Uninstall MagicISO.
Scan the system for possible virus infection with the following programs with these two programs. .
Let us know the results. Things depend on it highly.
Also report us the heat of the computer after a couple of hours of your normal usage. Upload a screenshot of the summery tab of Speccy.
Alright here's my report :
TDSSKiller detects nothing both on normal and safe mode.
Windows Defender Offline detects nothing on quick scan, but it detects some files on full system scan which I'm sure it's a false positive, but don't worry i have deleted those just in case.
And you can see Speccy's summary at the attached image
Have you uninstalled MagicISO too?
I think I should let you know why I asked you to do these two. Have a look below at the quote ... the red lines ....
It is the controller for the ATA channels, alongwith the atapi.sys. Usually it is not to fail, as it is a system element. But it is most vulnerable to a particular type of malware named rootkit. Also, fake SCSI makes it vulnerable; which you have .... mcdbus.sys (MagicISO SCSI HOST Controller).fffff880`02ffe3f8 fffff800`02e865fe nt!KeBugCheck
fffff880`02ffe400 fffff800`02eb975d nt!KiKernelCalloutExceptionHandler+0xe
fffff880`02ffe430 fffff800`02eb8535 nt!RtlpExecuteHandlerForException+0xd
fffff880`02ffe460 fffff800`02ec94d1 nt!RtlDispatchException+0x415
fffff880`02ffeb40 fffff800`02e8e282 nt!KiDispatchException+0x135
fffff880`02fff1e0 fffff800`02e8cb8a nt!KiExceptionDispatch+0xc2
fffff880`02fff3c0 fffff800`02e7ad2e nt!KiGeneralProtectionFault+0x10a
fffff880`02fff550 fffff880`019a10ca nt!ExReleaseRundownProtectionCacheAware+0x22
fffff880`02fff580 fffff800`02e925c1 fvevol!FvePassThroughCompletion+0x22
fffff880`02fff5b0 fffff880`01801bce nt!IopfCompleteRequest+0x341
fffff880`02fff6a0 fffff800`02e925c1 CLASSPNP!TransferPktComplete+0x1ce
fffff880`02fff720 fffff880`00dbe41a nt!IopfCompleteRequest+0x341
fffff880`02fff810 fffff880`00dbe242 ataport!IdeCompleteScsiIrp+0x62
fffff880`02fff840 fffff880`00db8e32 ataport!IdeCommonCrbCompletion+0x5a
fffff880`02fff870 fffff880`00dc1805 ataport!IdeTranslateCompletedRequest+0x236
fffff880`02fff9a0 fffff880`00dc1104 ataport!IdeProcessCompletedRequests+0x4d5
fffff880`02fffad0 fffff800`02e992fc ataport!IdePortCompletionDpc+0x1a8
fffff880`02fffb90 fffff800`02e8690a nt!KiRetireDpcList+0x1bc
fffff880`02fffc40 00000000`00000000 nt!KiIdleLoop+0x5a
So these two possibilities are to be eliminated.
Other remaining possibilities are not very good for laptops. Will discuss about that too, only if the situation needs.
So uninstall MagicISO, and then observe the situation. If it BSODs again, upload the diag tool output.
Yes, I have uninstalled MagicISO.
Oh and anyway I forgot to tell you that this BSOD occured when I'm installing a program which is an iso format and mounted with MagicDisc. Do you think it has anything to do with that ATA controller?
I'm sorry but what is diag tool output?
Diag tool output is the files that you obtain by running SF Diag tool, BSOD posting instructions.
For ISO or other disc image files, use either 7-zip (free) or Winrar (little price). They can extract any ISO files, so your work will be done smoothly, hassel free.
As I think MagicISO am a source of ataport.sys failure, I suggested to uninstall it. And your statement now supports my opinion.
I expect there will not be any more BSOD of this type. But if, it will be bad.
Observe the situation for a few days now.
Oh I feel stupid, attached the file without even knowing the name
I'm already using Winrar as for the alternatives
And sure, I will observe from now on and will report right away if any BSOD appears again
Just when i thought it had been settled, it's coming back. This time it's two BSODs ; the first one (MEMORY_MANAGEMENT) occurs randomly, and the second one (IRQL_NOT_LESS_OR_EQUAL) occurs immediately after i restarted my computer. This is really frustatingI also attached a screenshot from BluescreenView, maybe it could give a little help
Some system elements are failing this time .....Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {fffffa80029f57f8, 2, 1, fffff80002ecab39} Probably caused by : CI.dll ( CI!I_LoadCatalogCache+33f ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: fffffa80029f57f8, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80002ecab39, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fe100 GetUlongFromAddress: unable to read from fffff800030fe1c0 fffffa80029f57f8 Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: nt!IopfCompleteRequest+8b9 fffff800`02ecab39 48894108 mov qword ptr [rcx+8],rax CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: System TRAP_FRAME: fffff880009a85a0 -- (.trap 0xfffff880009a85a0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff880009a8700 rbx=0000000000000000 rcx=0000000000000000 rdx=fffff8a000486970 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002f11c83 rsp=fffff880009a8730 rbp=fffff8a000495fff r8=fffff8a000563e95 r9=0000000000088547 r10=fffff8a000486000 r11=fffff8a000563e8d r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!LZNT1DecompressChunk+0x53: fffff800`02f11c83 8a5601 mov dl,byte ptr [rsi+1] ds:00000000`00000001=?? