Need help with Win 7 mrxsmb.sys BSOD.

I tried this in the malware section, and it doesn't seem to be that.

I am getting BSODs randomly, about every 3-6 days. I don't know how long, because I didn't realize it at first. Looking back now, I realize that those times the PC would come out of screen saver and apps like Outlook would be closed, and I would be on the main log in screen rather than the screen to re-log in to the account I was using, were from the PC rebooting while I was away.
Sofar what I get from the mini dumps are that it's due to Multiple IRP Request, and the suspected file is mrxsmb.sys +8803.

Would love further help in nailing this down and getting rid of it. The hard part has been that when I try different things, I have to wait and see if it happens again, which could be days. I may have to go a few weeks without a BSOD to feel sure that it's fixed.

I havbe attached the last dump.

Thanks in advance for any help you can give.

Kevin

 

It's almost always caused by a bad driver (often only 'bad' after something related has been updated); I'd try to find updates for, WinRing0x64.sys (part of a Google Code prog?), SuperAntiSpyware (uninstall and get the latest version), RtNdPt60.sys (RealTek Diagnostic Program?) and Rt64win7.sys (Realtek driver) first.

Don't get these updates via MS Update, track down the makers drivers, they'll be newer and more likely to be bugfixed. If you get another BSOD, upload the dump, please.


I'll try to run a debug on the dump after I've fixed a bug or two here

 

Thanks for the reply.
I will run SAS, then just remoive it for now. I only run it manually a couple times a month just to see if it finds anything, so removing it totally from the picture for a couple weeks seems one less thing to worry about.

On the other items, is there a best way to remove and re-install new versions?
Also, is there a way to delete and have mrxsmb.sys reinstall? is it needed for anything? I've seen articles where mrsmb could be hijacked and just be a fake for some bug, but running all the test etc. with someone on the malware side found nothing.

Thanks again for the help.

Kevin

 

Is there a way to find what winring0x64 is attached to, and see if it's something I use. If it's used for a program or gadget I can do without, maybe we can just remove it.

Kevin

 

Also, I never use the realtek diagnotics, so I deleted the utility, but there are several rtndpt60 files that still show up in a search after uninstalling it. Can they be removed? I can give specifics if needed.

Kevin

 

WinRing0x64 - SetFSB?

If you're unsure how to uninstall anything fully, check on the makers site/forum, they normally have comprehensive details or an uninstaller. Failing that, Add/Remove programs, look in the softwares folder for an uninstaller .exe or try Revo Uninstaller.

Specifics are always good, Kevin If you've already uninstalled it but are unsure of whether it's still loading, you could check using Autoruns - careful, this will break Windows if not used with care - just uncheck the entry if you find it - after a reboot, if something network-related is borked, fire up Autoruns again and recheck it and reboot.

 

OK, didn't get the WinRing0x64-setfsb link, or didn't understand what I was looking for on the page.

I haven't had time to try autoruns, but did do a search for WinRing on the computer, and all the files etc. that came up were installed the same day and time, seem to be related to a windows gadget, and referenced my intel cpu. I am assuming then it is related to the CPU meter III G.5, or the other CPU temp and usage gadget that I can't find the name for. The second one actually mentions Winring0 driver status in its settings, and I have a feeling it may be the one that's attached to it.

On the Realtek diagnostics, the following come up in a search after uninstalling the utility.
(in windows\system32\driverstore\FileRepository)
A folder named: "rtndpt60.inf_amd64_neutral 0f12916776947433"
that holds:
rtndpt60.pnf
rtndpt60 (listed as a security catalog)
rtndpt60 (listed as setup information)
rtndpt60.sys
Then there is also:
rtndpt60.sys in the (windows\system32\drivers)

So far no more BSOD, but that's not unusual. If I can say that in a few weeks it will be something.

Kevin

 

Winring0x64 is definitely CPU/motherboard-related monitoring/tweaking, sounds like you've tracked it down; look for a later version of the software/gadget if you need to run it, else uninstall it.

Repository files are likely to be the Windows default and older installed drivers, ready for a roll-back if needed, ignore them. The one in System32\Drivers will be the one that gets loaded, uncheck it using Autoruns or try renaming it to rtndpt60.sys.old but that may cause an error message on boot or in the System/Application logs.

