Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: BSOD while PC is idle, PC infected?

16 Oct 2012   #1

Windos 7 Home Basic Service Pack 1
BSOD while PC is idle, PC infected?

Hi, for a week I've been having problems with random BSOD.
This is what happens: when PC crashes and I run chkdsk, it delays at 7% and 8%, saying it can't read most of the entries. When it's finished reading all entries (~10%), it starts showing faulty parts. Then it says there's errors and it doesn't seem to fix it. Computer starts up again and chkdsk is run again automatically.

So there seems to be problems with my HD but I can't fix it and I can't resize the main partition in order to save data and format C:. What can I do?

I attach the SF DTool .zip and below I copy the BSOD error codes when Windows starts after crashing.

{I write this in English because it's in Spanish}
{Nombre del evento de problema:} Problem event name: BlueScreen
{Versión del sistema operativo:} OS version: 6.1.7601.

{Información adicional del problema:} Additional info:
BCCode: 7a
BCP1: FFFFF6FC0001A708
BCP3: 00000000537A7860
BCP4: FFFFF800034E1000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Thank you.

edit: forgot to tell you some info about my pc in case it's relevant (let me know if there's any more info you need). Here goes:

Lenovo G470
OS: Windows 7 Home Basic 64 bit
Version: 6.1.7601 SP 1
Processor Intel(R) Pentium(R) CPU B940 @ 2.00GHZ, 2000 Mhz

My System SpecsSystem Spec
16 Oct 2012   #2

Microsoft Community Contributor Award Recipient

Windows 10 Home 64Bit


Problematic software:

Start Menu\Programs\AVG	Public:Start Menu\Programs\AVG	Public
Start Menu\Programs\AVG Anti-Spyware 7.5	Public:Start Menu\Programs\AVG Anti-Spyware 7.5	Public
Start Menu\Programs\AVG PC TuneUp	Public:Start Menu\Programs\AVG PC TuneUp	Public
Start Menu\Programs\AVG PC TuneUp\Todas las funciones	Public:Start Menu\Programs\AVG PC TuneUp\Todas las funciones	Public
Please uninstall everything related to AVG, it’s known to cause BSoDs. Specially the tune-up stuff you’re having installed. They rather tune-down the PC. Get rid of all of that right away. Download and install Microsoft Security Essentials. It's free, light weight and does not trouble the Windows 7 system. Make a full scan once installed and updated. If you want to "optimize" your laptop/desktop, go through the tutorial listed below.
Start Menu\Programs\DAEMON Tools Lite	Public:Start Menu\Programs\DAEMON Tools Lite	Public
Daemon Tools is known to cause BSoDs. Search our forum and you’ll get loads of evidence.Coming to the actual reason of the BSoD, it was caused by some Lenovo junk installed on your computer. The so called “Lenovo EE Boot Optimizer driver”.

Uninstall those as well, using the advance mode of Revo Uninstaller Free
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck 7A, {fffff6fc500019d0, ffffffffc00000b5, 31bcc880, fffff8a00033a000}

Unable to load image fbfmon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for fbfmon.sys
*** ERROR: Module load completed but symbols could not be loaded for fbfmon.sys
Probably caused by : fbfmon.sys ( fbfmon+330f )

Followup: MachineOwner

0: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

The requested page of kernel data could not be read in.  Typically caused by
a bad block in the paging file or disk controller error. Also see
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arg1: fffff6fc500019d0, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc00000b5, error status (normally i/o status code)
Arg3: 0000000031bcc880, current process (virtual address for lock type 3, or PTE)
Arg4: fffff8a00033a000, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)

Debugging Details:

ERROR_CODE: (NTSTATUS) 0xc00000b5 - {Device Timeout}  The specified I/O operation on %hs was not completed before the time-out period expired.

