BSoD Win 7 Pro not starting

Page 1 of 2 12 LastLast

  1. Posts : 4
    Win7 Pro
       #1

    BSoD Win 7 Pro not starting


    Hi - thanks in advance for any help. Ran up a new installation BSoD says 'A driver has overrun a stack based buffer. This overrun . . . Technical info Stop0:0000000F7 (0X80996A1E,0X81845D33.0X7E7BA2Cc, 0X00000000) Fltmgr.sys address at 81845D33 base at 8183400, Datestamp 4a5bbf11. Seemingly 0000000F7 indicates a driver problem??

    Gigabyte 790FXTA-UD5 BIOS F2, AMD Phenom 11 X4 965 (not overclocked), GSkill DDR3-1600 2 x 2GB, Seagate 7200's 1TB, XFX ATI HD5670 1GB, USB MS wireless mouse + keyboard. Installed updated drivers for XFX (10.6 series), also use Acronis True image home (build 7046), Nortons 360 ver 4

    System halts at Win startup and can use repair disk to start the system. System does not fall over during the day, just will not start after being off all night?? Starts ok on shutdowns/restarts and after short off periods?? When running up the box had a few problems installing the latest version of Gigabyte's Easy Tunes 6 (still cannot get it to start), and Acronis TIH 2010 but none of these appeared major. A couple of times the keyboard has not functioned when entering BIOS but this is inconsistant at this stage.

    Have run Win memtest - ok, XoftSpy - ok, ParetoLogic Drive Cure and it says all drives are up to date.

    Attached files hopefully will help. Mini dump was from the other day (this file is well beyond my knowledge), I do not understand why there is no dump for todays failure to boot. Do the 'Did not load driver . ' lines in ntbtlog
    Loaded driver \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    Loaded driver \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS'
    and
    'Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys'
    indicate there is a poroblem with N360. And the line 'SYMEVENT' definately indicate is is N360)? What do the '??' indicate in ntbtlog? Also a couple of other drivers not loaded, are these a problem?

    I am competent but not a IT pro - any assistance would be greatly appreciated?

    Kind regards Trevor
    BSoD Win 7 Pro not starting Attached Files
      My Computer


  2. Posts : 28,845
    Win 8 Release candidate 8400
       #2

    Trevor2 said:
    Hi - thanks in advance for any help. Ran up a new installation BSoD says 'A driver has overrun a stack based buffer. This overrun . . . Technical info Stop0:0000000F7 (0X80996A1E,0X81845D33.0X7E7BA2Cc, 0X00000000) Fltmgr.sys address at 81845D33 base at 8183400, Datestamp 4a5bbf11. Seemingly 0000000F7 indicates a driver problem??

    Gigabyte 790FXTA-UD5 BIOS F2, AMD Phenom 11 X4 965 (not overclocked), GSkill DDR3-1600 2 x 2GB, Seagate 7200's 1TB, XFX ATI HD5670 1GB, USB MS wireless mouse + keyboard. Installed updated drivers for XFX (10.6 series), also use Acronis True image home (build 7046), Nortons 360 ver 4

    System halts at Win startup and can use repair disk to start the system. System does not fall over during the day, just will not start after being off all night?? Starts ok on shutdowns/restarts and after short off periods?? When running up the box had a few problems installing the latest version of Gigabyte's Easy Tunes 6 (still cannot get it to start), and Acronis TIH 2010 but none of these appeared major. A couple of times the keyboard has not functioned when entering BIOS but this is inconsistant at this stage.

    Have run Win memtest - ok, XoftSpy - ok, ParetoLogic Drive Cure and it says all drives are up to date.

    Attached files hopefully will help. Mini dump was from the other day (this file is well beyond my knowledge), I do not understand why there is no dump for todays failure to boot. Do the 'Did not load driver . ' lines in ntbtlog
    Loaded driver \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    Loaded driver \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS'
    and
    'Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys'
    indicate there is a poroblem with N360. And the line 'SYMEVENT' definately indicate is is N360)? What do the '??' indicate in ntbtlog? Also a couple of other drivers not loaded, are these a problem?

    I am competent but not a IT pro - any assistance would be greatly appreciated?