 

Before pulling it, I'm going to wait a week (how's that for optimism) to see if removing the realtek diagnostic utility or super anti spyware stops the BSODs.

Trying not to make too many changes at once, so I'll know what the issue was.
I've had most of these programs and gadgets on my other PC, but it's running W7 32 bit, so if not corrupt, there's always a chance one of them doesn't play as well with 64 bit W7.
So far, the only other things I can think of that have been added in the last 6 months (that haven't been mentioned already)are:
Turbo Tax
Malware bytes
Pandora Desktop app
Synology's NAS assistant
Acronis TIH 2011
Lightroom 3
Yahoo messenger
Microsoft messenger
Logitech webcam C910

Do you know of any know issues of any of these not playing well with others?

Thanks again,

Kevin

 

I like your confidence

Of the programs listed that I have experience of, some versions of YM and MS/Live Messenger can be buggy but I don't recall a time when either were proven to cause BSODs. Some Logitech software has been a pain in the past.

For max. stability, I try to avoid installing anything more than the bare minimum and if 1 small freeware prog. can do the job of 1 big name prog (or more), I'll use it in preference. It's about keeping Windows clean, the less dross that gets installed into the Windows folder or loaded on boot, the better.

 

Well, that didn't last long.rolleyes

Guess I will remove a few more things, starting with the Windows Gadget that has the Winring0x64 attached and Turbo tax, just because I don't need it anymore now anyway.

Have attached the lates minidump for your viewing pleasure.

Also, when I use bluescreen to view the dump info it has both the mrxsmb.sys+8803 highlighted as well as ntoskrnl.exe+278bc. Did on previous dumps as well.
Since the noted only specify mrxsmb as being the likely cause, does the ntoskrnl being highlighted mean anything?:confused

Kevin

 

Umm, you forgot to attach the dumps?

The highlighted files in BSV are only where the error was found during the BSOD, the actual cause for the error is often something related that happened a short while before, especially if the highlighted file(s) happen to be part of the standard Windows drivers.

 

Oh poo, so I did.:-o
Here it is.

Kevin

 

Code:

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\033111-14336-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`03215000 PsLoadedModuleList = 0xfffff800`0345ae90
Debug session time: Thu Mar 31 09:23:01.419 2011 (UTC + 1:00)
System Uptime: 0 days 21:13:49.356
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 44, {fffffa8006e07350, 1d7b, 0, 0}

Probably caused by : mrxsmb.sys ( mrxsmb!RxCeCompleteConnectRequest+363 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed.  This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened.  Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it.  The
first actually works, and the second fails.  Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second.  However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: fffffa8006e07350, Address of the IRP
Arg2: 0000000000001d7b
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


IRP_ADDRESS:  fffffa8006e07350

FOLLOWUP_IP: 
mrxsmb!RxCeCompleteConnectRequest+363
fffff880`04b28803 33d2            xor     edx,edx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x44

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff8000323c8bc to fffff80003295640

