Windows 7 BSOD after installing Malicious Software Removal Tool update

[AskewDivergent]

Just finished a new build last week, all has been going well until this morning... Before heading off to work, Windows requested to install an update to the malicious software removal tool. As it was installing, I got the BSOD with the following file error:

PFN_LIST_CORRUPT

Rebooted in Safe Mode and searched this forum to find that the problem could be in my drivers, so I loaded up driver verifier and it reported that there was one unsigned driver: Virtual Clone Drive. I followed the instructions and rebooted, only to have another BSOD after BIOS loaded, with this file error:

isapnp.sys

It wouldn't load in Safe Mode, and only gave me the same error after a couple restart attempts.

I am unsure if this was caused by the MSRT, has anyone heard of this happening before?

I downloaded Captain Jack's SF Diagnostic Tool here at work and will attempt to load it up if I can get Windows to boot when I get home, then post the results in this thread.

My question is: What if I can't get Windows to load in any mode?

System Details:

Operating System: Windows 7 Home Premium x64
Computer Type: Antec 900 fresh build
Processor: AMD Phenom II X6 1055T 2.8GHz 125w
Motherboard: GIGABYTE GA-870A-UD3 AM3 AMD 870 ATX
Video Card: EVGA 512-P3-N871-AR GeForce 9800 GTX+
Memory: Kingston ValueRAM 8GB (4 x 2GB) 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10600)
Hard Drive: Western Digital Caviar Blue WD6400AAKS 640GB 7200 RPM SATA
Network Adapter: Realtek 8111D 10/100/1000Mbps
Anti-virus Software: Symantec End User Protection

 

[TorrentG]

Hey.

At system startup, tap f8 until you get the boot choice screen. Use the choice that says recent settings that worked.

Once booted to Windows, uninstall Virtual Clone Drive.

Reboot. Then do a Windows Update.

Let us know how it goes and/or post the crash dumps if you can.

 

[AskewDivergent]

Okay, Safe mode crashed again with this BSOD Fatal Error Code:

STOP c000021a

0x00000000 (0xc0000034 0x001003f0)

But Windows Recovery came up on restart and I was able to load this morning's Restore Point, uninstall Virtual Clone Drive, and run the crash dump diagnostics. Not sure if the problem is over, but I'd appreciate any expert opinion on the results as posted here:
View attachment Seven Forums.zip

Thanks in advance

 

[TorrentG]

You're getting memory corruption errors along with NTFS ones. What you need to do is to uninstall both Avast and Norton with the special tools found here, in safe mode:

AV Uninstallers - Windows 7 Forums

Then open an elevated command prompt. Type the following command then hit enter:

chkdsk /r

------

You can update your video card driver from here:

nvlddmkm nvlddmkm.sys Sun Sep 27 20:12:06 2009

Link Removed - Invalid URL

------

This driver is still on the system:

VClone   VClone.sys   Sun Aug 09 17:25:45 2009

Uninstall Virtual Clone Drive. If you already did, then go to C:\Windows\System32\drivers and delete VClone.sys

Reboot.

------------

Uninstall all motherboard utilities which only cause headaches, from Gigabyte. That's to get rid of this driver:

gdrv     gdrv.sys     Thu Mar 12 23:22:29 2009

-------------

It is highly recommended to never have two or more antivirus installed together, which causes problems. I recommend to install MSE after removing those because it never causes bsod under any circumstances and is very resource friendly.

 

[AskewDivergent]

I was able to boot in safe mode after a couple of attempts and hang ups in the boot phase (seems to be happening more often). I managed to uninstall Avast and use the removal tool. I also deleted the VClone.sys file from the \system32 folder, and ordered up a CHKDSK on the next reboot.

The problem is, when I went to uninstall Symantec, I got another BSOD giving me this error:

"SYSTEM_SERVICE_EXCEPTION"

Every attempt to bring the system back up (safe mode, last known good config, normal after running Startup Repair) proved fruitless. In fact, several times the system would not even go into POST after hitting the power button, just humming away with a blank screen.

*Not sure if this is related, but while it was doing that, I could hear all my fans running and every 5-8 seconds the video card fan would pulse twice at a higher RPM (this was accompanied by a corresponding flash from the HDD LED on the front panel).*

I powered down and disconnected AC cable, jumpered the Clear CMOS, and brought it back up. It actually started to run CHKDSK, but was unable to complete it before it rained down more hell. Each reboot gave me these errors in succession:

"File is possibly corrupt. File header checksum does not match computed checksum."

"Disk read error occured"

...and another "SYSTEM_SERVICE_EXCEPTION"

I'm beginning to wonder if I should RMA the motherboard, or if attempting this build was a mistake and I should've gone with a Dell or something...

 

[TorrentG]

This is what I'd do.

1) Install Windows 7 by booting to the DVD. When it asks you where to install to, use that screen to format the drive so it's clean. (I forget now as I haven't done this in a while. You may have to hit the advanced button.) Then continue with the install.

2) Once Windows is up, visit Gigabyte's website for your motherboard to download and install the newest bios. Once installed, boot to the bios and set its optimized default values. Reboot to Windows.

3) Visit Gigabyte's site again to download and install all the latest drivers. Do not install any utilities at all. Keep them off.

If you run into any problems or have crashes, please let us know and we'll see what we can do. Post the crash dumps using safe mode + networking if needed and if possible.

Good luck.

 

[AskewDivergent]

Thanks for your help, I'll be sure to keep you posted.

