Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: BSoD Win 7 Pro not starting

23 Jun 2010   #1

Win7 Pro
 
 
BSoD Win 7 Pro not starting

Hi - thanks in advance for any help. Ran up a new installation BSoD says 'A driver has overrun a stack based buffer. This overrun . . . Technical info Stop0:0000000F7 (0X80996A1E,0X81845D33.0X7E7BA2Cc, 0X00000000) Fltmgr.sys address at 81845D33 base at 8183400, Datestamp 4a5bbf11. Seemingly 0000000F7 indicates a driver problem??

Gigabyte 790FXTA-UD5 BIOS F2, AMD Phenom 11 X4 965 (not overclocked), GSkill DDR3-1600 2 x 2GB, Seagate 7200's 1TB, XFX ATI HD5670 1GB, USB MS wireless mouse + keyboard. Installed updated drivers for XFX (10.6 series), also use Acronis True image home (build 7046), Nortons 360 ver 4

System halts at Win startup and can use repair disk to start the system. System does not fall over during the day, just will not start after being off all night?? Starts ok on shutdowns/restarts and after short off periods?? When running up the box had a few problems installing the latest version of Gigabyte's Easy Tunes 6 (still cannot get it to start), and Acronis TIH 2010 but none of these appeared major. A couple of times the keyboard has not functioned when entering BIOS but this is inconsistant at this stage.

Have run Win memtest - ok, XoftSpy - ok, ParetoLogic Drive Cure and it says all drives are up to date.

Attached files hopefully will help. Mini dump was from the other day (this file is well beyond my knowledge), I do not understand why there is no dump for todays failure to boot. Do the 'Did not load driver . ' lines in ntbtlog
Loaded driver \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
Loaded driver \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS'
and
'Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys'
indicate there is a poroblem with N360. And the line 'SYMEVENT' definately indicate is is N360)? What do the '??' indicate in ntbtlog? Also a couple of other drivers not loaded, are these a problem?

I am competent but not a IT pro - any assistance would be greatly appreciated?

Kind regards Trevor



Attached Files
File Type: zip ntbtlog.zip (3.7 KB, 5 views)
My System SpecsSystem Spec
.

23 Jun 2010   #2

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by Trevor2 View Post
Hi - thanks in advance for any help. Ran up a new installation BSoD says 'A driver has overrun a stack based buffer. This overrun . . . Technical info Stop0:0000000F7 (0X80996A1E,0X81845D33.0X7E7BA2Cc, 0X00000000) Fltmgr.sys address at 81845D33 base at 8183400, Datestamp 4a5bbf11. Seemingly 0000000F7 indicates a driver problem??

Gigabyte 790FXTA-UD5 BIOS F2, AMD Phenom 11 X4 965 (not overclocked), GSkill DDR3-1600 2 x 2GB, Seagate 7200's 1TB, XFX ATI HD5670 1GB, USB MS wireless mouse + keyboard. Installed updated drivers for XFX (10.6 series), also use Acronis True image home (build 7046), Nortons 360 ver 4

System halts at Win startup and can use repair disk to start the system. System does not fall over during the day, just will not start after being off all night?? Starts ok on shutdowns/restarts and after short off periods?? When running up the box had a few problems installing the latest version of Gigabyte's Easy Tunes 6 (still cannot get it to start), and Acronis TIH 2010 but none of these appeared major. A couple of times the keyboard has not functioned when entering BIOS but this is inconsistant at this stage.

Have run Win memtest - ok, XoftSpy - ok, ParetoLogic Drive Cure and it says all drives are up to date.

Attached files hopefully will help. Mini dump was from the other day (this file is well beyond my knowledge), I do not understand why there is no dump for todays failure to boot. Do the 'Did not load driver . ' lines in ntbtlog
Loaded driver \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
Loaded driver \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS'
and
'Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys'
indicate there is a poroblem with N360. And the line 'SYMEVENT' definately indicate is is N360)? What do the '??' indicate in ntbtlog? Also a couple of other drivers not loaded, are these a problem?

I am competent but not a IT pro - any assistance would be greatly appreciated?