STACK_TEXT:  
fffff880`009fa1f8 fffff800`0323c8bc : 00000000`00000044 fffffa80`06e07350 00000000`00001d7b 00000000`00000000 : nt!KeBugCheckEx
fffff880`009fa200 fffff880`04b28803 : fffffa80`064aa750 fffffa80`064aa750 fffffa80`0436af60 fffffa80`064aa750 : nt! ?? ::FNODOBFM::`string'+0x32c7c
fffff880`009fa240 fffff880`04b2a4a6 : fffff800`03432600 00000000`00000702 fffffa80`08201ea8 fffff800`0328b83e : mrxsmb!RxCeCompleteConnectRequest+0x363
fffff880`009fa2c0 fffff880`04b2a378 : fffffa80`05100b00 fffffa80`08201ea8 00000000`63437852 00000000`00000706 : mrxsmb!SmbWskAsynchronousConnectCompletionWorker+0x106
fffff880`009fa360 fffff800`03298a91 : fffffa80`06db9b83 00000000`00000000 00000000`00000000 fffff880`01a065e0 : mrxsmb!SmbWskAsynchronousConnectCompletion+0xb8
fffff880`009fa3b0 fffff880`040b19a5 : 00000000`00000000 fffff880`009fa502 fffffa80`06db9ab0 00000000`00000000 : nt!IopfCompleteRequest+0x3b1
fffff880`009fa490 fffff880`018f2a23 : 00000000`00000000 fffffa80`04743c40 fffffa80`05100bf0 fffff880`018ed298 : afd!WskProTLConnectComplete+0x105
fffff880`009fa550 fffff880`018edc21 : 00000000`00000000 fffffa80`05100bf0 00000000`00000001 fffff880`018d4f43 : tcpip!TcpCreateAndConnectTcbComplete+0x233
fffff880`009fa660 fffff880`018dbd54 : fffffa80`04629c30 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!TcpTcbCarefulDatagram+0x801
fffff880`009fa810 fffff880`018da5ea : fffffa80`04630a00 fffff880`018d2aa4 fffffa80`045fbc40 00000000`00000000 : tcpip!TcpTcbReceive+0x724
fffff880`009faa00 fffff880`018dc2ab : fffff880`064f46a2 fffffa80`04767000 00000000`00000000 fffff880`01402700 : tcpip!TcpMatchReceive+0x1fa
fffff880`009fab50 fffff880`018d3137 : fffffa80`04630a00 fffffa80`04630820 fffffa80`000085c2 00000000`00000000 : tcpip!TcpPreValidatedReceive+0x36b
fffff880`009fac20 fffff880`018d2caa : 00000000`00000000 fffff880`019e79a0 fffff880`009fade0 fffffa80`05d58030 : tcpip!IppDeliverListToProtocol+0x97
fffff880`009face0 fffff880`018d22a9 : fffff880`019e79a0 fffffa80`05d57800 fffff880`009fada0 fffff880`009fadd0 : tcpip!IppProcessDeliverList+0x5a
fffff880`009fad80 fffff880`018cffff : fffff880`fb0000e0 fffffa80`04767000 fffff880`019e79a0 00000000`05a8a001 : tcpip!IppReceiveHeaderBatch+0x23a
fffff880`009fae60 fffff880`018cf5f2 : fffffa80`05a88cc0 00000000`00000000 fffffa80`05a8a001 00000000`00000001 : tcpip!IpFlcReceivePackets+0x64f
fffff880`009fb060 fffff880`018cea8a : fffffa80`05a8a010 fffff880`009fb190 fffffa80`05a8a010 00000000`00000000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2
fffff880`009fb140 fffff800`032a2078 : fffffa80`05d58a70 00000000`00004800 fffff880`009bc0c0 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda
fffff880`009fb190 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xd8


STACK_COMMAND:  kb

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  mrxsmb!RxCeCompleteConnectRequest+363

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: mrxsmb

IMAGE_NAME:  mrxsmb.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7948d

FAILURE_BUCKET_ID:  X64_0x44_mrxsmb!RxCeCompleteConnectRequest+363

BUCKET_ID:  X64_0x44_mrxsmb!RxCeCompleteConnectRequest+363

Followup: MachineOwner
---------

4: kd> lmvm mrxsmb
start             end                 module name
fffff880`04b20000 fffff880`04b4d000   mrxsmb     (pdb symbols)          c:\symbols\mrxsmb.pdb\7A0CBB60BBDF40BC9573D83772A2EA942\mrxsmb.pdb
    Loaded symbol image file: mrxsmb.sys
    Mapped memory image file: c:\symbols\mrxsmb.sys\4CE7948D2d000\mrxsmb.sys
    Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys
    Image name: mrxsmb.sys
    Timestamp:        Sat Nov 20 09:27:41 2010 (4CE7948D)
    CheckSum:         0002988B
    ImageSize:        0002D000
    File version:     6.1.7601.17514
    Product version:  6.1.7601.17514
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     MRxSmb.sys
    OriginalFilename: MRXSMB.Sys
    ProductVersion:   6.1.7601.17514
    FileVersion:      6.1.7601.17514 (win7sp1_rtm.101119-1850)
    FileDescription:  Windows NT SMB Minirdr
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

Hmm, same error, I'd uninstall Symantec/Norton now. Use Avast!, Avira or MSE instead.

