs.js ]


AdwCleaner[R0].txt - [668 octets] - [19/02/2014 15:47:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [727 octets] ##########

# AdwCleaner v3.019 - Report created 19/02/2014 at 15:49:27
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : Troy - TROYS-PC
# Running from : C:\Users\Troy\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\S

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\4gv9dv24.default\prefs.js ]


AdwCleaner[R0].txt - [806 octets] - [19/02/2014 15:47:48]
AdwCleaner[s0].txt - [730 octets] - [19/02/2014 15:49:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [789 octets] ##########


 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Bitdefender Antivirus   
Windows Defender        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version  
 Adobe Flash Player  
 Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender vsserv.exe  
 Bitdefender Bitdefender updatesrv.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
 Bitdefender Bitdefender bdagent.exe  
 Bitdefender Bitdefender pmbxag.exe  
 Bitdefender Bitdefender antispam32 bdapppassmgr.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[
I'm using Bitdefender's built in Firewall I don't know why it didn't show up.

Link to post
Share on other sites

Your system is clean! :)



Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.




Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.