HELP! COMPUTER CRASHES 3 MINUTES AFTER BOOTING UP! HJT included

[red6874]

Hi. I'm having serious issues with my laptop, that my 15 year old daughter has been using exclusively for the last several months. I have no idea what she has downloaded virus/spyware wise. When booting up the computer, it will stay up maybe 3 minutes max and then will crash with a blue screen. We've tried all kinds of scans, restores, etc, but nothing works at all. I'm including all requested scans as best I can. I'm using the infected laptop now, but on safemode w/networking, so some options may be limited, I guess. Any assistance is GREATLY appreciated. THANKS!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:13 AM, on 12/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Anna\Downloads\HijackThis(1).exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6782 bytes

 

[KSoD]

Okay first off, this doesnt mean that it is a virus just cause it crashes after a 15 year old uses it for a period of time. There could easily be a hardware conflict going on where a driver wasnt updated when it needs to be. Most viruses will not cause a system to crash, it would defeat the purpose of them being written in the first place. They are meant to infect the machine and to execute code. If the machine crashes and cant be used, then how would they do what they are designed to do? They couldnt do anything with the machine being in-operable.

So lets start from scratch and find out the cause of the crashes. What does the Blue Screen say when it shows up?

 

[red6874]

Thanks for responding! You are right, I was probably too rash in jumping to the conclusion that it was her fault. I'm thinking I do owe her an apology. I've been doing some more research the last couple of days, and after watching the blue screen time and time again, it's dumping physical memory.

I'm at work right now, so I can give you more info when I get home. What causes the memory dump?

 

[Slaymate]

Here's a pic showing you how to keep the computer from restarting when it BSOD, this will let you read the error message and error STOP*** codes.

Uncheck the box labeled - Automatically restart

 

[KSoD]

http://www.techist.com/forums/f127/decoding-stop-errors-193078/

http://www.techist.com/forums/f9/how-troubleshoot-specific-stop-errors-193301/

Read those 2 topics. It will give you a better idea of what I mean. Dumping the physical memory is only to prevent damage to the system. That is not the error itself.

 

[red6874]

Ok, I did as instructed with the auto restart so now I can see the message. I read over the articles, and they make some sense, but I'm still in unfamiliar territory lol. Looking at the blue screen now, here is the STOP codes: 0x0000007E (0xC0000005, 0x82AC4433, 0x8A927B4C, 0x8A927730). Does that help? What other info can I give you? Thanks so much for responding

After doing more research, I found a way to analyze the crash dumps. Hoping this gives more info...On Fri 12/16/2011 4:53:50 AM GMT your computer crashedcrash dump file: C:\Windows\Minidump\121511-49031-01.dmpThis was probably caused by the following module: aswmonflt.sys (aswMonFlt+0x320E8) Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF831AA487, 0xFFFFFFFFAA3E1558, 0x0)Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_Mfile path: C:\Windows\system32\drivers\aswmonflt.sysproduct: avast! Antivirus Systemcompany: AVAST Softwaredescription: avast! File System Minifilter for Windows 2003/VistaBug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmonflt.sys (avast! File System Minifilter for Windows 2003/Vista, AVAST Software). Google query: aswmonflt.sys AVAST Software KERNEL_MODE_EXCEPTION_NOT_HANDLED_MOn Fri 12/16/2011 3:57:24 AM GMT your computer crashedcrash dump file: C:\Windows\Minidump\121511-56051-01.dmpThis was probably caused by the following module: ntoskrnl.exe (nt+0xBB433) Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFFFFF82AC4433, 0xFFFFFFFF8A927B4C, 0xFFFFFFFF8A927730)Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_Mfile path: C:\Windows\system32\ntoskrnl.exeproduct: Microsoft® Windows® Operating Systemcompany: Microsoft Corporationdescription: NT Kernel & SystemBug check description: This indicates that a system thread generated an exception which the error handler did not catch.This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.On Thu 12/15/2011 1:10:06 PM GMT your computer crashedcrash dump file: C:\Windows\Minidump\121511-54709-01.dmpThis was probably caused by the following module: aswsnx.sys (aswSnx+0x2BA4) Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF831A2487, 0xFFFFFFFFB2F28764, 0x0)Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_Mfile path: C:\Windows\system32\drivers\aswsnx.sysproduct: avast! Antivirus Systemcompany: AVAST Softwaredescription: avast! Virtualization DriverBug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software). Google query: aswsnx.sys AVAST Software KERNEL_MODE_EXCEPTION_NOT_HANDLED_MOn Thu 12/15/2011 4:11:35 AM GMT your computer crashedcrash dump file: C:\Windows\memory.dmpThis was probably caused by the following module: hal.sys (hal!KfLowerIrql+0x61) Bugcheck code: 0x8E (0xFFFFFFFFC0000005, 0xFFFFFFFF831B3487, 0xFFFFFFFFB0BEB764, 0x0)Error: KERNEL_MODE_EXCEPTION_NOT_HANDLEDBug check description: This bug check indicates that a kernel-mode application generated an exception that the error handler did not catch.A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hal.sys . Google query: hal.sys KERNEL_MODE_EXCEPTION_NOT_HANDLED