 

I wanted to give it a couple days to see if the winring0x64 and associated CPU gadgets we removed, after yesterdays dump, helped before just moving on.

On the norton deal, since I've go a while left on my norton subscription do you think I just removing and reloading would help? I've had norton since building the PC, and don't remember having issues the whole time.

Beyond that, is Symantec that bad? Is MSE good, their past stuff always seemed to get poor ratings.

Finally, you mentioned Norton/Symantec. I also have Norton utilities on the PC, were you speaking of that as well?

Thanks again,

Kevin

 

Although Norton Utilities is probably not implicated in any way, other Symantec products often leave dregs behind after a 'normal' uninstall which could continue the problem. The tool I linked to removes all Symantec/Norton products.

Symantec bad? Hmm, probably not but as they make a lot of corporate software, they are a major target for malware writers to bypass. MSE is usually fine if it's installed on a clean system, it can be a little slow to react (much of it is cloud-based) and has some false positive issues (not so uncommon for many A/V progs.), it has improved with the latest version.

A trip to the Malware forum and checking networking and power-saving settings are the next things I'm tempted to suggest if the current queue of 'fixes' fails.

 

I'll give it a few days and see if the BSOD shows up again. If it does I'll move on to the norton removal stuff and go from there.

Ultimately I guess a complete wipe and reload would fix this and get rid of some of the crap on there, but I was hoping if I did something like that I could wait until Chistmas.

I'm hoping santa will bring me a SSD to use as my C: drive.:-D

Anyway, I'm just geeky enough to want to track this down rather than take the easy route. (like a nuke and reload is the easy route)

If I go with an alternate AV like Avast or Avira (do you prefer one over the other), what should I use for a good firewall? Keep in mind I have the 64bit W7, and not everything seems full compatible yet.

Kevin

 

Good luck and keep your fingers crossed for the SSD too

I'm using Avast! and Windows Firewall Control 4 - also Spybot for the immunization, OpenDNS and SpywareBlaster. WinMHR, Malwarebytes, Secunia PSI and a few others as needed.

 

Well, it may be premature to totally mark this one closed, but day 5 and no BSODs. At least no minidumps or other signs of one.
Last things removed were Turbotax Deluxe, and the two system monitoring desktop gadgets.
I'm not sure it was Turbotax, but that always seems to be a hog, so who knows. Maybe not fully 64bit happy?
My bet though, is the gadgets. I had one that was like a clock face, with CPU usage, Memory usage and HD usage, and the other, which showed bar graphs of CPU usage and temps.
I have no idea if it was(assuming the issue is gone)one of the gadgets specifically, or the fact that the two were running at the same time.
Only one listed the winring0x64 attachment, and that was the CPU temp one.

Anyway, I will let this go another week or two. By then, if I don't get another BSOD, I will assume it's fixed. May then try adding one back and see if there is an issue. As long as I have CPU temps, and usage, the memory and hd stuff can be found elseware, and aren't a important for me to know on the fly.

Any thoughts? I suppose one of these could have been conflicting with something else that is still on the PC, but the two gadgets conflicting seems a logical possibility.

Kevin

 

That was certainly the oldest driver loading, IIRC, so very likely to be high on the incompatibility list.

Let's hope it's sorted now; you still have an A/V installed, with an active firewall and Malwarebytes for manual scanning? (I dumped the Windows Firewall Control 4, it didn't suit my style at all).

 

I will write back in a week or so to confirm that the issue is resolved. Sooner if it's not.:-D

I haven't had another BSOD since removing the listed items, so I never did the Symantec removal.
Since I haven't had any issue with it, I am leaving Symantec NIS 2011 on there along with Malware bytes and Spybot S&D for manual runs occasionally.

Also, removing SAS didn't fix the issue, so I will probably reload it back as well to add to my occasional manual programs.

I tend to alternate, manually running a complete scan with one of them each week. Unless there seems to be an issue of course, then I start cycling through them.

NIS I generally just let it do it's AV and Firewall thing, with auto updates and partial scans regularly with full scans a few times a month.

