BSOD while PC is idle, PC infected?

Hi, for a week I've been having problems with random BSOD.
This is what happens: when PC crashes and I run chkdsk, it delays at 7% and 8%, saying it can't read most of the entries. When it's finished reading all entries (~10%), it starts showing faulty parts. Then it says there's errors and it doesn't seem to fix it. Computer starts up again and chkdsk is run again automatically.

So there seems to be problems with my HD but I can't fix it and I can't resize the main partition in order to save data and format C:. What can I do?

I attach the SF DTool .zip and below I copy the BSOD error codes when Windows starts after crashing.

{I write this in English because it's in Spanish}
{Nombre del evento de problema:} Problem event name: BlueScreen
{Versión del sistema operativo:} OS version: 6.1.7601.2.1.0.768.2

{Información adicional del problema:} Additional info:
BCCode: 7a
BCP1: FFFFF6FC0001A708
BCP2: FFFFFFFFC00000B5
BCP3: 00000000537A7860
BCP4: FFFFF800034E1000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Thank you.

edit: forgot to tell you some info about my pc in case it's relevant (let me know if there's any more info you need). Here goes:

Lenovo G470
OS: Windows 7 Home Basic 64 bit
Version: 6.1.7601 SP 1
Processor Intel(R) Pentium(R) CPU B940 @ 2.00GHZ, 2000 Mhz
RAM: 2GB

Welcome

Problematic software:

Code:

Start Menu\Programs\AVG	Public:Start Menu\Programs\AVG	Public
Start Menu\Programs\AVG Anti-Spyware 7.5	Public:Start Menu\Programs\AVG Anti-Spyware 7.5	Public
Start Menu\Programs\AVG PC TuneUp	Public:Start Menu\Programs\AVG PC TuneUp	Public
Start Menu\Programs\AVG PC TuneUp\Todas las funciones	Public:Start Menu\Programs\AVG PC TuneUp\Todas las funciones	Public

Please uninstall everything related to AVG, it’s known to cause BSoDs. Specially the tune-up stuff you’re having installed. They rather tune-down the PC. Get rid of all of that right away. Download and install Microsoft Security Essentials. It's free, light weight and does not trouble the Windows 7 system. Make a full scan once installed and updated. If you want to "optimize" your laptop/desktop, go through the tutorial listed below.

• AVG Removal Tool - Google Search (or use Revo uninstaller to uninstall)
• Microsoft Security Essentials - Free Antivirus for Windows
• Optimize Windows 7

Code:

Start Menu\Programs\DAEMON Tools Lite	Public:Start Menu\Programs\DAEMON Tools Lite	Public

Daemon Tools is known to cause BSoDs. Search our forum and you’ll get loads of evidence.

• Removing DAEMON Tools Lite | daemon-help.com

Coming to the actual reason of the BSoD, it was caused by some Lenovo junk installed on your computer. The so called “Lenovo EE Boot Optimizer driver”.

Uninstall those as well, using the advance mode of Revo Uninstaller Free

• Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7A, {fffff6fc500019d0, ffffffffc00000b5, 31bcc880, fffff8a00033a000}

Unable to load image fbfmon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for fbfmon.sys
*** ERROR: Module load completed but symbols could not be loaded for fbfmon.sys
Probably caused by : fbfmon.sys ( fbfmon+330f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in.  Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: fffff6fc500019d0, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc00000b5, error status (normally i/o status code)
Arg3: 0000000031bcc880, current process (virtual address for lock type 3, or PTE)
Arg4: fffff8a00033a000, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)

Debugging Details:
------------------


ERROR_CODE: (NTSTATUS) 0xc00000b5 - {Device Timeout}  The specified I/O operation on %hs was not completed before the time-out period expired.

BUGCHECK_STR:  0x7a_c00000b5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  wmpnetwk.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff8800885c510 -- (.trap 0xfffff8800885c510)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=f8a00033a0000400 rbx=0000000000000000 rcx=ffffffffffffffff
rdx=0000000000000011 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800032f3020 rsp=fffff8800885c6a0 rbp=fffff8800885c700
 r8=0000000000000005  r9=fffffa8001244fd0 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!MmCheckCachedPageStates+0x3f0:
fffff800`032f3020 498b1c24        mov     rbx,qword ptr [r12] ds:0001:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000334c842 to fffff800032dcd00