 

[AskewDivergent]

Do problems like these normally lead to reduced hardware performance? I've been crindging every time I've had to hard reset, but I do tend to be overprotective of new toys... Should I not be worried?

 

[pcs3657]

What Happened?
Windows tracks physical pages of memory using a table called the Page Frame Database. This database (which actually is just a big one-dimensional array) is indexed by physical page number. As a result, the page frame database is typically referred to as the Page Frame Number list or PFN.
Every page of physical memory has an associated PFN entry. Each PFN entry contains information about the state of its corresponding physical page in the system. This state includes information about whether the corresponding physical page is in use, how it’s being used, a count of active users of the page, and a count of pending I/O operations on the page.
Depending on the pages state, a PFN entry may be on one of several lists that the Memory Manager maintains. The listheads for these lists are simple global variables that are used for quick access to PFN entries of certain types. For example, one such list would be the list that contains all the modified pages that need to be written to disk.
Because all the PFN lists and entries are present in the high half of kernel virtual address space, they are subject to corruption through stray pointer accesses (such as by errant drivers or other similar kernel-mode modules). Also, the count in the PFN that tracks the number of I/O related accesses to a given physical page can be corrupted by improper MDL handling.
Whenever Windows detects that any of the PFN lists or any of the PFN entries themselves have become invalid, the system halts with a PFN_LIST_CORRUPT bugcheck.
Who Did It?
This bugcheck usually occurs for one of two reasons, the first reason being memory corruption. If there is a buggy driver in the system that is writing on memory that it does not own, it could easily corrupt one of the PFN lists or entries. In order to rule this out, you should run Driver Verifier with Special Pool enabled for suspect drivers in the system. This will hopefully allow you to catch the misbehaving driver in the act of scribbling memory, instead of receiving a crash sometime later when the O/S discovers the damage.
The second cause for this bugcheck is incorrect MDL handling. For example, one use of MDLs is to allow you to "lock" the physical memory that backs a virtual address range so that the memory stays resident while your driver is accessing it. This is achieved by using the MmProbeAndLockPages DDI. One of the things that this DDI does is take out a reference on the PFN entries of the underlying physical pages, ensuring that the Memory Manager does not page them out. The corresponding DDI to undo this operation, MmUnlockPages, is responsible for decrementing the reference counts taken out in the previous call. If a driver happens to call MmUnlockPages too many times on an MDL, the reference count on the underlying PFN entries could drop to below zero (to 0xFFFFFFFF). The system considers this to be a critical error, as one or more of the PFN entries is obviously invalid. Therefore, this bugcheck will occur.
If your driver or a driver in your stack is being blamed for a PFN_LIST_CORRUPT bugcheck, go over your code and make sure that you are properly handling your MDLs . Remember that even if you do not create or destroy any MDLs directly, you play a part in the creation and destruction of them if you handle IRPs whose buffers are described with DIRECT_IO. Driver Verifier and the checked build of Windows can help pinpoint IRP and MDL handling errors.
How Should I Fix It?
How this is fixed varies depending on the reason of the bugcheck. Using Driver Verifier and the checked build of the O/S should allow you to pinpoint the driver that is either corrupting memory or mishandling MDLs. If the offending driver is not a driver that you have any control over, the only available option is disabling the driver until a fixed version is available.
Related WinDBG Commands
· !memusage
· !pfn
Related O/S Structures
· nt!_MMPFN
· nt!_MMPFNENTRY
· nt!_MMPFNLIST
Related O/S Variables
· nt!MmBadPageListHead
· nt!MmStandbyPageListHead
· nt!MmModifiedNoWritePageListHead
· nt!MmModifiedPageListHead
· nt!MmFreePageListHead
· nt!MmZeroedPageListHead
· nt!MmRomPageListHead

If you dont want to go thru all this trouble you can simply check the hardware physically for loose corners dust and fix back and reinstall the OS or run a mem check using memcheck or memtest software and replace the faulty one before a reinstall

Regards,
Manjeet,
Bangalore

 

[TorrentG]

Do problems like these normally lead to reduced hardware performance? I've been crindging every time I've had to hard reset, but I do tend to be overprotective of new toys... Should I not be worried?

No, no worries at all. Bsod (blue screens) happen to prevent any sort of damage. It's their entire reason for existence. The hardware will never become affected by one or tons of bsods. In some cases, they happen because the hardware is defective. Even still in these cases, the bsods do no further damage.

Have you done a reinstall yet? Curious how it's going.

 

[AskewDivergent]

I couldn't get it to boot from the DVD. I even swapped out the hard drive for a fresh formatted one and used a new DVD drive after much frustration but there it made no difference in the performance. It would just freeze at one of these places no matter what I tried:

-Before POST
-During POST
-After POST and going into BIOS to set boot priority to CD, it would freeze after displaying the option to "boot from disc"

Before I swapped the HDD, it wouldn't even go into Safe Mode without freezeing.

I gave up and sent in an RMA request this morning, possibly looking at a different board. Any suggestions for manufacturer? GIGABYTE seemed to have good reviews but this experience scarred me permanently.

On another note, I have 4 x 2GB sticks of DDR3 1333 that I'd like to still use. If the memory standard of the new mobo is 1866, would my current sticks be compatible?

Thanks for all your help on this, TorrentG. Even though the system worked well for about 4 days (even ran HL2 for a couple runs), it seems that this was a hardware deficiency. I can't imagine how a couple of conflicting drivers would bring the whole dang thing to its knees...