Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Random Multiple BSOD


23 Jun 2013   #11
Arc

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64 Bit SP 1
 
 

Uninstall MagicISO.

Scan the system for possible virus infection with the following programs with these two programs. .
Let us know the results. Things depend on it highly.

Also report us the heat of the computer after a couple of hours of your normal usage. Upload a screenshot of the summery tab of Speccy.


My System SpecsSystem Spec
.

23 Jun 2013   #12

Windows 7 Professional X64 SP1
 
 

Alright here's my report :
TDSSKiller detects nothing both on normal and safe mode.
Windows Defender Offline detects nothing on quick scan, but it detects some files on full system scan which I'm sure it's a false positive, but don't worry i have deleted those just in case.
And you can see Speccy's summary at the attached image
My System SpecsSystem Spec
23 Jun 2013   #13
Arc

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64 Bit SP 1
 
 

Have you uninstalled MagicISO too?

I think I should let you know why I asked you to do these two. Have a look below at the quote ... the red lines ....
Quote:
fffff880`02ffe3f8 fffff800`02e865fe nt!KeBugCheck
fffff880`02ffe400 fffff800`02eb975d nt!KiKernelCalloutExceptionHandler+0xe
fffff880`02ffe430 fffff800`02eb8535 nt!RtlpExecuteHandlerForException+0xd
fffff880`02ffe460 fffff800`02ec94d1 nt!RtlDispatchException+0x415
fffff880`02ffeb40 fffff800`02e8e282 nt!KiDispatchException+0x135
fffff880`02fff1e0 fffff800`02e8cb8a nt!KiExceptionDispatch+0xc2
fffff880`02fff3c0 fffff800`02e7ad2e nt!KiGeneralProtectionFault+0x10a
fffff880`02fff550 fffff880`019a10ca nt!ExReleaseRundownProtectionCacheAware+0x22
fffff880`02fff580 fffff800`02e925c1 fvevol!FvePassThroughCompletion+0x22
fffff880`02fff5b0 fffff880`01801bce nt!IopfCompleteRequest+0x341
fffff880`02fff6a0 fffff800`02e925c1 CLASSPNP!TransferPktComplete+0x1ce
fffff880`02fff720 fffff880`00dbe41a nt!IopfCompleteRequest+0x341
fffff880`02fff810 fffff880`00dbe242 ataport!IdeCompleteScsiIrp+0x62
fffff880`02fff840 fffff880`00db8e32 ataport!IdeCommonCrbCompletion+0x5a
fffff880`02fff870 fffff880`00dc1805 ataport!IdeTranslateCompletedRequest+0x236
fffff880`02fff9a0 fffff880`00dc1104 ataport!IdeProcessCompletedRequests+0x4d5
fffff880`02fffad0 fffff800`02e992fc ataport!IdePortCompletionDpc+0x1a8
fffff880`02fffb90 fffff800`02e8690a nt!KiRetireDpcList+0x1bc
fffff880`02fffc40 00000000`00000000 nt!KiIdleLoop+0x5a
It is the controller for the ATA channels, alongwith the atapi.sys. Usually it is not to fail, as it is a system element. But it is most vulnerable to a particular type of malware named rootkit. Also, fake SCSI makes it vulnerable; which you have .... mcdbus.sys (MagicISO SCSI HOST Controller).

So these two possibilities are to be eliminated.

Other remaining possibilities are not very good for laptops. Will discuss about that too, only if the situation needs.

So uninstall MagicISO, and then observe the situation. If it BSODs again, upload the diag tool output.
My System SpecsSystem Spec
.


23 Jun 2013   #14

Windows 7 Professional X64 SP1
 
 

Yes, I have uninstalled MagicISO.
Oh and anyway I forgot to tell you that this BSOD occured when I'm installing a program which is an iso format and mounted with MagicDisc. Do you think it has anything to do with that ATA controller?
I'm sorry but what is diag tool output?
My System SpecsSystem Spec
23 Jun 2013   #15
Arc

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64 Bit SP 1
 
 

Diag tool output is the files that you obtain by running SF Diag tool, BSOD posting instructions.

For ISO or other disc image files, use either 7-zip (free) or Winrar (little price). They can extract any ISO files, so your work will be done smoothly, hassel free.

As I think MagicISO am a source of ataport.sys failure, I suggested to uninstall it. And your statement now supports my opinion.