BUGCHECK_STR:  0x7a_c00000b5



PROCESS_NAME:  wmpnetwk.exe


TRAP_FRAME:  fffff8800885c510 -- (.trap 0xfffff8800885c510)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=f8a00033a0000400 rbx=0000000000000000 rcx=ffffffffffffffff
rdx=0000000000000011 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800032f3020 rsp=fffff8800885c6a0 rbp=fffff8800885c700
 r8=0000000000000005  r9=fffffa8001244fd0 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
fffff800`032f3020 498b1c24        mov     rbx,qword ptr [r12] ds:0001:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000334c842 to fffff800032dcd00

fffff880`0885c6a0 fffff800`0329ec9a : fffff980`13800000 00000000`0000003f fffff8a0`00000005 fffff8a0`00040000 : nt!MmCheckCachedPageStates+0x3f0
fffff880`0885c850 fffff800`035cf7bd : fffffa80`058ed5a0 fffffa80`030d7e60 00000000`0000000e fffff8a0`01dc2ad0 : nt!CcMapDataForOverwrite+0x10a
fffff880`0885c8e0 fffff880`01b005e3 : fffffa80`058ed5a0 fffff800`00040000 00000048`00000000 00000000`00000000 : nt!CcPreparePinWrite+0x69
fffff880`0885c9a0 fffff880`01af2dd3 : 00000000`00000070 fffff8a0`00095590 00000000`000000a0 fffff8a0`000954f0 : Ntfs!LfsAllocateLbcb+0x12f
fffff880`0885ca10 fffff880`01aecf7f : 00000000`00000000 fffff880`0885cce0 00000000`00000070 00000000`00000000 : Ntfs!LfsPrepareLfcbForLogRecord+0x97
fffff880`0885ca40 fffff880`01af38b5 : fffff8a0`00000000 fffff8a0`00214d00 fffff880`0885d800 fffff880`00000001 : Ntfs!LfsWriteLogRecordIntoLogPage+0x43f
fffff880`0885cae0 fffff880`01aef676 : fffff8a0`09239a90 fffffa80`00000002 00000007`f967ffed fffff880`0885cd30 : Ntfs!LfsWrite+0x145
fffff880`0885cba0 fffff880`01af4b05 : fffff880`0885d650 fffffa80`059d5610 00000000`028f7358 fffff980`0581c000 : Ntfs!NtfsWriteLog+0x466
fffff880`0885cdf0 fffff880`01afb868 : fffff880`0885d650 fffff8a0`02c3ca01 00000002`3bcf7358 00000000`00000702 : Ntfs!NtOfsPutData+0x229
fffff880`0885cf20 fffff880`01afc163 : fffff880`0885d650 00000000`00000001 fffff880`0885d650 00000000`00000000 : Ntfs!NtfsWriteFcbUsnRecordToJournal+0xa8
fffff880`0885cfe0 fffff880`01ad9d72 : fffff880`0885d601 fffff8a0`0282b270 fffff8a0`0015e180 fffff8a0`09239a90 : Ntfs!NtfsWriteUsnJournalChanges+0x187
fffff880`0885d060 fffff880`01a48cc9 : 00000000`00000353 47696857`08042790 fffff880`0885d5b0 00000000`00006000 : Ntfs!NtfsCommonCleanup+0x1392
fffff880`0885d470 fffff800`032e9668 : fffff880`0885d5b0 fffff880`01a479bb fffff880`0885d6d8 fffffa80`08042790 : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`0885d4a0 fffff880`01a48d42 : fffff880`01a48cb0 fffff880`071b9a72 fffff880`0885d900 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xd8
fffff880`0885d580 fffff880`01ae7a04 : fffff880`0885d650 fffff880`0885d650 fffff880`0885d650 00000000`00000d60 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`0885d5f0 fffff880`01828bcf : fffff880`0885d650 fffffa80`03b379c0 fffffa80`03b37da8 fffffa80`036568e0 : Ntfs!NtfsFsdCleanup+0x144
fffff880`0885d860 fffff880`018276df : fffffa80`05937bf0 fffffa80`08042790 fffffa80`03b9c400 fffffa80`03b379c0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0885d8f0 fffff880`0203d30f : fffffa80`06636e00 fffff800`00000002 fffffa80`03b37df0 fffff880`0203d31b : fltmgr!FltpDispatch+0xcf
fffff880`0885d950 fffffa80`06636e00 : fffff800`00000002 fffffa80`03b37df0 fffff880`0203d31b fffffa80`058f9530 : fbfmon+0x330f
fffff880`0885d958 fffff800`00000002 : fffffa80`03b37df0 fffff880`0203d31b fffffa80`058f9530 fffff800`00000002 : 0xfffffa80`06636e00
fffff880`0885d960 fffffa80`03b37df0 : fffff880`0203d31b fffffa80`058f9530 fffff800`00000002 fffff880`0885d980 : 0xfffff800`00000002
fffff880`0885d968 fffff880`0203d31b : fffffa80`058f9530 fffff800`00000002 fffff880`0885d980 fffff880`0885d980 : 0xfffffa80`03b37df0
fffff880`0885d970 fffffa80`058f9530 : fffff800`00000002 fffff880`0885d980 fffff880`0885d980 fffff8a0`024b9301 : fbfmon+0x331b
fffff880`0885d978 fffff800`00000002 : fffff880`0885d980 fffff880`0885d980 fffff8a0`024b9301 fffffa80`06636e20 : 0xfffffa80`058f9530
fffff880`0885d980 fffff880`0885d980 : fffff880`0885d980 fffff8a0`024b9301 fffffa80`06636e20 fffffa80`06636e20 : 0xfffff800`00000002
fffff880`0885d988 fffff880`0885d980 : fffff8a0`024b9301 fffffa80`06636e20 fffffa80`06636e20 00000000`00000000 : 0xfffff880`0885d980
fffff880`0885d990 fffff8a0`024b9301 : fffffa80`06636e20 fffffa80`06636e20 00000000`00000000 fffffa80`08042790 : 0xfffff880`0885d980
fffff880`0885d998 fffffa80`06636e20 : fffffa80`06636e20 00000000`00000000 fffffa80`08042790 fffff880`0203b43c : 0xfffff8a0`024b9301
fffff880`0885d9a0 fffffa80`06636e20 : 00000000`00000000 fffffa80`08042790 fffff880`0203b43c fffffa80`03b379c0 : 0xfffffa80`06636e20
fffff880`0885d9a8 00000000`00000000 : fffffa80`08042790 fffff880`0203b43c fffffa80`03b379c0 fffffa80`0383fb30 : 0xfffffa80`06636e20