Just wondering if the issue with the CPU gadgets was with the winring0x64, or just the 2 of them competing with each other. Out of the two, the winring one that shows the core temps is the one I would like to keep. Guess I will know with testing.
That is after waiting a little more to confirm this is fixed.

Is there any gadgets Majorgeeks likes for CPU temp etc. on the Win7 64?

Kevin

 

Well, so much for that!
Day 8, and I thought I had done it, but BSODed again, right as I was surfing the net.
Attached the latest dump, but assume it's probably the same.

I'm back to, what is mrxsmb.sys attached to, and can I just delete it from the system? It's obviously something that was installed after the build because the system didn't always do this.

Is there any chance this is hardware related? I've run memtest several times, for up to 12 hrs with no faults, and a couple of hard drive test.

Also, under the search for locations of nrxsmb related stuff, some show AMD64. Since this is an Intel based machine, why does it say that? I do have an ATI video card. I'm wondering if it's either related to the video card, or if somehow a wrong driver was loaded, thinking this is an AMD based system.

Kevin

 

Any security software and networking drivers will directly affect this, Realtek have more recent drivers, update them - if they don't improve the issue, lose Symantec completely.

 

Last time I updated the various drivers I used the "update driver" feature.
Sounds like it's a good time to actually download them to the desktop and install them.
Besides the Realtek LAN drivers, are there any others I should do while I'm at it, and is it best to get them from the mfg (i.e. Realtek) rather than Gigabyte?
Is there a best way to make sure the old driver is removed/replaced when before loading the new one?

Also, is it possible the BIOs could have any affect on this? I ask because I updated that to the latest version around the end of last year.

Just to make sure, this sounds like it's software related and not hardware, correct?
Like I said, I've had no bad results testing the RAM etc., but would hate to find out it's some intermittent bad stick or something after stripping the software down bit by bit for a few months.:cry

Kevin

 

Updating 3rd party drivers via Microsoft Update is not a good idea, they're often months behind. GigaByte will be 6 weeks or so behind RealTek - unless they just use the RealTek drivers without any mods.

I doubt if the BIOS version has anything to do with this problem.

It all reads like it's a driver conflict within the networking stack somewhere - this doesn't rule out security software as most of them tie into that to check downloads, websites, etc. If you've allowed MemTest86 to run overnight or for 7 runs or so, the memory is likely to be fine. Faulty memory usually gives random BSODs anyway, your PC is getting consistent ones.

 

I've been using the following for driver updates:

Slimdrivers
http://majorgeeks.com/SlimDrivers_d6737.html

 

Updated the Realtek LAN driver from the link you listed.
Also ran Slim drivers recommended by theefool.
It said 24 different things were outdated, so I let it update them.

Here we go again. Day 1 without a BSOD.

By the way, you mentioned that this wasn't likely memory because in part it wasn't random. Since I can't find out exactly what triggers it, and it can go 1 day or 10 without a BSOD, it sure seems random from this end.

Also, this may sound stupid, but is there anyway it could have something to do with the Synology NAS on my network, or the fact that it is being mapped as the Z drive on both the Admin and my personal login accounts?

Kevin

 

Well, that didn't last long.:cry
Day 2, new dump.
Attached just incase everything we've deleted or changed has well.....changed anything.rolleyes

Kevin

 

Same old BSOD and alleged cause.

Acronis can be uninstalled, as can Paragon.

Logitech and Symantec's gonna have to go sooner or later, if that doesn't fix it Kevin - we're running out of 3rd party drivers.

 

Does it show Paragon in there?
I deleted that a while ago when I settled on Acronis.

I noiticed in my remove program window that I have several versions of windows visual C.
(2) C++2010, a 86 and a 64, and also (4) 2005s 2 86 and 2 64, and (4) 2008 2 86 2-64
Should all of these be there?

Pretty much at the point I'm going to start a full scale removal of anything
that I don't use on a daily basis. Especially stuff added in the last 6 months.

That will include Norton stuff as well, though I will save them for the next round. When I do I can use one of your suggested AVs, but should I just turn on windows firewall, or download something different?

Also, if s driver or something was loaded for a program that we delete, and thus the driver not needed, is it still loading anyway?

Just wondering if I remove something could remnants still be messing with me?

