# [SOLVED] blue screen error rdr file system



## jcarti01

i actually have two issues, one serious, one an annoyance.

serious first:
my acer aspire 5100 has a serious error with its file system. i think i know what the problem is, the problem is that your main solution i think is the cause, service pack 1. some background info if it may help, my first attempt at installing sp1 failed. it said that it was rolling back its updates and then sat on 0% for a few hours with no activity from the computer at all. i turned it off and turned it back on, and then while it was checking its internal files, the rollback must not have gotten into some registery files and so the system never started back up. to get things useable again i used my created factory reset disc to reformat my c: partition and set the system back to day 1. i then restarted my attempt to upgrade to sp1. i downloaded all updates and redownloaded sp1 and again attempted to install it. this time the unit shut off while the upgrade was in progress and again would not load up. so for a third time i reset. this time stage 1 did not upgrade correctly so it rebooted itself and started the process over. this time sp1 installed all the way, but now i have a serious problem.

i have a wireless network at home where i have mapped some drives on the laptop. any click on those shared folders will either cause a blue screen or seriously lock up the system where i have to do a hard reboot. the error message flies by so fast that the only headers that i got was that it is an rdr file system error. this is not just on the folders on another computer, this is on my own shared folders that i have on my laptop, except there looking at the folder's properties kills the system. when i do that, there is a 1-7 chance that the system loads; on failed attempts i get maybe 2 frames in where the graphical boot screen is not even fully illuminated and there is no system activity.

i don't know what is going on as there were zero programs ,devices, or drivers installed between upgrading sp1 and having this problem and it did not happen before installing sp1.

my second problem came from the first, i had duel booted with ultimate on a seperate partition and now i want to remove it because it's taking up too much space on that partition. other than a format how would i go about getting rid of that?


----------



## jcgriff2

*Re: blue screen error rdr file system*

Hi . . . 

Welcome.

Let's deal with the BSOD issue for now.

I'll take a look at the dump files - get them from \windows\minidump. Also run msinfo32 -
START | type msinfo32 & hit enter - save it in default NFO file format.

Zip all up and attach to your next post.

Regards. . .

jcgriff2

.


----------



## jcarti01

*Re: blue screen error rdr file system*

done.

i also in the time between posting and replying just bought an upgrade to vista ultimate (sp1). i'm going to hold off on installing that just now, but will it have any future adverse effects?


----------



## jcgriff2

*Re: blue screen error rdr file system*

Hi. . .

The bugcheck on the dump file you submitted (that was 15th BSOD for 10-09-08 as of that time) was 0x00000027 (0xbaad0075, 0x8b00b898, 0x8b00b594, 0x0) with the probable cause listed as * pxtdi.sys*.

I found these 2 system services running:


Code:


PREVXAgent	PREVXAgent	Running	Auto	Own Process
	"c:\program files\prevx2\pxagent.exe" -f	Ignore
	LocalSystem	0

PXVistaSvc	PXVistaSvc	Stopped	Auto	Own Process
	"c:\program files\prevx2\pxvistasvc.exe"	Ignore
	LocalSystem	0

These are not Vista services that I know of.

You have 2 options here that I see - 
1. Re-format and re-install Vista
2. Visit our HJT log help in the Security Center

If you follow #2, please be sure to follow THESE 5 STEPS before posting your HiJackThis log in the Security Center.

Regards. . .

jcgriff2

.



Code:


Loading Dump File [A:\D\#Dumps\jcarti01_Vista_10-10-08\Mini100908-15.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*a:\symbols\*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x81c0b000 PsLoadedModuleList = 0x81d22c70
Debug session time: Thu Oct  9 13:40:31.516 2008 (GMT-4)
System Uptime: 0 days 0:01:27.093
Loading Kernel Symbols
.................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad0075, 8b00b898, 8b00b594, 0}

Unable to load image \SystemRoot\system32\DRIVERS\pxfsf.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for pxfsf.sys
*** ERROR: Module load completed but symbols could not be loaded for pxfsf.sys
*** WARNING: Unable to verify timestamp for pxtdi.sys
*** ERROR: Module load completed but symbols could not be loaded for pxtdi.sys
Probably caused by : pxtdi.sys ( pxtdi+448a )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

RDR_FILE_SYSTEM (27)
    If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
    exception record and context record. Do a .cxr on the 3rd parameter and then kb to
    obtain a more informative stack trace.
    The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
    as follows:
     RDBSS_BUG_CHECK_CACHESUP  = 0xca550000,
     RDBSS_BUG_CHECK_CLEANUP   = 0xc1ee0000,
     RDBSS_BUG_CHECK_CLOSE     = 0xc10e0000,
     RDBSS_BUG_CHECK_NTEXCEPT  = 0xbaad0000,
Arguments:
Arg1: baad0075
Arg2: 8b00b898
Arg3: 8b00b594
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_RECORD:  8b00b898 -- (.exr 0xffffffff8b00b898)
ExceptionAddress: 00000000
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000008
   Parameter[1]: 00000000
Attempt to execute non-executable address 00000000

