Greetings all:
I've been the unhappy victim of a series of BSOD crashes lately, and since there are a lot of techies who frequent these boards, I'm hoping someone can give me some insight into my dump file (Mxy?).
The crash happens while playing the Oblivion Lost 2.2 mod for Stalker Shadow of Chernobyl v1.005, and I've been playing this game for a long time without any problems until now. All my drivers are up to date, and I haven't installed any new hardware/software (aside from the Auto Update function of Windows). Here are my system specs:
OS: Windows 7 Professional 64 bit (6.1, Build 7601)
CPU: Intel Core 2 Duo (Conroe 6600) @ 2.4 GHz
Mobo: Gigabyte 965P-DS3 (P965 Express ICH8)
GPU: EVGA GeForce GTX 550 Ti 2GB
RAM: 6GB Corsair XMS2 DDR2 800
HDD: WD Caviar Blue 500GB 7200rpm SATA
PSU: Antec Basiq 550W
(I know, I know, it's old--stop laughing, I'm poor!)
I was really hoping the minidump would identify a simple driver problem, but unfortunately, as you can see from the results WinDbg below, it was " Probably caused by : CI.dll ( CI!I_ReloadCatalogs+199 )," which is no help at all (at least to a noob like me).
My failed attempts at fixing:
Ran Startup Repair and hit system restore (no help)
Ran memory test (memcheck says memory modules are fine)
Ran sfc /scannow (nothing)
Uninstalled/reinstalled game and mod (still get BSOD w/probable cause as CI.dll after a couple of minutes of gameplay)
At the risk of muddying the waters a bit, I'll point out another problem that may or may not be related to this issue: After the first BSOD, my AVG antivirus stopped working. I've uninstalled/reinstalled AVG three times and have a work order in with their "advanced" tech support, but they haven't gotten back to me with the results of the diagnostic data in several days. Maybe I'm guilty of a post hoc fallacy here and the virus scanner problem is only a coincidence, but now I'm also suspicious of a rootkit infection. Unfortunately, I have no way of scanning this drive because I don't have a HD enclosure and no $ to buy one for a few days.
I'm at the point where I'm considering a nuke & pave solution, which I really don't want to do, not only because it's a time-consuming pain in the butt, but also because I don't know how many more times M$'s fascist licensing policies will allow me to install some of their newer programs. Anybody have any suggestions before I reformat?
The minidump and Debugger's analyze-v results are pasted below:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\022512-22593-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e1e000 PsLoadedModuleList = 0xfffff800`03063670
Debug session time: Sat Feb 25 21:25:33.125 2012 (UTC - 8:00)
System Uptime: 0 days 0:00:16.953
Loading Kernel Symbols
...............................................................
.......................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80003172344, fffff880031f37e8, fffff880031f3040}
Probably caused by : CI.dll ( CI!I_ReloadCatalogs+199 )
Followup: MachineOwner---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80003172344, The address that the exception occurred at
Arg3: fffff880031f37e8, Exception Record Address
Arg4: fffff880031f3040, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!RtlCompareUnicodeStrings+44
fffff800`03172344 470fb70411 movzx r8d,word ptr [r9+r10]
EXCEPTION_RECORD: fffff880031f37e8 -- (.exr 0xfffff880031f37e8)
ExceptionAddress: fffff80003172344 (nt!RtlCompareUnicodeStrings+0x0000000000000044)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880031f3040 -- (.cxr 0xfffff880031f3040)