Oh well, take no prisoners!:major

Kevin

 

UimFIO.SYS = Paragon Backup, many softwares do not remove all traces (Norton/Mcafee have something of a reputation in this area).

Removing anything you don't use frequently is a great idea After removing Norton, just install Avast! or Avira free versions and enable the Windows firewall, if you can keep it as clean and simple as possible, Windows will run faster and problems such as the current one will be very rare.

 

can I just find and delete the UimFIO.SYS?

Also, can I slim down the number of MS C+++ distributions things?
10-12 seems like a lot of something. Wouldn't just the current version be enough?

On the deleting stuff, I may just delete everything back to the first of the year if I get another BSOD, but some stuff that I don't use often needs to be there. I.e. Lightroom, Nikon and Canon software. Each gets used at various times. Will delete stuff for a month or so, but the photo stuff and backup stuff will evnetually have to return. Maybe if I load them one at a time and this happens again (assuming I get rid of it), I will know what caused it.

Getting very close to the idea of just nuke and reload to get rid of a lot of crap and the underlying stuff that doesn't seem to go away.

Of course, there is that underlying fear that I will reload with just the basics and it will still do it.

Last thing, is the Slimdriver app a good thing to use? :confused
It seemed to work, though I don't know if it worked, if you know what I mean.rolleyes
Like MS driver update.

Kevin

Kevin

 

Rename it to UimFIO.SYS.bak (you might need to do this in Safe Mode), reboot and you should be able to delete it (it's probably in System32). An alternative would be to check if it's listed in the hidden section of Device Manager (View > Show hidden devices and look in Non Plug and Play drivers) and uninstall it from there, reboot as soon as you do so - it will ask to reboot.

I'd leave the C++ stuff as it is.

Get it working without any BSODs first, then add your backup program of choice - make sure it's the latest version. I don't see any Lightroom, Nikon or Canon software loaded in the dumps so leave them as they are .

Slimdriver? No idea, best to learn how to find and update drivers manually, once you have them all, burn them to a CD. Microsoft Update for 3rd party drivers is the last place I'd go to.

 

Well, 2 in one day, but this time it didn't reboot.
Screen stayed on the BSOD rather than restarting.
At least I didn't have to wait long!

Attached the usual dump just incase, but it never seems to change, but hwo knows.

I was able to rename the uim file to a .bak, but can't do the same for the one stored in the "repository" either in normal or safe mode. Says the system won't let me.

Will start wiping stuff and see what happens.

Any idea why suddenly is freezes on the BSOD rather than rebooting?

Kevin

 

UimFIO.SYS wasn't loaded this time, that's the only difference I saw in a quick scan. Pretty much all that shows in the stack is network related, it must be time to lose Norton?

 

One wierd update.

After deleting a bunch of stuff, the computer (after sitting a while) ended up with a black screen and wouldn't "wake up".
Had to reboot.
I don't know for sure, but it seemed as if it shut the monitor down after a while (power saving), but wouldn't come back out of it with keyboard or mouse.
Did it twice, so I went in and sent everything to never shut down.
So far it hasn't happened again, but that could just be coincidence.

Still, I'm not sure what happened this time, as it's always been set to screen save after 10 minutes, and shut video down after 45 minutes.

Kevin

 

I agree with what plodr said. Then if the USB/black screen thing happens again, uninstall the Logitech drivers or roll back to standard Windows drivers.

Still got Norton on there?

 

Yes.:-o
If I remove it, I really want to know if it had anything to do with the issues.

Everything else is pretty much off, and I'm letting this thing run 24/7 to hopefully increase the chance of another BSOD.
If/when that happens, then Norton goes, and we will see if we get it again.

If it's still happening, I may be at a point where I just need to format and re-install everything.
OK, not everything, but you know what I mean.

Would really like to do that onto a new SSD, but would prefer to hold that purchase off for a few months.
None the less, trying to get those ducks in a row just incase.

On a different note, I still do have a desktop gadget(windows live calendar gadget) that has network access to the internet to sync with windows live online calendar. Is there any likelyhood that could cause anything?

Kevin

 

Nothing network-related can be ruled out yet, Kevin. Just keep thrashing it then resting it, wait for another BSOD - or not. When you get 10 days uptime, I think you've cracked it

 

OK, day 4.5 without a BSOD, but something weird happend.