CONTEXT:  8b00b594 -- (.cxr 0xffffffff8b00b594)
eax=8c685130 ebx=00030007 ecx=86df6db8 edx=00000008 esi=86df6db8 edi=00000000
eip=00000000 esp=8b00b960 ebp=8b00b994 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
00000000 ??              ???
Resetting default scope

CUSTOMER_CRASH_COUNT:  15

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81d42868
Unable to read MiSystemVaType memory at 81d22420
 00000000 

FAILED_INSTRUCTION_ADDRESS: 
+0
00000000 ??              ???

BUGCHECK_STR:  0x27

LAST_CONTROL_TRANSFER:  from 8c68348a to 00000000

STACK_TEXT:  
WARNING: Frame IP not in any known module. Following frames may be wrong.
8b00b95c 8c68348a 86800680 86800738 870befa4 0x0
8b00b994 828120c6 86800680 00000000 00000000 pxtdi+0x448a
8b00b9c0 82812156 00000004 86800680 86df6db8 pxfsf+0xd0c6
8b00b9ec 82812185 00000004 870bef60 00000003 pxfsf+0xd156
8b00ba10 8c6802d4 8609f200 00000004 000001e0 pxfsf+0xd185
8b00baa8 8c682931 8b00bac4 86df6db8 86843ae0 pxtdi+0x12d4
8b00bb04 8c68d285 86800680 86800738 86800680 pxtdi+0x3931
8b00bb28 8c694151 865aebb0 865dd9f0 962ef514 smb!SmbSend+0x163
8b00bb48 81cc7053 865aebb0 86800680 962f0000 smb!SmbDispatchInternalCtrl+0xd7
8b00bb60 962e0a41 86c0d6a8 86800680 8618b6a8 nt!IofCallDriver+0x63
8b00bb74 962e07f5 865aebb0 86800680 868606a0 mrxsmb!RxCeSubmitAsynchronousTdiRequest+0x57
8b00bba8 962f1080 86c0d6a8 86c0d6d0 8618b6a8 mrxsmb!RxTdiSend+0x1ae
8b00bc0c 962f1266 8618b73c 00000000 86a74fa0 mrxsmb!RxCeSend+0x7b
8b00bc34 962e35b6 8618b668 00000000 86a74fa0 mrxsmb!VctSend+0x2d
8b00bc68 962e53fd 00000000 00000090 86bb936c mrxsmb!SmbCseSubmitBufferContext+0x210
8b00bc8c 962e2d93 00000000 8618b668 00000000 mrxsmb!SmbNegotiate_Start+0x119
8b00bcbc 962e52c8 00bb9328 8653a6f0 86bb9328 mrxsmb!SmbCeInitiateExchange+0x366
8b00bcd0 962e490e 8653a718 8618b668 8653a6f0 mrxsmb!MRxSmbInitialNegotiate+0x5f
8b00bcfc 962e4730 8653a718 86c24020 8c765dc8 mrxsmb!SmbCeCompleteTransportConnectionEstablishment+0xf0
8b00bd14 8c750212 8653a6f0 0776ea61 00000000 mrxsmb!VctCompleteConnectRequest+0x81
8b00bd6c 8c77e0b6 8c765dc8 00000000 8b00bdc0 rdbss!RxpWorkerThreadDispatcher+0x138
8b00bd7c 81de0b18 8c765dc8 1136a41a 00000000 rdbss!RxBootstrapWorkerThreadDispatcher+0xf
8b00bdc0 81c39a3e 8c77e0a7 8c765dc8 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


FOLLOWUP_IP: 
pxtdi+448a
8c68348a ??              ???

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  pxtdi+448a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: pxtdi

IMAGE_NAME:  pxtdi.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  47728ac7

