Security software (just to check that you have it and it is running properly; nothing needs to be done at this time):
Code:
avgcsrva.exe c:\program files (x86)\avg\avg10\avgcsrva.exe 2660 8 200 1380 4/2/2012 7:16 PM 10.0.0.1355 506.84 KB (519,008 bytes) 3/28/2011 3:00 AM
avgemca.exe c:\program files (x86)\avg\avg10\avgemca.exe 3800 8 200 1380 4/2/2012 7:11 PM 10.0.0.1352 1.61 MB (1,687,904 bytes) 3/16/2011 4:05 PM
avgnsa.exe c:\program files (x86)\avg\avg10\avgnsa.exe 3752 8 200 1380 4/2/2012 7:11 PM 10.0.0.1409 1.73 MB (1,817,440 bytes) 9/9/2011 3:10 AM
avgtray.exe c:\program files (x86)\avg\avg10\avgtray.exe 2880 8 200 1380 4/2/2012 7:11 PM 10.0.0.1420 2.23 MB (2,339,168 bytes) 1/17/2012 8:03 PM
avgwdsvc.exe c:\program files (x86)\avg\avg10\avgwdsvc.exe 1976 8 200 1380 4/2/2012 7:10 PM 10.0.0.1295 263.20 KB (269,520 bytes) 2/8/2011 4:33 AM
avgidsagent.exe c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsagent.exe 2728 8 200 1380 4/2/2012 7:11 PM 10.1.0.1424 7.05 MB (7,391,072 bytes) 1/31/2012 3:02 PM
avgidsmonitor.exe c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsmonitor.exe 3736 8 200 1380 4/2/2012 7:11 PM 10.1.0.1297 1.10 MB (1,148,256 bytes) 2/10/2011 6:55 AM
Possible out of date drivers:
Code:
lmimirr fffff880`06bc8000 fffff880`06bcf000 Tue Apr 10 16:32:45 2007 (461c108d) 0000a04c lmimirr.sys
RaInfo fffff880`0631d000 fffff880`06324000 Fri Jan 04 11:57:14 2008 (477e818a) 0000d903 RaInfo.sys
jswpslwfx fffff880`02d7f000 fffff880`02d8c000 Thu May 15 04:28:50 2008 (482c1062) 00011e66 jswpslwfx.sys
LMIRfsDriver fffff880`06324000 fffff880`06337000 Mon Jul 14 10:26:56 2008 (487b7e50) 0001e26d LMIRfsDriver.sys
sensorsview32_64 fffff880`02de7000 fffff880`02dee000 Sat Jul 26 07:29:37 2008 (488b26c1) 00011908 sensorsview32_64.sys
lmimirr.sys RaInfo.sys jswpslwfx.sys LMIRfsDriver.sys sensorsview32_64.sys
The drivers listed in red may cause problems on your system... We see a lot of crashes caused by USB wireless network adapters with out of date drivers. Recommend removing the device and connecting via your Ethernet cable, at least to test. If this is not feasible, try to do the things you normally do that cause crashes without the USB device in the system. You could also check if there is a driver update for the USB wireless network adapter.