Sorry, I made a complete mess trying to post those analysis. :/ Tried to fix them, but I'm not figuring out how delete one of them and space out the other. Hopefully you can make some kind of sense out of it. Thanks!

 

[KSoD]

It looks like this is caused by Avast.

 

[red6874]

I saw that, and also noticed one of the logs is saying there is a problem with Windows itself? What's my first step here? I've reposted it, hopefully cleaning it up some and separating the separate logs. (more for my benefit than yours, as I'm sure you can read it just fine lol).

On Fri 12/16/2011 4:53:50 AM GMT your computer crashedcrash dump file: C:\Windows\Minidump\121511-49031-01.dmpThis was probably caused by the following module: aswmonflt.sys (aswMonFlt+0x320E8) Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF831AA487, 0xFFFFFFFFAA3E1558, 0x0)Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_Mfile path: C:\Windows\system32\drivers\aswmonflt.sysproduct: avast! Antivirus Systemcompany: AVAST Softwaredescription: avast! File System Minifilter for Windows 2003/VistaBug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmonflt.sys (avast! File System Minifilter for Windows 2003/Vista, AVAST Software). Google query: aswmonflt.sys AVAST Software KERNEL_MODE_EXCEPTION_NOT_HANDLED_M

On Fri 12/16/2011 3:57:24 AM GMT your computer crashedcrash dump file: C:\Windows\Minidump\121511-56051-01.dmpThis was probably caused by the following module: ntoskrnl.exe (nt+0xBB433) Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFFFFF82AC4433, 0xFFFFFFFF8A927B4C, 0xFFFFFFFF8A927730)Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_Mfile path: C:\Windows\system32\ntoskrnl.exeproduct: Microsoft® Windows® Operating Systemcompany: Microsoft Corporationdescription: NT Kernel & SystemBug check description: This indicates that a system thread generated an exception which the error handler did not catch.This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

On Thu 12/15/2011 1:10:06 PM GMT your computer crashedcrash dump file: C:\Windows\Minidump\121511-54709-01.dmpThis was probably caused by the following module: aswsnx.sys (aswSnx+0x2BA4) Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF831A2487, 0xFFFFFFFFB2F28764, 0x0)Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_Mfile path: C:\Windows\system32\drivers\aswsnx.sysproduct: avast! Antivirus Systemcompany: AVAST Softwaredescription: avast! Virtualization DriverBug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software). Google query: aswsnx.sys AVAST Software KERNEL_MODE_EXCEPTION_NOT_HANDLED_M

On Thu 12/15/2011 4:11:35 AM GMT your computer crashedcrash dump file: C:\Windows\memory.dmpThis was probably caused by the following module: hal.sys (hal!KfLowerIrql+0x61) Bugcheck code: 0x8E (0xFFFFFFFFC0000005, 0xFFFFFFFF831B3487, 0xFFFFFFFFB0BEB764, 0x0)Error: KERNEL_MODE_EXCEPTION_NOT_HANDLEDBug check description: This bug check indicates that a kernel-mode application generated an exception that the error handler did not catch.A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hal.sys . Google query: hal.sys KERNEL_MODE_EXCEPTION_NOT_HANDLED

 

[KSoD]

All the errors stem from Avast. The first one is the Avast scanner itself. the second one is the Windows Kernel, but it crashed cause of Avast. The 3rd one is again Avast. The last one is the result of Avast.

Reboot into Safe Mode and remove Avast. Either download and install the newest version or find an alternative like Microsoft Security Essentials.

 

[red6874]

Thanks! I'll work on that tonight when I get home from work, and let you know how it goes. Again, I appreciate all your help!