Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Requested to post topic here to check if infected. Please help.

  • Please log in to reply
1 reply to this topic

#1 schweppes4rums


  • Members
  • 32 posts
  • Local time:09:25 AM

Posted 13 January 2016 - 07:49 AM

Hello All 
I've been requested to post here to get help with verification if i my system is infected.  I have been getting dreaded BSODs with the driver ntkrnlpa.exe causing the error. 
I've checked if it is rootkit with GMER which log advises rootkit like behaviour but investigating using mdschecker shows that is normal win 7 master boot record , so seems has not been modified in any way. 
I've used Hitmanpro, Combofix, Malware bytes and recently EMsisoft which did find Win32 Bunndle variant and has now been deleted. 
Rkill log also shows that there were no malware to kill.  However when using Rogue Killer the system crashes with BSOD caused by ntkrnlpa.exe.   It seems it crashes as soon as it looks for rootkits else it was scanning fine. 
Please find zipped attach of .txt file created using blue screen view. 
I hope someone can take a look at the logs from combofix, hijackthis etc to determine if i really being caused by some malicious rootkit or other virus.  
I can also use Autoruns and killswitch to help diagnose. 
Thanks in advance.. Really need to get my system back up and running . . .

Attached File  bluescreenviewbugreport.zip   2.16KB   4 downloads

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,406 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:25 AM

Posted 13 January 2016 - 08:49 AM

I looked at your other topic and did a brief search on your problem. It is possible that the leftovers from Comodo is causing

the problem. One suggestion that worked for another user was to do a simple startup repair. If you have a Windows 7 Repair Disk

use it to run the Startup Repair.


Other than doing the above I suggest you ask for assitance in the Malware Removal Forum because they can use tools not allowed

in this forum and have the expertise to use them. They may even be able to clean up the Comodo mess.


Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


DO NOT bump your new topic. Wait for a response from one of the Team Members.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users