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ec61a9 to fffff80002ec6c00 STACK_TEXT: fffff880`009a7aa8 fffff800`02ec61a9 : 00000000`0000000a fffffa80`029f57f8 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`009a7ab0 fffff800`02ec4e20 : 00000000`00000001 fffffa80`069f5508 00000000`00000000 00000000`00000042 : nt!KiBugCheckDispatch+0x69 fffff880`009a7bf0 fffff800`02ecab39 : fffffa00`01000101 00000000`00000001 00000000`00000000 fffffa80`07b47180 : nt!KiPageFault+0x260 fffff880`009a7d80 fffff880`0121385c : fffff880`00000001 fffffa80`00000001 fffff880`009a8050 00000000`00000000 : nt!IopfCompleteRequest+0x8b9 fffff880`009a7e70 fffff880`012102a5 : fffff8a0`001d7bc0 fffff880`009a8050 00000000`00000000 00000000`00000000 : Ntfs!NtfsExtendedCompleteRequestInternal+0x11c fffff880`009a7eb0 fffff880`01210478 : fffff880`009a8050 fffffa80`0697b350 fffff880`009a8101 fffffa80`07f46001 : Ntfs!NtfsCommonRead+0x1bdc fffff880`009a8020 fffff880`01082bcf : fffffa80`0697b6f0 fffffa80`0697b350 fffffa80`07f46010 00000000`00000001 : Ntfs!NtfsFsdRead+0x1b8 fffff880`009a8230 fffff880`010816df : fffffa80`07958950 fffffa80`069f5401 fffffa80`07958900 fffffa80`0697b350 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`009a82c0 fffff800`02eede15 : fffffa80`0697b370 fffffa80`07f43450 fffffa80`079789d0 00000000`00088000 : fltmgr!FltpDispatch+0xcf fffff880`009a8320 fffff800`02eed8e9 : fffffa80`07f4b300 fffffa80`07f4b300 fffffa80`07978910 fffff700`01080000 : nt!IoPageRead+0x255 fffff880`009a83b0 fffff800`02ed428a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff800`00000000 : nt!MiIssueHardFault+0x255 fffff880`009a8440 fffff800`02ec4d2e : 00000000`00000000 00000000`00088000 fffff880`009a8600 00000000`00000004 : nt!MmAccessFault+0x146a fffff880`009a85a0 fffff800`02f11c83 : fffff8a0`00563e95 00000000`0000bf7f 00000000`000875d6 fffff8a0`00486000 : nt!KiPageFault+0x16e fffff880`009a8730 fffff800`032424ea : fffff880`00000001 72634943`009a88f0 00000000`00000000 00000000`00000000 : nt!LZNT1DecompressChunk+0x53 fffff880`009a8760 fffff800`0323535a : 00000000`000e1e95 00000000`00001000 fffff880`009a8c18 00000000`00000000 : nt!RtlDecompressBufferLZNT1+0x6a fffff880`009a87c0 fffff880`00c97f2b : fffff8a0`00274000 00000000`00000000 fffff880`009a8c18 00000000`000007ff : nt!RtlDecompressBuffer+0x5a fffff880`009a8800 fffff880`00c95340 : 00000000`0069ed91 00000000`c0000428 00000000`00080000 ffffffff`80000164 : CI!I_LoadCatalogCache+0x33f fffff880`009a88e0 fffff880`00c939cd : fffff880`009a8b30 ffffffff`00000001 00000000`00000000 fffff880`00000000 : CI!I_FindFileOrHeaderHashInCatalogs+0x64 fffff880`009a8980 fffff880`00c94381 : fffffa80`06a0fb70 fffff880`009a8b30 00000000`00008004 00000000`00000000 : CI!CipFindFileHash+0xf9 fffff880`009a8a50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : CI!CipValidateFileHash+0x311 STACK_COMMAND: kb FOLLOWUP_IP: CI!I_LoadCatalogCache+33f fffff880`00c97f2b 8bd8 mov ebx,eax SYMBOL_STACK_INDEX: 10 SYMBOL_NAME: CI!I_LoadCatalogCache+33f FOLLOWUP_NAME: MachineOwner MODULE_NAME: CI IMAGE_NAME: CI.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7c944 FAILURE_BUCKET_ID: X64_0xA_CI!I_LoadCatalogCache+33f BUCKET_ID: X64_0xA_CI!I_LoadCatalogCache+33f Followup: MachineOwner --------- 0: kd> lmvm CI start end module name fffff880`00c88000 fffff880`00d48000 CI (pdb symbols) c:\symbols\ci.pdb\1DF98E11C0874281949A1AB1B1E104851\ci.pdb Loaded symbol image file: CI.dll Mapped memory image file: c:\symbols\CI.dll\4CE7C944c0000\CI.dll Image path: \SystemRoot\system32\CI.dll Image name: CI.dll Timestamp: Sat Nov 20 18:42:36 2010 (4CE7C944) CheckSum: 000CB0F6 ImageSize: 000C0000 File version: 6.1.7601.17514 Product version: 6.1.7601.17514 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: ci.dll OriginalFilename: ci.dll ProductVersion: 6.1.7601.17514 FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) FileDescription: Code Integrity Module LegalCopyright: © Microsoft Corporation. All rights reserved.
As the last chance before sending it to servicing and claiming the motherboard is corrupt, I would suggest you to make it sure that the windows installation is not corrupt.
Go for a Clean Reinstall - Factory OEM Windows 7
Do things only suggested there. Let it run for a few days. Observe it is BSODing anymore or not.
Oh man that's a bad news
Alright I'll do that, it may take at the very least a week
A little question, is it possible that my current windows corrupted because of FAT32 format of flash disk? Well I always used FAT32 instead of NTFS and I never used the official tools to burn the iso file to dvd
Quote