STACK_COMMAND:  .cxr 0xffffffff8b00b594 ; kb

FAILURE_BUCKET_ID:  0x27_NULL_IP_pxtdi+448a

BUCKET_ID:  0x27_NULL_IP_pxtdi+448a

Followup: MachineOwner
---------

eax=81d03920 ebx=8b00b898 ecx=81d0b1f8 edx=000000f2 esi=81d0393c edi=8b00afe0
eip=81cd8163 esp=8b00b350 ebp=8b00b36c iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000206
nt!KeBugCheckEx+0x1e:
81cd8163 8be5            mov     esp,ebp
ChildEBP RetAddr  Args to Child              
8b00b36c 8c75c110 00000027 baad0075 8b00b898 nt!KeBugCheckEx+0x1e
8b00b394 8c750237 00000000 c0000005 8c7533a4 rdbss!RxExceptionFilter+0xd0 (FPO: [Non-Fpo])
8b00b3a0 8c7533a4 00000000 8b00bd6c 8c764660 rdbss!RxpWorkerThreadDispatcher+0x158 (FPO: [SEH])
8b00b3b4 8c75ce50 00000000 00000000 00000000 rdbss!_EH4_CallFilterFunc+0x12 (FPO: [Uses EBP] [0,0,4])
8b00b3dc 81cc0ba2 fffffffe 8b00bd5c 8b00b594 rdbss!_except_handler4+0x8e (FPO: [Non-Fpo])
8b00b400 81cc0b74 8b00b898 8b00bd5c 8b00b594 nt!ExecuteHandler2+0x26
8b00b4b8 81c41567 8b00b898 8b00b594 1136a1a6 nt!ExecuteHandler+0x24
8b00b87c 81c6363a 8b00b898 00000000 8b00b8ec nt!KiDispatchException+0x170
8b00b8e4 81c635ee 8b00b994 00000000 badb0d00 nt!CommonDispatchException+0x4a (FPO: [0,20,0])
8b00b904 81fcb5b0 00000000 850b7200 8b00b938 nt!KiExceptionExit+0x186
8b00b994 828120c6 86800680 00000000 00000000 hal!KfLowerIrql+0x64 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
8b00b9c0 82812156 00000004 86800680 86df6db8 pxfsf+0xd0c6
8b00b9ec 82812185 00000004 870bef60 00000003 pxfsf+0xd156
8b00ba10 8c6802d4 8609f200 00000004 000001e0 pxfsf+0xd185
8b00baa8 8c682931 8b00bac4 86df6db8 86843ae0 pxtdi+0x12d4
8b00bb04 8c68d285 86800680 86800738 86800680 pxtdi+0x3931
8b00bb28 8c694151 865aebb0 865dd9f0 962ef514 smb!SmbSend+0x163 (FPO: [Non-Fpo])
8b00bb48 81cc7053 865aebb0 86800680 962f0000 smb!SmbDispatchInternalCtrl+0xd7 (FPO: [Non-Fpo])
8b00bb60 962e0a41 86c0d6a8 86800680 8618b6a8 nt!IofCallDriver+0x63
8b00bb74 962e07f5 865aebb0 86800680 868606a0 mrxsmb!RxCeSubmitAsynchronousTdiRequest+0x57 (FPO: [Non-Fpo])
start    end        module name
8060b000 80613000   kdcom    kdcom.dll    Sat Jan 19 02:31:53 2008 (4791A769)
80613000 80624000   PSHED    PSHED.dll    Sat Jan 19 02:31:21 2008 (4791A749)
80624000 8062c000   BOOTVID  BOOTVID.dll  Sat Jan 19 02:27:15 2008 (4791A653)
8062c000 8066d000   CLFS     CLFS.SYS     Sat Jan 19 00:28:01 2008 (47918A61)
8066d000 8074d000   CI       CI.dll       Fri Feb 22 00:00:56 2008 (47BE5708)
8074d000 807c9000   Wdf01000 Wdf01000.sys Sat Jan 19 00:52:21 2008 (47919015)
807c9000 807d6000   WDFLDR   WDFLDR.SYS   Sat Jan 19 00:52:19 2008 (47919013)
807d6000 807f0000   sdbus    sdbus.sys    Sat Jan 19 00:32:56 2008 (47918B88)
81c0b000 81fc4000   nt       ntkrpamp.exe Sat Apr 26 01:28:17 2008 (4812BD71)
81fc4000 81ff7000   hal      halmacpi.dll Sat Jan 19 00:27:20 2008 (47918A38)
82206000 8224c000   acpi     acpi.sys     Sat Jan 19 00:32:48 2008 (47918B80)
8224c000 82255000   WMILIB   WMILIB.SYS   Sat Jan 19 00:53:08 2008 (47919044)
82255000 8225d000   msisadrv msisadrv.sys Sat Jan 19 00:32:51 2008 (47918B83)
8225d000 82284000   pci      pci.sys      Sat Jan 19 00:32:57 2008 (47918B89)
82284000 82293000   partmgr  partmgr.sys  Sat Jan 19 00:49:54 2008 (47918F82)
82293000 82295900   compbatt compbatt.sys Sat Jan 19 00:32:47 2008 (47918B7F)
82296000 822a0000   BATTC    BATTC.SYS    Sat Jan 19 00:32:45 2008 (47918B7D)
822a0000 822af000   volmgr   volmgr.sys   Sat Jan 19 00:49:51 2008 (47918F7F)
822af000 822f9000   volmgrx  volmgrx.sys  Sat Jan 19 00:50:00 2008 (47918F88)
822f9000 82300000   pciide   pciide.sys   Sat Jan 19 00:49:42 2008 (47918F76)
82300000 8230e000   PCIIDEX  PCIIDEX.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