rax=000000000000003b rbx=000000000000003b rcx=fffff8a0001ee06e
rdx=0000000000000050 rsi=fffff98000020654 rdi=000000000000003b
rip=fffff80003172344 rsp=fffff880031f3a28 rbp=0000000000000133
r8=00fff8a000b8ef80 r9=01000000009a0f12 r10=fffff8a0001ee06e
r11=fffff8a0001ee0e4 r12=0000000000008004 r13=fffff880031f3c40
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei pl nz ac po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010217
nt!RtlCompareUnicodeStrings+0x44:
fffff800`03172344 470fb70411 movzx r8d,word ptr [r9+r10] ds:002b:00fff8a0`00b8ef80=????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030cd100
ffffffffffffffff
FOLLOWUP_IP:
CI!I_ReloadCatalogs+199
fffff880`00c0e451 85c0 test eax,eax
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff8000313613e to fffff80003172344
STACK_TEXT:
fffff880`031f3a28 fffff800`0313613e : 00000000`00000000 00000000`00000133 fffff8a0`001ee010 00000000`00000082 : nt!RtlCompareUnicodeStrings+0x44
fffff880`031f3a30 fffff880`00c0e451 : 00000000`00000000 fffff8a0`00b6e5d8 00000000`00c50000 ffffffff`800001b4 : nt!RtlCompareUnicodeString+0x26
fffff880`031f3a70 fffff880`00c0d3e7 : ffffffff`800001ac 00000000`c0000428 fffff880`031f3f48 00000000`00000000 : CI!I_ReloadCatalogs+0x199
fffff880`031f3c10 fffff880`00c0b9cd : fffff880`031f3e60 00000000`00000001 fffff880`00000000 00000000`00000000 : CI!I_FindFileOrHeaderHashInCatalogs+0x10b
fffff880`031f3cb0 fffff880`00c0c381 : fffffa80`06588750 fffff880`031f3e60 00000000`00008004 00000000`00000000 : CI!CipFindFileHash+0xf9
fffff880`031f3d80 fffff880`00c0afbb : 00000000`00000001 fffff880`031f4040 fffff880`031f4040 00000000`00000000 : CI!CipValidateFileHash+0x311
fffff880`031f3ef0 fffff800`03107a44 : 00000000`000000f4 00000000`000fffff fffffa80`06588750 00000000`00000000 : CI!CiValidateImageHeader+0x213
fffff880`031f3fd0 fffff800`0310784a : 00000000`00000000 00000000`00000080 fffffa80`06540d10 00000000`00000000 : nt!SeValidateImageHeader+0x58
fffff880`031f4010 fffff800`03198086 : fffffa80`06588750 fffffa80`06540d10 00000000`00000001 00000000`000000f4 : nt!MiValidateImageHeader+0x21a
fffff880`031f40e0 fffff800`03176596 : fffff880`031f4330 fffff880`031f4450 fffff880`031f45e8 00000000`00000001 : nt!MmCreateSection+0x966
fffff880`031f42e0 fffff800`02e99ed3 : fffffa80`04f08680 fffff880`031f4588 fffff880`031f4378 00000000`00000000 : nt!NtCreateSection+0x171
fffff880`031f4360 fffff800`02e96470 : fffff800`03272c26 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`031f4568 fffff800`03272c26 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
fffff880`031f4570 fffff800`03272fec : ffffffff`80000190 fffffa80`00100000 fffffa80`04f4c0a8 00000000`000004ef : nt!MmCheckSystemImage+0x96
fffff880`031f46a0 fffff800`03273207 : ffffffff`80000190 fffff800`00000001 00000000`00000000 00000000`00000000 : nt!MiCreateSectionForDriver+0xcc
fffff880`031f4750 fffff800`0327edfd : 00000000`00000000 00000000`00000000 fffffa80`04f08680 00000000`00000000 : nt!MiObtainSectionForDriver+0xd7
fffff880`031f47b0 fffff800`03281a9d : fffff880`031f4928 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmLoadSystemImage+0x23d
fffff880`031f48d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopLoadDriver+0x44d
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: CI!I_ReloadCatalogs+199
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: CI
IMAGE_NAME: CI.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7c944
STACK_COMMAND: .cxr 0xfffff880031f3040 ; kb
FAILURE_BUCKET_ID: X64_0x7E_CI!I_ReloadCatalogs+199
BUCKET_ID: X64_0x7E_CI!I_ReloadCatalogs+199
Followup: MachineOwner
---------