    Kind regards Trevor

    This one was caused by your sysmantec driver. I would un-install it completely and replace it with microsoft security essentials

    Let us know if you need help


    Ken

    Code:
    Built by: 7600.16539.x86fre.win7_gdr.100226-1909
    Debug session time: Tue Jun 15 17:13:04.203 2010 (GMT-4)
    System Uptime: 0 days 0:00:10.779
    BugCheck A, {8c9fb108, 2, 1, 830afd36}
    *** WARNING: Unable to verify timestamp for SYMEVENT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
    Probably caused by : SYMEVENT.SYS ( SYMEVENT+14517 )
    BUGCHECK_STR:  0xA
    PROCESS_NAME:  System
      My Computer


  3. Posts : 4
    Win7 Pro
    Thread Starter
       #3

    Followup question


    Thanks Ken. How is this rated compared to N360? Does it do as good a job or better than N360? Can they run together? Or definately not needed together?

    Kind regards Trevor
      My Computer


  4. Posts : 4,772
    Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
       #4

    Trevor2 said:
    Thanks Ken. How is this rated compared to N360? Does it do as good a job or better than N360? Can they run together? Or definately not needed together?

    Kind regards Trevor
    Trevor,

    Well i won't recommend N360 and MSE on same computer it will hog your System down very badly. If we are comparing between them MSE doesn't have all the bells and whistles that N360 offers. But as a Antiviurs it does a great job with very less System resource. And it's free. You could install Malwarebytes and WinPatrol for added protection.

    Make sure you run the Removal Tool after removing Norton from add or remove programs because it's famous the leaving files behind Download and run the Norton Removal Tool

    Hope this helps,
    Captain
      My Computer


  5. Posts : 4
    Win7 Pro
    Thread Starter
       #5

    BSoD Win 7 Pro not starting again/still


    Thanks again. However problem persists. I uninstalled N360 then installed MSE. Then used Norton Removal software after noticing the forum advice to use this.

    This morning - same problem flash of BSoD, then black screen of Windows Error recovery 'Your computer is unable to start' (keyboard will not allow up/down between the two options). Insert Win repair disk (keyboard/ mouse working now), I did not choose to restore, 'Startup repair is unable to repair this computer automatically - then chose 'finish', restart then it seems to start ok and I can log on.

    Attached are the minidump folders and ntblog file (seems to show that the Nortons drivers are not now being installed. The minidump file does not seem to be updated (still dated 16 June, although I cannot read the contents), is the someting significant in the date not being updated to the more recent failure dates (every morining)??

    It seems that Nortons is not the problem. Any insight would again be greatfully received.
    Kind regards Trevor
    BSoD Win 7 Pro not starting Attached Files
      My Computer


  6. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #6

    Hi Trevor. The latest dump points to symevent.sys as causing the crash. Symevent.sys is a driver for Symantec Event Library which belongs to the software SYMEVENT by Symantec Corporation (www.symantec.com). This file is a driver created by Symantec that is used to scan files for viruses. You can check this link for more information:

    Geek Speak. > Windows Blue Screen Crash and Symantec Antivirus - SYMEVENT.SYS 0x0000007f

    It appears that Norton is still biting you. You might try running the Norton Removal tool again. I have also read that this driver is part of PCAnywhere10. I have not been able to confirm this last statement. If you have PCAnywhere installed, uninstall it while you are troubleshooting. If you don't and the Norton Removal tool doesn't remove this, navigate to it and rename it from symevent.sys to symevent.bak. It should be located in c:\windows\system32\drivers. If you don't find it there, do a search for it in Windows Explorer.

    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp1_Minidump.zip\Minidump\061610-20685-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\symbols*Symbol information
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16539.x86fre.win7_gdr.100226-1909
    Machine Name:
    Kernel base = 0x8301c000 PsLoadedModuleList = 0x83164810
    Debug session time: Tue Jun 15 17:13:04.203 2010 (GMT-4)
    System Uptime: 0 days 0:00:10.779
    
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck A, {8c9fb108, 2, 1, 830afd36}
    
    *** WARNING: Unable to verify timestamp for SYMEVENT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
    Probably caused by : SYMEVENT.SYS ( SYMEVENT+14517 )
    