Code:
-
Loading Dump File [D:\Kingston\BSODDmpFiles\morbias419\Windows_NT6_BSOD_jcgriff2\040212-29484-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03015000 PsLoadedModuleList = 0xfffff800`03259650
Debug session time: Mon Apr 2 18:51:04.890 2012 (UTC - 6:00)
System Uptime: 0 days 0:12:31.466
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 109, {a3a039d89ffe5677, b3b7465ef27b25dd, fffff800033b9ff0, 1}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d89ffe5677, Reserved
Arg2: b3b7465ef27b25dd, Reserved
Arg3: fffff800033b9ff0, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
Debugging Details:
------------------
BUGCHECK_STR: 0x109
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80003091d40
STACK_TEXT:
fffff880`031c45d8 00000000`00000000 : 00000000`00000109 a3a039d8`9ffe5677 b3b7465e`f27b25dd fffff800`033b9ff0 : nt!KeBugCheckEx
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: BAD_STACK
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\morbias419\Windows_NT6_BSOD_jcgriff2\040212-23992-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03065000 PsLoadedModuleList = 0xfffff800`032a9650
Debug session time: Mon Apr 2 18:37:15.312 2012 (UTC - 6:00)
System Uptime: 0 days 1:30:25.498
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff800033d739e, fffff88003a74ab0, 0}
Probably caused by : ntkrnlmp.exe ( nt!ObpWaitForMultipleObjects+173 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800033d739e, Address of the instruction which caused the bugcheck
Arg3: fffff88003a74ab0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ObpWaitForMultipleObjects+173
fffff800`033d739e 0fb64718 movzx eax,byte ptr [rdi+18h]
CONTEXT: fffff88003a74ab0 -- (.cxr 0xfffff88003a74ab0)
rax=00000000ffefffff rbx=fffff8a00dfc60d0 rcx=0000000000000000
rdx=fffffa80099e3901 rsi=0000000000000006 rdi=0000000000000000
rip=fffff800033d739e rsp=fffff88003a75490 rbp=fffff88003a75ca0
r8=0000000000000010 r9=fffff8a00dfac000 r10=fffffa800a6ae060
r11=fffffffffffffd80 r12=fffff88003a759c8 r13=fffff8a00b69f8f0
r14=0000000000000005 r15=0000000000000007
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!ObpWaitForMultipleObjects+0x173:
fffff800`033d739e 0fb64718 movzx eax,byte ptr [rdi+18h] ds:002b:00000000`00000018=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: lotroclient.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800033d739e
STACK_TEXT:
fffff880`03a75490 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpWaitForMultipleObjects+0x173
FOLLOWUP_IP:
nt!ObpWaitForMultipleObjects+173
fffff800`033d739e 0fb64718 movzx eax,byte ptr [rdi+18h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ObpWaitForMultipleObjects+173
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ec79dd2
STACK_COMMAND: .cxr 0xfffff88003a74ab0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ObpWaitForMultipleObjects+173
BUCKET_ID: X64_0x3B_nt!ObpWaitForMultipleObjects+173
Followup: MachineOwner
---------
- Possible causes are Memory problems... Drivers...
- Possible causes are Memory problems... Corrupted hard disk file system... Corrupted System Files... Graphics Driver... Drivers...
The two commonalities are Memory and Drivers. Also, since unknown module is showing up as the cause of two of the three crashes, this could mean one of three things:
- You have a virus/malware that is causing crashes
- You have corrupted data on your system
- An underlying driver that is not being found is causing the crashes
Do the following to determine which of the three is causing the problem:
- If you are overclocking any hardware, please stop.
- Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log.
For any drives that do not give the message:
Windows has checked the file system and found no problems
run disk check again as above. In other words, if it says:
Windows has made corrections to the file system
after running the disk check, run the disk check again.
- Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors with a restart in between each. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
- Scan for viruses with a full scan using the free version (do not start the trial) of Malwarebytes : Free anti-malware, anti-virus and spyware removal download and also run a full scan with AVG.
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
If you swap any memory components, follow these steps for ESD safety:- Shut down and turn off your computer.
- Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
- Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
- Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.
- An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
a. Backup your system and user files
b. Create a system restore point
c. If you do not have a Windows 7 DVD, Create a system repair disc
d. In Windows 7:- Click the Start Menu
- Type verifier in Search programs and files (do not hit enter)
- Right click verifier and click Run as administrator
- Put a tick in Create custom settings (for code developers) and click next
- Put a tick in Select individual settings from a full list and click next
- Set up the individual settings as in the image and click next
Attachment 205585 - Put a tick in Select driver names from a list
- Put a tick next to all non-Microsoft drivers.
- Click Finish.
- Restart your computer.
If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using System Restore OPTION TWO.
Thanks to zigzag3143 for contributing to the Verifier steps.
If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
The idea with Verifier is to cause the system to crash, so do the things you normally do that cause crashes. After you have a few crashes, upload the crash reports for us to take a look and try to find patterns.
BSOD - playing lotro - bccode: 116 