I expect there will not be any more BSOD of this type. But if, it will be bad.

Observe the situation for a few days now.
My System SpecsSystem Spec
23 Jun 2013   #16

Windows 7 Professional X64 SP1
 
 

Oh I feel stupid, attached the file without even knowing the name
I'm already using Winrar as for the alternatives
And sure, I will observe from now on and will report right away if any BSOD appears again
My System SpecsSystem Spec
24 Jun 2013   #17

Windows 7 Professional X64 SP1
 
 

Just when i thought it had been settled, it's coming back. This time it's two BSODs ; the first one (MEMORY_MANAGEMENT) occurs randomly, and the second one (IRQL_NOT_LESS_OR_EQUAL) occurs immediately after i restarted my computer. This is really frustating I also attached a screenshot from BluescreenView, maybe it could give a little help
My System SpecsSystem Spec
24 Jun 2013   #18
Arc

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64 Bit SP 1
 
 

Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffffa80029f57f8, 2, 1, fffff80002ecab39}

Probably caused by : CI.dll ( CI!I_LoadCatalogCache+33f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa80029f57f8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ecab39, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fe100
GetUlongFromAddress: unable to read from fffff800030fe1c0
 fffffa80029f57f8 Nonpaged pool

CURRENT_IRQL:  2

FAULTING_IP: 
nt!IopfCompleteRequest+8b9
fffff800`02ecab39 48894108        mov     qword ptr [rcx+8],rax

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  fffff880009a85a0 -- (.trap 0xfffff880009a85a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff880009a8700 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff8a000486970 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002f11c83 rsp=fffff880009a8730 rbp=fffff8a000495fff
 r8=fffff8a000563e95  r9=0000000000088547 r10=fffff8a000486000
r11=fffff8a000563e8d r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!LZNT1DecompressChunk+0x53:
fffff800`02f11c83 8a5601          mov     dl,byte ptr [rsi+1] ds:00000000`00000001=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ec61a9 to fffff80002ec6c00

STACK_TEXT:  
fffff880`009a7aa8 fffff800`02ec61a9 : 00000000`0000000a fffffa80`029f57f8 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`009a7ab0 fffff800`02ec4e20 : 00000000`00000001 fffffa80`069f5508 00000000`00000000 00000000`00000042 : nt!KiBugCheckDispatch+0x69
fffff880`009a7bf0 fffff800`02ecab39 : fffffa00`01000101 00000000`00000001 00000000`00000000 fffffa80`07b47180 : nt!KiPageFault+0x260
fffff880`009a7d80 fffff880`0121385c : fffff880`00000001 fffffa80`00000001 fffff880`009a8050 00000000`00000000 : nt!IopfCompleteRequest+0x8b9
fffff880`009a7e70 fffff880`012102a5 : fffff8a0`001d7bc0 fffff880`009a8050 00000000`00000000 00000000`00000000 : Ntfs!NtfsExtendedCompleteRequestInternal+0x11c
fffff880`009a7eb0 fffff880`01210478 : fffff880`009a8050 fffffa80`0697b350 fffff880`009a8101 fffffa80`07f46001 : Ntfs!NtfsCommonRead+0x1bdc
fffff880`009a8020 fffff880`01082bcf : fffffa80`0697b6f0 fffffa80`0697b350 fffffa80`07f46010 00000000`00000001 : Ntfs!NtfsFsdRead+0x1b8
fffff880`009a8230 fffff880`010816df : fffffa80`07958950 fffffa80`069f5401 fffffa80`07958900 fffffa80`0697b350 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`009a82c0 fffff800`02eede15 : fffffa80`0697b370 fffffa80`07f43450 fffffa80`079789d0 00000000`00088000 : fltmgr!FltpDispatch+0xcf
fffff880`009a8320 fffff800`02eed8e9 : fffffa80`07f4b300 fffffa80`07f4b300 fffffa80`07978910 fffff700`01080000 : nt!IoPageRead+0x255
fffff880`009a83b0 fffff800`02ed428a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff800`00000000 : nt!MiIssueHardFault+0x255
fffff880`009a8440 fffff800`02ec4d2e : 00000000`00000000 00000000`00088000 fffff880`009a8600 00000000`00000004 : nt!MmAccessFault+0x146a
fffff880`009a85a0 fffff800`02f11c83 : fffff8a0`00563e95 00000000`0000bf7f 00000000`000875d6 fffff8a0`00486000 : nt!KiPageFault+0x16e
fffff880`009a8730 fffff800`032424ea : fffff880`00000001 72634943`009a88f0 00000000`00000000 00000000`00000000 : nt!LZNT1DecompressChunk+0x53
fffff880`009a8760 fffff800`0323535a : 00000000`000e1e95 00000000`00001000 fffff880`009a8c18 00000000`00000000 : nt!RtlDecompressBufferLZNT1+0x6a
fffff880`009a87c0 fffff880`00c97f2b : fffff8a0`00274000 00000000`00000000 fffff880`009a8c18 00000000`000007ff : nt!RtlDecompressBuffer+0x5a
fffff880`009a8800 fffff880`00c95340 : 00000000`0069ed91 00000000`c0000428 00000000`00080000 ffffffff`80000164 : CI!I_LoadCatalogCache+0x33f
fffff880`009a88e0 fffff880`00c939cd : fffff880`009a8b30 ffffffff`00000001 00000000`00000000 fffff880`00000000 : CI!I_FindFileOrHeaderHashInCatalogs+0x64
fffff880`009a8980 fffff880`00c94381 : fffffa80`06a0fb70 fffff880`009a8b30 00000000`00008004 00000000`00000000 : CI!CipFindFileHash+0xf9
fffff880`009a8a50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : CI!CipValidateFileHash+0x311