8230e000 8233b000   pcmcia   pcmcia.sys   Sat Jan 19 00:32:56 2008 (47918B88)
8233b000 8234b000   mountmgr mountmgr.sys Sat Jan 19 00:49:13 2008 (47918F59)
8234b000 8234e680   UBHelper UBHelper.sys Fri Dec 17 04:00:25 2004 (41C2A029)
8234f000 82357000   atapi    atapi.sys    Sat Jan 19 00:49:40 2008 (47918F74)
82357000 82375000   ataport  ataport.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
82375000 8238b000   SI3112   SI3112.sys   Fri Mar 21 15:31:45 2008 (47E40D21)
8238b000 823b1000   SCSIPORT SCSIPORT.SYS Sat Jan 19 00:49:44 2008 (47918F78)
823b1000 823e3000   fltmgr   fltmgr.sys   Sat Jan 19 00:28:10 2008 (47918A6A)
823e3000 823f3000   fileinfo fileinfo.sys Sat Jan 19 00:34:27 2008 (47918BE3)
823f3000 823f5980   psdfilter psdfilter.sys Fri Nov 10 02:10:48 2006 (455425F8)
82805000 82856000   pxfsf    pxfsf.sys    Wed Dec 26 12:09:22 2007 (47728AC2)
82856000 8285f000   pxcom    pxcom.SYS    Wed Dec 26 12:07:52 2007 (47728A68)
8285f000 82862100   SiWinAcc SiWinAcc.sys Thu Jun 14 20:02:27 2007 (4671D713)
82863000 8286bde0   PxHelp20 PxHelp20.sys Wed Jun 20 18:26:00 2007 (4679A978)
8286c000 828dd000   ksecdd   ksecdd.sys   Sat Jan 19 00:41:20 2008 (47918D80)
828dd000 829e8000   ndis     ndis.sys     Sat Jan 19 00:55:51 2008 (479190E7)
829e8000 829f7300   EMS7SK   EMS7SK.sys   Wed Oct 25 02:36:34 2006 (453F05F2)
82a00000 82a2b000   msrpc    msrpc.sys    Sat Jan 19 00:48:15 2008 (47918F1F)
82a2b000 82a65000   NETIO    NETIO.SYS    Sat Jan 19 00:56:19 2008 (47919103)
82a65000 82b4c000   tcpip    tcpip.sys    Sat Apr 26 02:00:17 2008 (4812C4F1)
82b4c000 82b67000   fwpkclnt fwpkclnt.sys Sat Jan 19 00:55:44 2008 (479190E0)
82b7d000 82b86000   tunmp    tunmp.sys    Sat Jan 19 00:55:40 2008 (479190DC)
82b86000 82b96000   amdk8    amdk8.sys    Sat Jan 19 00:27:20 2008 (47918A38)
82b96000 82b9f000   wmiacpi  wmiacpi.sys  Sat Jan 19 00:32:47 2008 (47918B7F)
82b9f000 82bb2000   i8042prt i8042prt.sys Sat Jan 19 00:49:17 2008 (47918F5D)
82bb2000 82bdc380   SynTP    SynTP.sys    Mon Oct 23 13:52:26 2006 (453D015A)
82bdd000 82be8000   mouclass mouclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
82be8000 82bf9000   Rtnicxp  Rtnicxp.sys  Mon Mar 31 01:41:05 2008 (47F07971)
87400000 8740b000   tunnel   tunnel.sys   Sat Jan 19 00:55:50 2008 (479190E6)
8740c000 8751b000   Ntfs     Ntfs.sys     Sat Jan 19 00:28:54 2008 (47918A96)
8751b000 87554000   volsnap  volsnap.sys  Sat Jan 19 00:50:10 2008 (47918F92)
87554000 8755c000   spldr    spldr.sys    Thu Jun 21 20:29:17 2007 (467B17DD)
8755c000 8756e000   psdvdisk psdvdisk.sys Wed Nov 08 03:11:28 2006 (45519130)
8756e000 8756ff00   PSDNServ PSDNServ.sys Fri Nov 10 02:21:14 2006 (4554286A)
87570000 8757f000   mup      mup.sys      Sat Jan 19 00:28:20 2008 (47918A74)
8757f000 875a6000   ecache   ecache.sys   Sat Jan 19 00:50:47 2008 (47918FB7)
875a6000 875b7000   disk     disk.sys     Sat Jan 19 00:49:47 2008 (47918F7B)
875b7000 875d8000   CLASSPNP CLASSPNP.SYS Sat Jan 19 00:49:36 2008 (47918F70)
875d8000 875e1000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
8ae00000 8ae0a000   DKbFltr  DKbFltr.sys  Thu Oct 19 04:24:28 2006 (4537363C)
8ae0a000 8ae0b700   USBD     USBD.SYS     Sat Jan 19 00:53:17 2008 (4791904D)
8ae0c000 8aeab000   dxgkrnl  dxgkrnl.sys  Fri Aug 01 21:01:19 2008 (4893B1DF)
8aeab000 8aeb8000   watchdog watchdog.sys Sat Jan 19 00:35:29 2008 (47918C21)
8aeb8000 8af9f000   athr     athr.sys     Thu Aug 14 21:37:06 2008 (48A4DDC2)
8af9f000 8afa9000   usbohci  usbohci.sys  Sat Jan 19 00:53:21 2008 (47919051)
8afa9000 8afe7000   USBPORT  USBPORT.SYS  Sat Jan 19 00:53:23 2008 (47919053)
8afe7000 8aff6000   usbehci  usbehci.sys  Sat Jan 19 00:53:21 2008 (47919051)
