Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screens


  • This topic is locked This topic is locked
14 replies to this topic

#1 Ryan McHugh

Ryan McHugh

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 July 2011 - 10:20 AM

Hello,

I'm running a WinXP Pro SP3 computer as a server for a restaurant's MICROS register systems. Over the past few months, I've been getting trouble calls from the staff there about the server being down. The server doesn't have a monitor plugged into it, so they never knew what was causing it to stop responding, but I just installed BlueScreenView and it's been getting stop errors. Two of them were caused by the RDP Display Driver (which seems to have resolved itself since I updated the video card drivers) and the other (more frequent, seems to be about once a month) is being caused by rkhdrv40.sys.

I was wondering if anyone had any idea how to fix this problem.

Thanks in advance,
Ryan

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:04 AM

Posted 14 July 2011 - 10:37 AM

We need to know more about your BSODs...

Download BlueScreenView (in Zip file)

No installation required.

Unzip downloaded file and double click on BlueScreenView.exe file to run the program and When scanning is done, go to Edit > Select All.

Then go to File > Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Compliments of Broni

#3 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 July 2011 - 12:11 PM

Sorry, I meant to upload this with the original post. Chose the file, just forgot to hit "attach". :)

edit: updated with all bsods

Attached Files

  • Attached File  bsod.txt   18.96KB   4 downloads

Edited by Ryan McHugh, 14 July 2011 - 12:14 PM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:04 AM

Posted 14 July 2011 - 02:01 PM

They all seem to be associated with Root Kit Unhooker. Do you currently have anything installed like that?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by cryptodan, 14 July 2011 - 02:03 PM.


#5 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 July 2011 - 02:14 PM

They all seem to be associated with Root Kit Unhooker. Do you currently have anything installed like that?


I don't believe anything like that is installed. Unfortunately the tech that worked here before me was extremely paranoid, and a bit crazy. So finding something like that wouldn't surprise me, but at the same time might not be easy. He liked making things hard to find. :)

Attached is the results you requested.

Attached Files



#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:04 AM

Posted 14 July 2011 - 02:39 PM

You just ran that tool yesterday, what was the end result did it create any logs?

#7 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 July 2011 - 02:51 PM

You just ran that tool yesterday, what was the end result did it create any logs?

If by "that tool" you mean Rootkit Unhooker, I didn't run it. It must be being run by an automated process or something. The end result was a BSOD (as shown by bsod.txt attached earlier in this thread).

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:04 AM

Posted 14 July 2011 - 03:06 PM

Can you run the following in an elevated command prompt via Start > All Programs > Accessories > right click on Command Prompt and hit Run as Admin

type in the following:

at >> scheduled_tasks.txt

then open it up via notepad scheduled_tasks.txt

Copy and paste the results here.

#9 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 July 2011 - 03:19 PM

"There are no entries in the list."

This is what I got for a result. I don't think you can get an elevated command prompt in XP though? (I'm logged in with an account that has administrator access, and I thought the elevated prompts were only in Vista+?)

#10 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 July 2011 - 03:23 PM

Yet another blue screen, this time it happened while I was connected via RDP. Attached is a log from BlueScreenView.

Attached Files



#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:04 AM

Posted 14 July 2011 - 03:24 PM

Lets look for some files:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    rkhdrv40.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#12 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 July 2011 - 03:32 PM

SystemLook results attached. Hope this helps. Thanks for all your help so far. :)

Attached Files



#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:04 AM

Posted 14 July 2011 - 03:37 PM

I am going to refer you to the MRT Team:

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Based upon this google: BA96E9FC124585F4CBEC11416D85DC1E - rkhdrv40.sys

#14 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 July 2011 - 04:52 PM

New thread started here

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 AM

Posted 14 July 2011 - 08:10 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users