STACK_COMMAND:  .trap 0xfffff8800885c510 ; kb

fffff880`0203d30f ??              ???


SYMBOL_NAME:  fbfmon+330f

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  fbfmon.sys


FAILURE_BUCKET_ID:  X64_0x7a_c00000b5_fbfmon+330f

BUCKET_ID:  X64_0x7a_c00000b5_fbfmon+330f

Followup: MachineOwner

0: kd> lmvm fbfmon
start             end                 module name
fffff880`0203a000 fffff880`0204e000   fbfmon   T (no symbols)           
    Loaded symbol image file: fbfmon.sys
    Image path: fbfmon.sys
    Image name: fbfmon.sys
    Timestamp:        Wed Nov 24 15:42:09 2010 (4CECDDF1)
    CheckSum:         00019FE1
    ImageSize:        00014000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Run the System File Checker that scans the integrity of all protected Windows 7 system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible:
Then run Disk Check on your hard disk for file system errors and bad sectors on it:
Free up your start up, keep nothing except the new antivirus:
PS, these may interest you:

That's all for now
Keep us posted, good luck
My System SpecsSystem Spec
17 Oct 2012   #3

Windos 7 Home Basic Service Pack 1

First of all thank you for replying. I think this will be really useful. Just fyi, the BSODs started before I installed everything related to AVG. Before that I had McAfee installed, but I uninstalled it right away cause I read that it was known to cause BSOD. I take it I have to discard the possibility of AVG being the cause and attribute it to Lenovo stuff, right?

Update: today I tried to turn the PC on after shutting it down normally last night and couldn't start it, it automatically tried to fix the booting, and got stuck forever. Now I'm running chkdsk and if it starts I'll do everything you say and let you know.

Update #2: I ran chkdsk from command prompt and it says it has found errors, but I can't fix them from Windows cause it's the C: drive. When I restart the computer and run chkdsk before startup, it takes really long, tells me there are errors but it can't fix them, what should I do? Do I need to backup data and format?

