Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Blue Screens and Pop Ups Galore (Ntoskrnl.exe)

16 Apr 2013   #1

Windows 7 Home Premium 64bit
Blue Screens and Pop Ups Galore (Ntoskrnl.exe)

This may be a malware issue but I do not know. This is a dump file as well as a picture of my blue screen. i also get pop ups on the internet randomly that should happen and when I click links i get sent to completely different websites then I should. Thanks for any help!

My System SpecsSystem Spec
16 Apr 2013   #2

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Hi edlovereze

Download from a clean PC so you could download the tools

Download tdsskiller

Description :Download :

On the infected PC right click on TDSSKiller.exe choose Run as administrator , then click on Change parameters

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Click the Start Scan button

If a suspicious object is detected, the default action will be Skip, click on Continue.

Note   Note
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


RogueKiller Download

Click on Download now

Save to the Desktop.

Close all windows and browsers
Right click RogueKiller choose Run as Administrator

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
17 Apr 2013   #3

Windows 7 Home Premium 64bit

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Newter [Admin rights]
Mode : Scan -- Date : 04/17/2013 12:18:38
| ARK || FAK || MBR |

Bad processes : 2
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]

Registry Entries : 10
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965 (cmd.exe /C start /D "C:\Users\Newter\AppData\Local\Temp" /B A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965.exe -postboot) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3180214080-296850399-2681992799-1001[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

--> C:\Windows\system32\drivers\etc\hosts

MBR Check:

+++++ PhysicalDrive0: ST31500541AS +++++
--- User ---
[MBR] 4c5631f4dcf5b3b5fefeb4ae58126048
[BSP] 7d7b4abc37269dce17ea12654ca91c84 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04172013_02d1218.txt >>
My System SpecsSystem Spec

17 Apr 2013   #4

Windows 7 Home Premium 64bit

It was too long to copy and paste but here is the TDSS report! Thanks for the help!
My System SpecsSystem Spec
17 Apr 2013   #5

Windows 7 Home Premium 64bit

TDSS Killer found something that was labeled as Malware and its default action was to cure so I let it do that. I have restarted my computer and it has not blue screened for 5 hours. I was normally getting a BSOD every 25-30 minutes so it appears that the problem is fixed. If not, let me know what to do! And thanks again for the help! this had been frustrating me a lot. The only problem I am having right now is that my start up takes an extremely long amount of time once logged onto Windows... If I need to make a new post about that I will but if anyone could help on here that'd save some space. I am thinking about just not having any programs start up and see if that fixes it. Thanks again!
My System SpecsSystem Spec
17 Apr 2013   #6

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Run rogue killer one more time this time click on delete . Restart the PC . Run tdsskiller once more post the log and I will tell you the next steps .


My apologies . Regarging your logs you do have something there. That I am not " allowed " to help with. Please open up a new topic in the System Security thread of the forum . Please . Once that has been removed and you get more BSODs please upload the files and I or others that are able to help you.
My System SpecsSystem Spec
17 Apr 2013   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Just a bit of information on Rootkit.win32.BackBoot.gen:

Defined as a Trojan virus, Rootkit.Win32.BackBoot.gen targets at almost all Windows systems, from Windows Vista to Windows 7. This type of virus possesses the ability to steal password and other sensitive personal information from compromised system. Once installed on the targeted computer, it becomes possible to hide the intrusion; it is also able to maintain administrator access. It can full control over a system that means the existing programs can be modified.

In most case, rookit virus takes action to change the browser setting, DNS settings and LAN settings to make the system at lowest security level to allow further infection and attack. It also modifies the existing program including software that might otherwise be used to detect or circumvent it.
My System SpecsSystem Spec

 Blue Screens and Pop Ups Galore (Ntoskrnl.exe)

Thread Tools

Similar help and support threads
Thread Forum
Blue screens, many (not all) 'seems to be caused by ... ntoskrnl.exe'.
Hullo, everyone. Getting somewhat frequent blue screens. Far as I can tell they're not triggered by any thing specific, and have occurred when the computer wasn't doing much work. I've tried things like replacing the power supply (which I thought had solved it as it went months without doing...
BSOD Help and Support
Constant Blue Screens,ntoskrnl.exe IRQL_NOT_LESS_OR_EQUAL
Hello all! I've been having a VERY annoying issue as of late. I usually keep my computer in standby when I go to bed on weekdays. However, multiple times a week, I turn my laptop on to find out that it shut down. When I log in, I get the "windows has recovered from an unexpected shutdown"...
BSOD Help and Support
Various blue screens, mainly caused by ntoskrnl.exe
Edit: im currently running a memory diagnostics to see if my ram is corrupted, it didnt occur to me to do it till now but it seems that some of my hardware has problems, im not sure what yet but i know now that its not all just my windows install Recently i did a clean install of windows 7 from...
BSOD Help and Support
Frequent Blue Screens, ntoskrnl.exe
Most of the solutions for ntoskrnl.exe BSODs seem to be for Windows xp. Anyone able to give me a hand?
BSOD Help and Support
ntoskrnl.exe causing blue screens and freezes
um i created my own thread lasttime but what ever dont go nuts at me i only have 1 minidump i recently ran windows debug manager with the symbols which pointed me to the driver for my razor diamodback mouse and as i recall getting a virus this virus must of infected the driver that or windows...
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:07.
Twitter Facebook Google+