I left the PC on all night to give it some more run time and possibly crash.
When I checked it today, it was on the main login screen, not the one to my account.
I assumed it did "it" again, but there was no minidump.
After thinking about it, I figured it got an update,(which it did) and rebooted itself, thus, no minidump.

Thing is, I had Outlook open, and when I logged back in, it was still open.
I don't remember windows rebooting itself and returning to the prior state program wise, is that normal?

Kevin

 

That does not sound 'normal' Kevin - fast user switching? Anyone else that might have access to it?

 

Not really, just 3 of us here, and nobody that would be up overnight using it.

Which are you thinking is the weird part, that it downloaded updates and rebooted after loading them, or that after said reboot Outlook was still open?

I looked at the updates, and it does show several that were done this morning from MS, and it has been know (when it's on that late and I'm up) to do the update install, and then reboot.

I just don't remember it re-opening any programs after said updates.
Usually (I think) when it does this it shuts anything open before the reboot, than they are just closed after the reboot.

On the positive side, no BSODs after 4 days. Not much of a roll yet I know, but it's a start. Espcially after it did the last 2-3 consecutive days.

Kevin

 

That Outlook should be open - is it set to restart with Windows?

 

Not that I am aware of, but I think I saw some updates related to Outlook.
Could that have anything to do with it?

17 updates yesterday, including the one below..WOW.


Kevin

Update for Outlook Social Connector 2010 (KB2441641), 32-Bit Edition

Installation date: ‎4/‎15/‎2011 3:07 AM

Installation status: Successful

Update type: Important

Microsoft has released an update for the Outlook Social Connector, 32-Bit Edition. This update provides the latest fixes to the Outlook Social Connector, 32-Bit Edition. Additionally, this update contains stability and performance improvements.

 

Well, it could be that the auto-install was set to save/close Outlook before updating and open it after reboot but that doesn't explain the diff. user on the login screen, does it? Or am I misreading something?

 

Maybe I didn't state it properly.

I have 4 user accounts on the computer.
I was logged into mine when I left it overnight.
When the screensaver kicks in, and you come out of it, it usually goes back to the log in screen for the person who was logged in when it went to the screen saver.

When I woke this morning, it was on the main log in screen that shows the 4 user accounts.
Usually this means I'ved experienced a BSOD, because that's usually when I see a reboot that I didn't do myself.

In this case, it seems to be from an update from Microsoft.

Since there seem to be no other abnormalties, I'm going to assume the Outlook deal is due to the possibility you mentioned.

Other than that, still hoping we can go another week with no BSODs. Then I guess we can associate the issue with one of the last things removed, and close this, leaving it for others to find who may have this issue.

Kevin

Kevin

 

Ok, Kevin, it now looks like it was just from the WU reboot

Yup, go ahead and enjoy using it!

 

Well that went south in a hurry!:cry
Not an hour after the last post, it BSODed again.
Posting a copy just because the part after the pointed to driver is different.
Next up is removing NIS and NU, and loading the alternate AV with windows firewall and going from there.

Considering what it list as a problem, is there any chance of it being hardware related?
I mentioned that I ran mem and hd test for up to 18 hrs with no issue, so you would think that would catch some stuff.
The reason I ask is because about 6 months ago I tried OCing the memory, and ran into stability issues. At best would go 1 day before a crash.
Been running stock since because I also read that 1156 machines may be prone to hardware failure if the memory voltage is higher tan stock. Granted I only ran at the Corsair listed 1.64 instead of 1.5, but with this continuing I'm looking at anything.
Just want to see if there is a chance I messed up the CPU (or included memory controller) or the motherboard.
I also had the chipset heatsink fall off when replacing the something, but reinstalled with arcticsilver with no apparent ill effect. To be honest, the way the chipset heatsink was attached originally, I don't think it's functional on the 1156.

Anyway, just trying to see what other options lie ahead if this doesn't get it.

Kevin

 

Posting a copy - of what and where ?

I think that if it were hardware, it would be more likely to occur under stress only and there would be more pointers to it in the BSODs - can't fully rule out a bad NIC chip or card though.