My System SpecsSystem Spec

17 Oct 2012   #4

Microsoft Community Contributor Award Recipient

Windows 10 Home 64Bit

My System SpecsSystem Spec
18 Oct 2012   #5

Windos 7 Home Basic Service Pack 1

Hi, Koolkat. I think my problem got fixed, I don't know which of those things you said caused it but it's gone. I deleted everything AVG-related, deleted the EE boot optimizer and ran Malwarebytes AM, which found a couple of objects. Thanks for your help, I appreciate it.
My System SpecsSystem Spec
18 Oct 2012   #6

Microsoft Community Contributor Award Recipient

Windows 10 Home 64Bit

Thanks for the update. You can observe for 4/5 days and then mark the thread as solved

Good luck :)
My System SpecsSystem Spec
21 Oct 2012   #7

Windos 7 Home Basic Service Pack 1

Hi, it's me again.

Seems that the problem didn't get fixed after all. I uninstalled everything you said, successfully ran chkdsk, which told me that errors were fixed. I also scanned my PC with the antivirus and the antimalware, and deleted a couple of junk files, but I keep getting BSODs. I noticed that I have the famous System Idle Process running at all times, my computer is running really slow, that most of the BSODs appear when PC is trying to open Windows Exporer or using WMP (I have a huge library, 100+ GB).

I hope you can help me, thank you.
My System SpecsSystem Spec
21 Oct 2012   #8

Microsoft Community Contributor Award Recipient

Windows 10 Home 64Bit

Upload the latest dumps so we can take a look.
My System SpecsSystem Spec
21 Oct 2012   #9

Windos 7 Home Basic Service Pack 1

This is the only thing I have, hope it helps. I can run the SFD utility again and upload it if you need it.
My System SpecsSystem Spec
21 Oct 2012   #10

Microsoft Community Contributor Award Recipient

Windows 10 Home 64Bit

Usual causes:  Memory, Paging file corruption, File system, Hard drive, Cabling, Virus infection, Improperly seated cards, BIOS, Bad motherboard, Missing Service Pack
BugCheck 7A, {fffff6fc50037118, ffffffffc00000b5, 7414a820, fffff8a006e233ec}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36bea )
Please post a screen shot with crystal disk info:
  1. CrystalDiskInfo - Software - Crystal Dew World
  2. Screenshots and Files - Upload and Post in Seven Forums
Hard drive test both short and long with: Also the DOS version of:
My System SpecsSystem Spec

 BSOD while PC is idle, PC infected?

Thread Tools

Similar help and support threads
Thread Forum
BSOD after laptop sitting idle / Not sure how long of idle time
BSOD happens randomly, not all the time. Dump files attached
BSOD Help and Support
BSOD BugcheckCode 126 After being infected with VirTool.Obfuscator
Hello everyone from sevenforums, I am trying to find a solution for this BSOD has I have removed the VirTool.Obfuscator with MalwareBytes but I still have the problem. Before the infection I had never experienced blue screens on this PC. Best Regards
BSOD Help and Support
BSOD - Crashes while computer idle/not idle (Unpredictable)
Windows 7 Enterprise 64bit Clean installation to windows 7 from Windows XP professional Hardware 18 months old OS installed 2 weeks ago I am currently facing the lovely BSOD error. The computer was recently upgraded from windows XP to Windows 7 enterprise 64bit , this was a fresh...
BSOD Help and Support
Repeatedly being infected and getting BSOD - possibly related
Hello, first time poster but I will try to be as descriptive as I can with my problem. I'm having two issues with my work pc and I'm not sure if they are related to one another but after various tests I believe they are. First, I am repeatedly getting an F4 blue screen error on my Windows 7 x64...
BSOD Help and Support
Infected by Katuna, after much cleaning, still many CPU cyc. when idle
I got infected by the Katuna virus this past week. I have performed a half-dozen different varieties of cleaning using different softwares, and still have a high consumption of CPU when computer is idle. How do I resolve this, if somebody would be so kind as to help me, please? Thanks in...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:02.
Twitter Facebook Google+