8aff6000 8aff7200   ElbyDelay ElbyDelay.sys Tue Apr 12 04:41:20 2005 (425B89B0)
8aff8000 8aff9800   NTIDrvr  NTIDrvr.sys  Tue Dec 21 15:33:14 2004 (41C8888A)
8affa000 8affd780   CmBatt   CmBatt.sys   Sat Jan 19 00:32:47 2008 (47918B7F)
8b602000 8bbad000   atikmdag atikmdag.sys Sat Aug 30 01:12:57 2008 (48B8D6D9)
8bbad000 8bbc3980   AnyDVD   AnyDVD.sys   Sat Sep 20 06:44:08 2008 (48D4D3F8)
8bbc4000 8bbdc000   cdrom    cdrom.sys    Sat Jan 19 00:49:50 2008 (47918F7E)
8bbdc000 8bbee000   HDAudBus HDAudBus.sys Tue Nov 27 18:18:41 2007 (474CA5D1)
8bbee000 8bbf9000   kbdclass kbdclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
8be04000 8be16c80   ESM7SK   ESM7SK.sys   Wed Oct 25 02:36:42 2006 (453F05FA)
8be17000 8be21500   ESD7SK   ESD7SK.sys   Wed Oct 25 02:36:47 2006 (453F05FF)
8be22000 8be31d80   tosrfcom tosrfcom.sys Mon Aug 01 03:45:06 2005 (42EDD302)
8be32000 8be60000   msiscsi  msiscsi.sys  Sat Jan 19 00:50:44 2008 (47918FB4)
8be60000 8bea1000   storport storport.sys Sat Jan 19 00:49:49 2008 (47918F7D)
8bea1000 8beac000   TDI      TDI.SYS      Sat Jan 19 00:57:10 2008 (47919136)
8beac000 8bec3000   rasl2tp  rasl2tp.sys  Sat Jan 19 00:56:33 2008 (47919111)
8bec3000 8bece000   ndistapi ndistapi.sys Sat Jan 19 00:56:24 2008 (47919108)
8bece000 8bef1000   ndiswan  ndiswan.sys  Sat Jan 19 00:56:32 2008 (47919110)
8bef1000 8bf00000   raspppoe raspppoe.sys Sat Jan 19 00:56:33 2008 (47919111)
8bf00000 8bf14000   raspptp  raspptp.sys  Sat Jan 19 00:56:34 2008 (47919112)
8bf14000 8bf29000   rassstp  rassstp.sys  Sat Jan 19 00:56:43 2008 (4791911B)
8bf29000 8bf39000   termdd   termdd.sys   Sat Jan 19 01:01:06 2008 (47919222)
8bf39000 8bf3a380   swenum   swenum.sys   Sat Jan 19 00:49:20 2008 (47918F60)
8bf3b000 8bf65000   ks       ks.sys       Sat Jan 19 00:49:21 2008 (47918F61)
8bf65000 8bf6f000   mssmbios mssmbios.sys Sat Jan 19 00:32:55 2008 (47918B87)
8bf6f000 8bf7c000   umbus    umbus.sys    Sat Jan 19 00:53:40 2008 (47919064)
8bf7c000 8bfb0000   usbhub   usbhub.sys   Sat Jan 19 00:53:40 2008 (47919064)
8bfb0000 8bfba280   tosporte tosporte.sys Tue Oct 10 06:33:20 2006 (452B76F0)
8bfbb000 8bfcc000   NDProxy  NDProxy.SYS  Sat Jan 19 00:56:28 2008 (4791910C)
8bfcc000 8bfd3000   Null     Null.SYS     Sat Jan 19 00:49:12 2008 (47918F58)
8bfd3000 8bfda000   Beep     Beep.SYS     Sat Jan 19 00:49:10 2008 (47918F56)
8bfda000 8bfe6000   vga      vga.sys      Sat Jan 19 00:52:06 2008 (47919006)
8c205000 8c396dc0   RTKVHDA  RTKVHDA.sys  Thu Nov 23 01:12:54 2006 (45653BE6)
8c397000 8c3c4000   portcls  portcls.sys  Sat Jan 19 00:53:17 2008 (4791904D)
8c3c4000 8c3e9000   drmk     drmk.sys     Sat Jan 19 01:53:02 2008 (47919E4E)
8c3e9000 8c3f6000   modem    modem.sys    Sat Jan 19 00:57:16 2008 (4791913C)
8c3f6000 8c400000   pxrd     pxrd.sys     Wed Dec 26 12:07:51 2007 (47728A67)
8c400000 8c409000   Fs_Rec   Fs_Rec.SYS   Sat Jan 19 00:27:57 2008 (47918A5D)
8c409000 8c446000   HSXHWAZL HSXHWAZL.sys Wed Oct 18 14:08:11 2006 (45366D8B)
8c446000 8c549000   HSX_DPV  HSX_DPV.sys  Wed Oct 18 14:09:22 2006 (45366DD2)
8c549000 8c5fd000   HSX_CNXT HSX_CNXT.sys Wed Oct 18 14:08:01 2006 (45366D81)
8c60a000 8c62b000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 00:52:10 2008 (4791900A)
8c62b000 8c633000   RDPCDD   RDPCDD.sys   Sat Jan 19 01:01:08 2008 (47919224)
8c633000 8c63b000   rdpencdd rdpencdd.sys Sat Jan 19 01:01:09 2008 (47919225)
8c63b000 8c646000   Msfs     Msfs.SYS     Sat Jan 19 00:28:08 2008 (47918A68)
8c646000 8c654000   Npfs     Npfs.SYS     Sat Jan 19 00:28:09 2008 (47918A69)
8c654000 8c65d000   rasacd   rasacd.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8c65d000 8c673000   tdx      tdx.sys      Sat Jan 19 00:55:58 2008 (479190EE)