STACK_TEXT:  
fffff880`0885c6a0 fffff800`0329ec9a : fffff980`13800000 00000000`0000003f fffff8a0`00000005 fffff8a0`00040000 : nt!MmCheckCachedPageStates+0x3f0
fffff880`0885c850 fffff800`035cf7bd : fffffa80`058ed5a0 fffffa80`030d7e60 00000000`0000000e fffff8a0`01dc2ad0 : nt!CcMapDataForOverwrite+0x10a
fffff880`0885c8e0 fffff880`01b005e3 : fffffa80`058ed5a0 fffff800`00040000 00000048`00000000 00000000`00000000 : nt!CcPreparePinWrite+0x69
fffff880`0885c9a0 fffff880`01af2dd3 : 00000000`00000070 fffff8a0`00095590 00000000`000000a0 fffff8a0`000954f0 : Ntfs!LfsAllocateLbcb+0x12f
fffff880`0885ca10 fffff880`01aecf7f : 00000000`00000000 fffff880`0885cce0 00000000`00000070 00000000`00000000 : Ntfs!LfsPrepareLfcbForLogRecord+0x97
fffff880`0885ca40 fffff880`01af38b5 : fffff8a0`00000000 fffff8a0`00214d00 fffff880`0885d800 fffff880`00000001 : Ntfs!LfsWriteLogRecordIntoLogPage+0x43f
fffff880`0885cae0 fffff880`01aef676 : fffff8a0`09239a90 fffffa80`00000002 00000007`f967ffed fffff880`0885cd30 : Ntfs!LfsWrite+0x145
fffff880`0885cba0 fffff880`01af4b05 : fffff880`0885d650 fffffa80`059d5610 00000000`028f7358 fffff980`0581c000 : Ntfs!NtfsWriteLog+0x466
fffff880`0885cdf0 fffff880`01afb868 : fffff880`0885d650 fffff8a0`02c3ca01 00000002`3bcf7358 00000000`00000702 : Ntfs!NtOfsPutData+0x229
fffff880`0885cf20 fffff880`01afc163 : fffff880`0885d650 00000000`00000001 fffff880`0885d650 00000000`00000000 : Ntfs!NtfsWriteFcbUsnRecordToJournal+0xa8
fffff880`0885cfe0 fffff880`01ad9d72 : fffff880`0885d601 fffff8a0`0282b270 fffff8a0`0015e180 fffff8a0`09239a90 : Ntfs!NtfsWriteUsnJournalChanges+0x187
fffff880`0885d060 fffff880`01a48cc9 : 00000000`00000353 47696857`08042790 fffff880`0885d5b0 00000000`00006000 : Ntfs!NtfsCommonCleanup+0x1392
fffff880`0885d470 fffff800`032e9668 : fffff880`0885d5b0 fffff880`01a479bb fffff880`0885d6d8 fffffa80`08042790 : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`0885d4a0 fffff880`01a48d42 : fffff880`01a48cb0 fffff880`071b9a72 fffff880`0885d900 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xd8
fffff880`0885d580 fffff880`01ae7a04 : fffff880`0885d650 fffff880`0885d650 fffff880`0885d650 00000000`00000d60 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`0885d5f0 fffff880`01828bcf : fffff880`0885d650 fffffa80`03b379c0 fffffa80`03b37da8 fffffa80`036568e0 : Ntfs!NtfsFsdCleanup+0x144
fffff880`0885d860 fffff880`018276df : fffffa80`05937bf0 fffffa80`08042790 fffffa80`03b9c400 fffffa80`03b379c0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0885d8f0 fffff880`0203d30f : fffffa80`06636e00 fffff800`00000002 fffffa80`03b37df0 fffff880`0203d31b : fltmgr!FltpDispatch+0xcf
fffff880`0885d950 fffffa80`06636e00 : fffff800`00000002 fffffa80`03b37df0 fffff880`0203d31b fffffa80`058f9530 : fbfmon+0x330f
fffff880`0885d958 fffff800`00000002 : fffffa80`03b37df0 fffff880`0203d31b fffffa80`058f9530 fffff800`00000002 : 0xfffffa80`06636e00
fffff880`0885d960 fffffa80`03b37df0 : fffff880`0203d31b fffffa80`058f9530 fffff800`00000002 fffff880`0885d980 : 0xfffff800`00000002
fffff880`0885d968 fffff880`0203d31b : fffffa80`058f9530 fffff800`00000002 fffff880`0885d980 fffff880`0885d980 : 0xfffffa80`03b37df0
fffff880`0885d970 fffffa80`058f9530 : fffff800`00000002 fffff880`0885d980 fffff880`0885d980 fffff8a0`024b9301 : fbfmon+0x331b
fffff880`0885d978 fffff800`00000002 : fffff880`0885d980 fffff880`0885d980 fffff8a0`024b9301 fffffa80`06636e20 : 0xfffffa80`058f9530
fffff880`0885d980 fffff880`0885d980 : fffff880`0885d980 fffff8a0`024b9301 fffffa80`06636e20 fffffa80`06636e20 : 0xfffff800`00000002
fffff880`0885d988 fffff880`0885d980 : fffff8a0`024b9301 fffffa80`06636e20 fffffa80`06636e20 00000000`00000000 : 0xfffff880`0885d980
fffff880`0885d990 fffff8a0`024b9301 : fffffa80`06636e20 fffffa80`06636e20 00000000`00000000 fffffa80`08042790 : 0xfffff880`0885d980
fffff880`0885d998 fffffa80`06636e20 : fffffa80`06636e20 00000000`00000000 fffffa80`08042790 fffff880`0203b43c : 0xfffff8a0`024b9301
fffff880`0885d9a0 fffffa80`06636e20 : 00000000`00000000 fffffa80`08042790 fffff880`0203b43c fffffa80`03b379c0 : 0xfffffa80`06636e20
fffff880`0885d9a8 00000000`00000000 : fffffa80`08042790 fffff880`0203b43c fffffa80`03b379c0 fffffa80`0383fb30 : 0xfffffa80`06636e20