STACK_COMMAND:  kb

FOLLOWUP_IP: 
CI!I_LoadCatalogCache+33f
fffff880`00c97f2b 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX:  10

SYMBOL_NAME:  CI!I_LoadCatalogCache+33f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: CI

IMAGE_NAME:  CI.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7c944

FAILURE_BUCKET_ID:  X64_0xA_CI!I_LoadCatalogCache+33f

BUCKET_ID:  X64_0xA_CI!I_LoadCatalogCache+33f

Followup: MachineOwner
---------

0: kd> lmvm CI
start             end                 module name
fffff880`00c88000 fffff880`00d48000   CI         (pdb symbols)          c:\symbols\ci.pdb\1DF98E11C0874281949A1AB1B1E104851\ci.pdb
    Loaded symbol image file: CI.dll
    Mapped memory image file: c:\symbols\CI.dll\4CE7C944c0000\CI.dll
    Image path: \SystemRoot\system32\CI.dll
    Image name: CI.dll
    Timestamp:        Sat Nov 20 18:42:36 2010 (4CE7C944)
    CheckSum:         000CB0F6
    ImageSize:        000C0000
    File version:     6.1.7601.17514
    Product version:  6.1.7601.17514
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ci.dll
    OriginalFilename: ci.dll
    ProductVersion:   6.1.7601.17514
    FileVersion:      6.1.7601.17514 (win7sp1_rtm.101119-1850)
    FileDescription:  Code Integrity Module
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
Some system elements are failing this time .....

As the last chance before sending it to servicing and claiming the motherboard is corrupt, I would suggest you to make it sure that the windows installation is not corrupt.

Go for a Clean Reinstall - Factory OEM Windows 7

Do things only suggested there. Let it run for a few days. Observe it is BSODing anymore or not.
My System SpecsSystem Spec
24 Jun 2013   #19

Windows 7 Professional X64 SP1
 
 

Oh man that's a bad news
Alright I'll do that, it may take at the very least a week
My System SpecsSystem Spec
25 Jun 2013   #20

Windows 7 Professional X64 SP1
 
 

A little question, is it possible that my current windows corrupted because of FAT32 format of flash disk? Well I always used FAT32 instead of NTFS and I never used the official tools to burn the iso file to dvd
My System SpecsSystem Spec
Reply

 Random Multiple BSOD




Thread Tools



Similar help and support threads for2: Random Multiple BSOD
Thread Forum
Multiple random and frequent BSOD BSOD Help and Support
Solved Multiple BSOD's on windowslogon/random BSOD Help and Support
Solved Multiple BSOD's - Seems Random BSOD Help and Support
Multiple BSOD at Random Times with Multiple Drivers Identified BSOD Help and Support
Multiple Random BSOD's BSOD Help and Support
Multiple BSOD issues at random. BSOD Help and Support
Multiple and random BSOD BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:39 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33