8c673000 8c67e060   mfetdik  mfetdik.sys  Wed Nov 22 17:54:10 2006 (4564D512)
8c67f000 8c68a000   pxtdi    pxtdi.sys    Wed Dec 26 12:09:27 2007 (47728AC7)
8c68a000 8c69e000   smb      smb.sys      Sat Jan 19 00:55:27 2008 (479190CF)
8c69e000 8c6d0000   netbt    netbt.sys    Sat Jan 19 00:55:33 2008 (479190D5)
8c6d0000 8c718000   afd      afd.sys      Sat Jan 19 00:57:00 2008 (4791912C)
8c718000 8c72e000   pacer    pacer.sys    Fri Apr 04 21:21:42 2008 (47F6D426)
8c72e000 8c73c000   netbios  netbios.sys  Sat Jan 19 00:55:45 2008 (479190E1)
8c73c000 8c74f000   wanarp   wanarp.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8c74f000 8c78b000   rdbss    rdbss.sys    Sat Jan 19 00:28:34 2008 (47918A82)
8c78b000 8c78e380   DPortIO  DPortIO.sys  Fri Dec 23 03:13:04 2005 (43ABB190)
8c78f000 8c799000   nsiproxy nsiproxy.sys Sat Jan 19 00:55:50 2008 (479190E6)
8c799000 8c79f180   mferkdk  mferkdk.sys  Wed Nov 22 17:55:49 2006 (4564D575)
8c7a0000 8c7b7000   dfsc     dfsc.sys     Sat Jan 19 00:28:20 2008 (47918A74)
8c7b7000 8c7c9000   USBSTOR  USBSTOR.SYS  Sat Jan 19 00:53:22 2008 (47919052)
8dc02000 8dc3d000   udfs     udfs.sys     Sat Jan 19 00:28:08 2008 (47918A68)
8dc3d000 8dc4a000   crashdmp crashdmp.sys Sat Jan 19 00:49:43 2008 (47918F77)
8dc4a000 8dc54000   dump_diskdump dump_diskdump.sys Sat Jan 19 00:49:43 2008 (47918F77)
8dc54000 8dc6a000   dump_SI3112 dump_SI3112.sys Fri Mar 21 15:31:45 2008 (47E40D21)
8dc6a000 8dc74000   Dxapi    Dxapi.sys    Sat Jan 19 00:36:12 2008 (47918C4C)
8dc74000 8dc83000   monitor  monitor.sys  Sat Jan 19 00:52:19 2008 (47919013)
8dc83000 8dc9e000   luafv    luafv.sys    Sat Jan 19 00:30:35 2008 (47918AFB)
8dca6000 8dd55000   spsys    spsys.sys    Thu Jun 21 20:33:02 2007 (467B18BE)
8dd55000 8dd73000   irda     irda.sys     Sat Jan 19 00:55:25 2008 (479190CD)
8dd73000 8dd83000   lltdio   lltdio.sys   Sat Jan 19 00:55:03 2008 (479190B7)
8dd83000 8ddad000   nwifi    nwifi.sys    Mon May 19 22:07:27 2008 (4832325F)
8ddad000 8ddb7000   ndisuio  ndisuio.sys  Sat Jan 19 00:55:40 2008 (479190DC)
8ddb7000 8ddca000   rspndr   rspndr.sys   Sat Jan 19 00:55:03 2008 (479190B7)
92270000 92471000   win32k   win32k.sys   unavailable (00000000)
92490000 92499000   TSDDD    TSDDD.dll    unavailable (00000000)
924b0000 924be000   cdd      cdd.dll      unavailable (00000000)
96209000 96274000   HTTP     HTTP.sys     Sat Jan 19 00:55:21 2008 (479190C9)
96274000 96291000   srvnet   srvnet.sys   Sat Jan 19 00:29:11 2008 (47918AA7)
96291000 962aa000   bowser   bowser.sys   Sat Jan 19 00:28:26 2008 (47918A7A)
962aa000 962bf000   mpsdrv   mpsdrv.sys   Sat Jan 19 00:54:45 2008 (479190A5)
962bf000 962df000   mrxdav   mrxdav.sys   Sat Jan 19 00:28:44 2008 (47918A8C)
962df000 962fe000   mrxsmb   mrxsmb.sys   Sat Jan 19 00:28:33 2008 (47918A81)
962fe000 96337000   mrxsmb10 mrxsmb10.sys Thu May 08 15:21:54 2008 (482352D2)
96337000 9634f000   mrxsmb20 mrxsmb20.sys Sat Jan 19 00:28:35 2008 (47918A83)
9634f000 96376000   srv2     srv2.sys     Sat Jan 19 00:29:14 2008 (47918AAA)
96376000 963c2000   srv      srv.sys      Sat Jan 19 00:29:25 2008 (47918AB5)
963c2000 963c6380   ElbyCDIO ElbyCDIO.sys Mon Jul 21 08:11:57 2008 (48847D0D)
963c7000 963d8000   int15    int15.sys    Wed Oct 01 01:29:49 2003 (3F7A664D)
963d8000 963db180   mdmxsdk  mdmxsdk.sys  Mon Jun 19 17:26:59 2006 (449716A3)
97a03000 97ae1000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)
97ae1000 97aeb000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
97aeb000 97af7000   tcpipreg tcpipreg.sys Sat Jan 19 00:56:07 2008 (479190F7)
97af7000 97aff000   xaudio   xaudio.sys   Fri Aug 04 20:39:09 2006 (44D3E8AD)