Kind regards Trevor

This one was caused by your sysmantec driver. I would un-install it completely and replace it with microsoft security essentials

Let us know if you need help


Ken

Code:
Built by: 7600.16539.x86fre.win7_gdr.100226-1909
Debug session time: Tue Jun 15 17:13:04.203 2010 (GMT-4)
System Uptime: 0 days 0:00:10.779
BugCheck A, {8c9fb108, 2, 1, 830afd36}
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+14517 )
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
My System SpecsSystem Spec
23 Jun 2010   #3

Win7 Pro
 
 
Followup question

Thanks Ken. How is this rated compared to N360? Does it do as good a job or better than N360? Can they run together? Or definately not needed together?

Kind regards Trevor
My System SpecsSystem Spec
.


23 Jun 2010   #4
Microsoft MVP

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Quote   Quote: Originally Posted by Trevor2 View Post
Thanks Ken. How is this rated compared to N360? Does it do as good a job or better than N360? Can they run together? Or definately not needed together?

Kind regards Trevor
Trevor,

Well i won't recommend N360 and MSE on same computer it will hog your System down very badly. If we are comparing between them MSE doesn't have all the bells and whistles that N360 offers. But as a Antiviurs it does a great job with very less System resource. And it's free. You could install Malwarebytes and WinPatrol for added protection.

Make sure you run the Removal Tool after removing Norton from add or remove programs because it's famous the leaving files behind Download and run the Norton Removal Tool

Hope this helps,
Captain
My System SpecsSystem Spec
24 Jun 2010   #5

Win7 Pro
 
 
BSoD Win 7 Pro not starting again/still

Thanks again. However problem persists. I uninstalled N360 then installed MSE. Then used Norton Removal software after noticing the forum advice to use this.

This morning - same problem flash of BSoD, then black screen of Windows Error recovery 'Your computer is unable to start' (keyboard will not allow up/down between the two options). Insert Win repair disk (keyboard/ mouse working now), I did not choose to restore, 'Startup repair is unable to repair this computer automatically - then chose 'finish', restart then it seems to start ok and I can log on.

Attached are the minidump folders and ntblog file (seems to show that the Nortons drivers are not now being installed. The minidump file does not seem to be updated (still dated 16 June, although I cannot read the contents), is the someting significant in the date not being updated to the more recent failure dates (every morining)??

It seems that Nortons is not the problem. Any insight would again be greatfully received.
Kind regards Trevor


Attached Files
File Type: zip ntbtlog.zip (5.0 KB, 5 views)
My System SpecsSystem Spec
24 Jun 2010   #6

Windows 7 Ultimate 32 bit
 
 

Hi Trevor. The latest dump points to symevent.sys as causing the crash. Symevent.sys is a driver for Symantec Event Library which belongs to the software SYMEVENT by Symantec Corporation (www.symantec.com). This file is a driver created by Symantec that is used to scan files for viruses. You can check this link for more information:

Geek Speak. > Windows Blue Screen Crash and Symantec Antivirus - SYMEVENT.SYS 0x0000007f

It appears that Norton is still biting you. You might try running the Norton Removal tool again. I have also read that this driver is part of PCAnywhere10. I have not been able to confirm this last statement. If you have PCAnywhere installed, uninstall it while you are troubleshooting. If you don't and the Norton Removal tool doesn't remove this, navigate to it and rename it from symevent.sys to symevent.bak. It should be located in c:\windows\system32\drivers. If you don't find it there, do a search for it in Windows Explorer.

Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp1_Minidump.zip\Minidump\061610-20685-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.x86fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0x8301c000 PsLoadedModuleList = 0x83164810
Debug session time: Tue Jun 15 17:13:04.203 2010 (GMT-4)
System Uptime: 0 days 0:00:10.779

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {8c9fb108, 2, 1, 830afd36}

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+14517 )

Followup: MachineOwner

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 8c9fb108, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 830afd36, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from 83184718
Unable to read MiSystemVaType memory at 83164160
 8c9fb108 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!MiUnlinkFreeOrZeroedPage+fa
830afd36 894c1004        mov     dword ptr [eax+edx+4],ecx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  8e38adc4 -- (.trap 0xffffffff8e38adc4)
ErrCode = 00000002
eax=085fb104 ebx=00000007 ecx=000c8ccf edx=84400000 esi=859fb1e4 edi=85abe10c
eip=830afd36 esp=8e38ae38 ebp=8e38ae5c iopl=0         nv up ei pl nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00210216
nt!MiUnlinkFreeOrZeroedPage+0xfa:
830afd36 894c1004        mov     dword ptr [eax+edx+4],ecx ds:0023:8c9fb108=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 830afd36 to 8306282b