STACK_COMMAND:  .trap 0xfffff8800885c510 ; kb

FOLLOWUP_IP: 
fbfmon+330f
fffff880`0203d30f ??              ???

SYMBOL_STACK_INDEX:  12

SYMBOL_NAME:  fbfmon+330f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fbfmon

IMAGE_NAME:  fbfmon.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4cecddf1

FAILURE_BUCKET_ID:  X64_0x7a_c00000b5_fbfmon+330f

BUCKET_ID:  X64_0x7a_c00000b5_fbfmon+330f

Followup: MachineOwner
---------

0: kd> lmvm fbfmon
start             end                 module name
fffff880`0203a000 fffff880`0204e000   fbfmon   T (no symbols)           
    Loaded symbol image file: fbfmon.sys
    Image path: fbfmon.sys
    Image name: fbfmon.sys
    Timestamp:        Wed Nov 24 15:42:09 2010 (4CECDDF1)
    CheckSum:         00019FE1
    ImageSize:        00014000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Run the System File Checker that scans the integrity of all protected Windows 7 system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible:

• SFC /SCANNOW Command - System File Checker

Then run Disk Check on your hard disk for file system errors and bad sectors on it:

• Disk Check

Free up your start up, keep nothing except the new antivirus:

• Startup Programs - Change

PS, these may interest you:

• Malwarebytes - The Free version
• Good and Free system security combination.

That's all for now
Keep us posted, good luck

First of all thank you for replying. I think this will be really useful. Just fyi, the BSODs started before I installed everything related to AVG. Before that I had McAfee installed, but I uninstalled it right away cause I read that it was known to cause BSOD. I take it I have to discard the possibility of AVG being the cause and attribute it to Lenovo stuff, right?

Update: today I tried to turn the PC on after shutting it down normally last night and couldn't start it, it automatically tried to fix the booting, and got stuck forever. Now I'm running chkdsk and if it starts I'll do everything you say and let you know.

Update #2: I ran chkdsk from command prompt and it says it has found errors, but I can't fix them from Windows cause it's the C: drive. When I restart the computer and run chkdsk before startup, it takes really long, tells me there are errors but it can't fix them, what should I do? Do I need to backup data and format?

Thanks

Are you able to load into safe mode?

Maybe these will help:

• Copy & Paste - in Windows Recovery Console
• Clean Install : Factory COA Activation Key
• Clean Up Factory Bloatware

Thanks for the update. You can observe for 4/5 days and then mark the thread as solved

Good luck :)

Upload the latest dumps so we can take a look.

Code:

STOP 0x0000007A: KERNEL_DATA_INPAGE_ERROR 
Usual causes:  Memory, Paging file corruption, File system, Hard drive, Cabling, Virus infection, Improperly seated cards, BIOS, Bad motherboard, Missing Service Pack
BugCheck 7A, {fffff6fc50037118, ffffffffc00000b5, 7414a820, fffff8a006e233ec}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36bea )

Please post a screen shot with crystal disk info:

1. CrystalDiskInfo - Software - Crystal Dew World
2. Screenshots and Files - Upload and Post in Seven Forums

Hard drive test both short and long with:

• SeaTools for Windows

Also the DOS version of:

• SeaTools for DOS