Unloaded modules:
8dc9e000 8dca6000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
875e1000 875ee000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
875ee000 875f8000   dump_scsipor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
82b67000 82b7d000   dump_SI3112.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
0: kd> lmvm pxtdi
start    end        module name
8c67f000 8c68a000   pxtdi    T (no symbols)           
    Loaded symbol image file: pxtdi.sys
    Image path: \SystemRoot\system32\DRIVERS\pxtdi.sys
    Image name: pxtdi.sys
    Timestamp:        Wed Dec 26 12:09:27 2007 (47728AC7)
    CheckSum:         0000CC75
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0
0: kd> lmvm pxfsf
start    end        module name
82805000 82856000   pxfsf    T (no symbols)           
    Loaded symbol image file: pxfsf.sys
    Image path: \SystemRoot\system32\DRIVERS\pxfsf.sys
    Image name: pxfsf.sys
    Timestamp:        Wed Dec 26 12:09:22 2007 (47728AC2)
    CheckSum:         00041D92
    ImageSize:        00051000
    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0

.


----------



## jcarti01

*Re: blue screen error rdr file system*

i don't know if it matters, but prevx is an anti malware/spyware program that activescans my programs as they run and kills any processes that it does not recognize. you can visit their website at www.prevx.com. i do know for a fact, this isn't malicious software. if it's causing the problem, do you think that just uninstalling the program will get it?

and i just thought of this, it may not be the true cause because as you say, there were at least 15 dumps (there were more than 15 restarts). should i upload the other 14 dumps and let you take a look at those as well?


----------



## jcgriff2

*Re: blue screen error rdr file system*

Hi. . .

Normally, I would run a hundred dumps for anyone that asks. However, I fully believe that it would be a futile exercises at best in this case.

From the limited information that I have, your system has had in excess of 125 app crashes/app hangs in the last 8 days. In addition, the one dump that I processed had a timestamp of *Thu Oct 9 13:40:31.516 2008 (GMT-4)* - and was #15 as of that time. This means your system had 15 BSODs in 13.67 hours, assuming they began exactly at 00:00 hours. My information tells me it was much closer to 15 BSODs in just over 7 hours.

I see other items in your system that may be symptomatic of the issue(s) that I described in my last post. Please know that I am not a security analyst and therefore cannot comment on such matters; hence option #2.