STACK_TEXT:  
8e38adc4 830afd36 badb0d00 84400000 8e38ae24 nt!KiTrap0E+0x2cf
8e38ae5c 83098a6c 000c8f7f 859fb1e4 000c8f7f nt!MiUnlinkFreeOrZeroedPage+0xfa
8e38ae9c 8309947e 00000001 00000001 c047d978 nt!MiClaimPhysicalRun+0x14d
8e38af2c 831e1da2 00000000 000c8f7f 00000000 nt!MiFindContiguousPages+0x3d5
8e38af60 831e1642 a04aeefb 85b89798 00000000 nt!MiAllocateDriverPage+0x28
8e38affc 831dffd5 90b66f60 00000000 83182820 nt!MiLoadImageSection+0x217
8e38b068 831bf2c0 8e38b1f0 00000000 00000000 nt!MmLoadSystemImage+0x3be
8e38b25c 831bd499 00000001 00000000 8e38b284 nt!IopLoadDriver+0x386
8e38b2a4 831bd3e3 8e38b2c0 a04af21f c0000001 nt!IopLoadUnloadDriver+0x70
8e38b318 912c3517 8e38b448 874148b8 8e38b3a0 nt!NtLoadDriver+0x169
WARNING: Stack unwind information not available. Following frames may be wrong.
8e38b394 8305f44a 8e38b448 8e38b460 8305d5e1 SYMEVENT+0x14517
8e38b394 00000000 8e38b448 8e38b460 8305d5e1 nt!KiFastCallEntry+0x12a
8e38b404 8305d5e1 00000008 00200203 936e6ec8 0x0
8e38b408 00000000 00200203 936e6ec8 8e38b448 nt!ZwLoadDriver+0x11


STACK_COMMAND:  kb

FOLLOWUP_IP: 
SYMEVENT+14517
912c3517 ??              ???

SYMBOL_STACK_INDEX:  a

SYMBOL_NAME:  SYMEVENT+14517

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a849231

FAILURE_BUCKET_ID:  0xA_SYMEVENT+14517

BUCKET_ID:  0xA_SYMEVENT+14517

Followup: MachineOwner
---------
After you get this driver removed from your system, reboot and run your computer. Post back immediately if you get another BOSD. After a couple of days if you don't get another BODS, please post back and let us know. Analyzing these BSOD's is a trial and error thing.
My System SpecsSystem Spec
24 Jun 2010   #7
Microsoft MVP

 

Sometimes in cases like this the best solution is to clean reinstall to get past the insidious Norton infection, unless you have a restore point before you intalled it. There is always some residual level of corruption left after uninstalling Norton bloatware monster.

You can try the Norton removal tool but it doesn't always help.
My System SpecsSystem Spec
24 Jun 2010   #8

Windows 7 Ultimate 32 bit
 
 

Greg, would Revo uninstaller help? I have not had Norton on my systems since the Win 98 days; so I am not versed it cleaning it out.
My System SpecsSystem Spec
25 Jun 2010   #9
Microsoft MVP

 

If he hasn't already uninstalled, then yes Revo in Advanced mode will get it out as best as can be done. It might even be worth reinstalling it if you didn't do this before, since Revo will vacuum up all the Registry keys and hidden folders.

Afterwards, run sfc/ scannow to see if the removal has damaged system files beyond repair, as often happens with Norton or Ofc trial removal - evidence that a clean reinstall is needed..
My System SpecsSystem Spec
25 Jun 2010   #10

Windows 7 Ultimate 32 bit
 
 

Thanks, Greg. I did not know how well Revo does with the Norton monster. I certainly agree with running SFC following the removal.
My System SpecsSystem Spec
Reply

 BSoD Win 7 Pro not starting





Thread Tools



Similar help and support threads for2: BSoD Win 7 Pro not starting
Thread Forum
Solved BSOD 5 mins after starting PC. BSOD Help and Support
Solved BSOD After Starting up Game BSOD Help and Support
Solved BSOD starting to act up again.. BSOD Help and Support
BSOD Starting Windows Virtual PC Machines (any machine, always bsod) BSOD Help and Support
BSOD HELP! (Sorry for starting another) BSOD Help and Support
BSOD when starting COD MW2 BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:19 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33