    Followup: MachineOwner
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 8c9fb108, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: 830afd36, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from 83184718
    Unable to read MiSystemVaType memory at 83164160
     8c9fb108 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    nt!MiUnlinkFreeOrZeroedPage+fa
    830afd36 894c1004        mov     dword ptr [eax+edx+4],ecx
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xA
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  8e38adc4 -- (.trap 0xffffffff8e38adc4)
    ErrCode = 00000002
    eax=085fb104 ebx=00000007 ecx=000c8ccf edx=84400000 esi=859fb1e4 edi=85abe10c
    eip=830afd36 esp=8e38ae38 ebp=8e38ae5c iopl=0         nv up ei pl nz ac pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00210216
    nt!MiUnlinkFreeOrZeroedPage+0xfa:
    830afd36 894c1004        mov     dword ptr [eax+edx+4],ecx ds:0023:8c9fb108=????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from 830afd36 to 8306282b
    
    STACK_TEXT:  
    8e38adc4 830afd36 badb0d00 84400000 8e38ae24 nt!KiTrap0E+0x2cf
    8e38ae5c 83098a6c 000c8f7f 859fb1e4 000c8f7f nt!MiUnlinkFreeOrZeroedPage+0xfa
    8e38ae9c 8309947e 00000001 00000001 c047d978 nt!MiClaimPhysicalRun+0x14d
    8e38af2c 831e1da2 00000000 000c8f7f 00000000 nt!MiFindContiguousPages+0x3d5
    8e38af60 831e1642 a04aeefb 85b89798 00000000 nt!MiAllocateDriverPage+0x28
    8e38affc 831dffd5 90b66f60 00000000 83182820 nt!MiLoadImageSection+0x217
    8e38b068 831bf2c0 8e38b1f0 00000000 00000000 nt!MmLoadSystemImage+0x3be
    8e38b25c 831bd499 00000001 00000000 8e38b284 nt!IopLoadDriver+0x386
    8e38b2a4 831bd3e3 8e38b2c0 a04af21f c0000001 nt!IopLoadUnloadDriver+0x70
    8e38b318 912c3517 8e38b448 874148b8 8e38b3a0 nt!NtLoadDriver+0x169
    WARNING: Stack unwind information not available. Following frames may be wrong.
    8e38b394 8305f44a 8e38b448 8e38b460 8305d5e1 SYMEVENT+0x14517
    8e38b394 00000000 8e38b448 8e38b460 8305d5e1 nt!KiFastCallEntry+0x12a
    8e38b404 8305d5e1 00000008 00200203 936e6ec8 0x0
    8e38b408 00000000 00200203 936e6ec8 8e38b448 nt!ZwLoadDriver+0x11
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    SYMEVENT+14517
    912c3517 ??              ???
    
    SYMBOL_STACK_INDEX:  a
    
    SYMBOL_NAME:  SYMEVENT+14517
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: SYMEVENT
    
    IMAGE_NAME:  SYMEVENT.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a849231
    
    FAILURE_BUCKET_ID:  0xA_SYMEVENT+14517
    
    BUCKET_ID:  0xA_SYMEVENT+14517
    
    Followup: MachineOwner
    ---------
    After you get this driver removed from your system, reboot and run your computer. Post back immediately if you get another BOSD. After a couple of days if you don't get another BODS, please post back and let us know. Analyzing these BSOD's is a trial and error thing.
      My Computer

  7.    #7

    Sometimes in cases like this the best solution is to clean reinstall to get past the insidious Norton infection, unless you have a restore point before you intalled it. There is always some residual level of corruption left after uninstalling Norton bloatware monster.

    You can try the Norton removal tool but it doesn't always help.
      My Computer


  8. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #8

    Greg, would Revo uninstaller help? I have not had Norton on my systems since the Win 98 days; so I am not versed it cleaning it out.
      My Computer

  9.    #9

    If he hasn't already uninstalled, then yes Revo in Advanced mode will get it out as best as can be done. It might even be worth reinstalling it if you didn't do this before, since Revo will vacuum up all the Registry keys and hidden folders.

    Afterwards, run sfc/ scannow to see if the removal has damaged system files beyond repair, as often happens with Norton or Ofc trial removal - evidence that a clean reinstall is needed..
      My Computer


  10. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #10

    Thanks, Greg. I did not know how well Revo does with the Norton monster. I certainly agree with running SFC following the removal.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:44.
Find Us