Here are 3 additional start-up programs that I noticed immediately, the first 2 were not really hard to miss:


Code:


[COLOR=red]捁牥吠畯r[/COLOR]
HKU\S-1-5-21-1808948102-843362989-1957728371-1000
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[COLOR=red]捁牥吠畯⁲敒業摮牥	㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e[/COLOR]
HKU\S-1-5-21-1808948102-843362989-1957728371-1000
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[COLOR=red]uTorrent	"d:\opera download\utorrent-1.8.1-rc1.upx.exe"	[/COLOR]
HKU\S-1-5-21-1808948102-843362989-1957728371-1000
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I believe it very well may have been the 3rd that brought the first two and the others mentioned in the BSOD output. I may be wrong, but I doubt you actually installed the first two listed above. While others that I am finding as being suspicious are not that obvious, I believe there are "issues" within your system of a foreign nature. I really cannot comment further as I am not a member of the Security Team nor a security analyst.

It is my extremely strong suggestion to you that you re-format all hard drives and partitions (with the exception of the recovery partition) and begin from scratch. 


I show that you have 1 internal hard drive w/ 4 partitions - I hope that partition #0 is the recovery partition - or that you have your Vista recovery DVDs around (I labeled the drive letters where applicable):


Code:


Size	149.05 GB (160,039,272,960 bytes)

Partition	Disk #0, Partition #0    (probably the hidden recovery partition)
Partition Size	7.81 GB (8,381,528,064 bytes)

Partition	Disk #0, Partition #1   (drive c: - the Vista OS drive)
Partition Size	38.65 GB (41,495,812,608 bytes)

Partition	Disk #0, Partition #2    (drive b:)
Partition Size	32.30 GB (34,677,456,896 bytes)

Partition	Disk #0, Partition #3  (drive d:)
Partition Size	70.30 GB (75,483,394,560 bytes)

	
Description	Disk drive    (drive g:)
Model	WD 2500BEV External USB Device
Media Type	External hard disk media
Size	232.88 GB (250,056,737,280 bytes)


The choice is yours, of course. But if this were my system, I would re-format and re-install Vista on drive c:, then re-format drives b:, d: and then g:. I would consider all files contained therein to be lost. If any are that vital to life, be sure to scan them to death with several different a/v products.

I am sorry to be the bearer of such bad news.

Any other ? - just let me know.

Regards. . .

jcgriff2

.


----------



## jcarti01

*Re: blue screen error rdr file system*

i think i can safely say that i fixed my problem, and it was your third post in this help thread that solved it for me.

when you said you thought my whole system was infected, i immediately knew this was NOT the case. because i had used those same files for a year and a half with absolutely zero hardware issues that caused bsod. those two entries with the asian characters pointed to nowhere and did not run anything or activate anything. it had to be a recent program since this was a recent problem. i knew i could rule out mass infection when you said my system may be mass infected (i am extremely careful about installing programs from the internet and i have anti-trojan and -virus and -malware installed that is frequently updated). it had to be that prevx program i just recently installed, a program that is in beta for vista by the way and the only new program i installed from my first upgrade attempt to now. once i uninstalled that, i went and retried causing the bsod error. no lockup, everything is back to normal. so now i have that resolved, there is my second annoyance to deal with: how do i uninstall vista from a second partition?


----------



## jcgriff2

*Re: blue screen error rdr file system*



jcarti01 said:


> i think i can safely say that i fixed my problem, and it was your third post in this help thread that solved it for me.
> 
> . . .it had to be that prevx program i just recently installed, a program that is in beta for vista by the way and the only new program i installed from my first upgrade attempt to now. once i uninstalled that, i went and retried causing the bsod error. no lockup, everything is back to normal.
> 
> so now i have that resolved, there is my second annoyance to deal with: how do i uninstall vista from a second partition?


Hi. . .

Glad to hear BSOD issue is solved.

What drive is a 2nd Vista install on - and is it bootable? Can you take a screenshot of disk management, please?

START | type diskmgmt.msc - hit enter. 

Please be sure all columns are visable.

Also, you may want to run Microsoft Live SysIntenals AutoRuns to make sure those Asian characters are not actual drivers being loaded. They are in the registry under HKEY_USERS\S-1-5-21-1808948102-843362989-1957728371-1000
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - so they are firing up something I would suspect.

Your post actually made me think back and I recalled another thread in late June/early July that dealt with a somewhat similar issue. Check the following post out and the screenshot below - that is AutoRuns in action. I would highly suggest that you run it at an elevated admin level and look through the first tab "Everywhere" for the Asian characters.

http://www.techsupportforum.com/mic...ort/263781-undeletable-files.html#post1569777

.











.

Obviously these are not instructions for you - you can simply un-check entries if you find them to disable them or delete them.

Regards. . .

jcgriff2

.


----------

