BSoD Win 7 Pro not starting

[Trevor2]

Hi - thanks in advance for any help. Ran up a new installation BSoD says 'A driver has overrun a stack based buffer. This overrun . . . Technical info Stop0:0000000F7 (0X80996A1E,0X81845D33.0X7E7BA2Cc, 0X00000000) Fltmgr.sys address at 81845D33 base at 8183400, Datestamp 4a5bbf11. Seemingly 0000000F7 indicates a driver problem??

Gigabyte 790FXTA-UD5 BIOS F2, AMD Phenom 11 X4 965 (not overclocked), GSkill DDR3-1600 2 x 2GB, Seagate 7200's 1TB, XFX ATI HD5670 1GB, USB MS wireless mouse + keyboard. Installed updated drivers for XFX (10.6 series), also use Acronis True image home (build 7046), Nortons 360 ver 4

System halts at Win startup and can use repair disk to start the system. System does not fall over during the day, just will not start after being off all night?? Starts ok on shutdowns/restarts and after short off periods?? When running up the box had a few problems installing the latest version of Gigabyte's Easy Tunes 6 (still cannot get it to start), and Acronis TIH 2010 but none of these appeared major. A couple of times the keyboard has not functioned when entering BIOS but this is inconsistant at this stage.

Have run Win memtest - ok, XoftSpy - ok, ParetoLogic Drive Cure and it says all drives are up to date.

Attached files hopefully will help. Mini dump was from the other day (this file is well beyond my knowledge), I do not understand why there is no dump for todays failure to boot. Do the 'Did not load driver . ' lines in ntbtlog
Loaded driver \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
Loaded driver \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS'
and
'Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys'
indicate there is a poroblem with N360. And the line 'SYMEVENT' definately indicate is is N360)? What do the '??' indicate in ntbtlog? Also a couple of other drivers not loaded, are these a problem?

I am competent but not a IT pro - any assistance would be greatly appreciated?

Kind regards Trevor

 

[zigzag3143]

Hi - thanks in advance for any help. Ran up a new installation BSoD says 'A driver has overrun a stack based buffer. This overrun . . . Technical info Stop0:0000000F7 (0X80996A1E,0X81845D33.0X7E7BA2Cc, 0X00000000) Fltmgr.sys address at 81845D33 base at 8183400, Datestamp 4a5bbf11. Seemingly 0000000F7 indicates a driver problem??

Gigabyte 790FXTA-UD5 BIOS F2, AMD Phenom 11 X4 965 (not overclocked), GSkill DDR3-1600 2 x 2GB, Seagate 7200's 1TB, XFX ATI HD5670 1GB, USB MS wireless mouse + keyboard. Installed updated drivers for XFX (10.6 series), also use Acronis True image home (build 7046), Nortons 360 ver 4

System halts at Win startup and can use repair disk to start the system. System does not fall over during the day, just will not start after being off all night?? Starts ok on shutdowns/restarts and after short off periods?? When running up the box had a few problems installing the latest version of Gigabyte's Easy Tunes 6 (still cannot get it to start), and Acronis TIH 2010 but none of these appeared major. A couple of times the keyboard has not functioned when entering BIOS but this is inconsistant at this stage.

Have run Win memtest - ok, XoftSpy - ok, ParetoLogic Drive Cure and it says all drives are up to date.

Attached files hopefully will help. Mini dump was from the other day (this file is well beyond my knowledge), I do not understand why there is no dump for todays failure to boot. Do the 'Did not load driver . ' lines in ntbtlog
Loaded driver \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
Loaded driver \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS'
and
'Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys'
indicate there is a poroblem with N360. And the line 'SYMEVENT' definately indicate is is N360)? What do the '??' indicate in ntbtlog? Also a couple of other drivers not loaded, are these a problem?

I am competent but not a IT pro - any assistance would be greatly appreciated?

Kind regards Trevor

This one was caused by your sysmantec driver. I would un-install it completely and replace it with microsoft security essentials

Let us know if you need help


Ken

Built by: 7600.16539.x86fre.win7_gdr.100226-1909
Debug session time: Tue Jun 15 17:13:04.203 2010 (GMT-4)
System Uptime: 0 days 0:00:10.779
BugCheck A, {8c9fb108, 2, 1, 830afd36}
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+14517 )
BUGCHECK_STR:  0xA
PROCESS_NAME:  System

 

[Trevor2]

Followup question

Thanks Ken. How is this rated compared to N360? Does it do as good a job or better than N360? Can they run together? Or definately not needed together?

Kind regards Trevor

 

[Capt.Jack Sparrow]

Thanks Ken. How is this rated compared to N360? Does it do as good a job or better than N360? Can they run together? Or definately not needed together?

Kind regards Trevor

Trevor,

Well i won't recommend N360 and MSE on same computer it will hog your System down very badly. If we are comparing between them MSE doesn't have all the bells and whistles that N360 offers. But as a Antiviurs it does a great job with very less System resource. And it's free. You could install Malwarebytes and WinPatrol for added protection.

Make sure you run the Removal Tool after removing Norton from add or remove programs because it's famous the leaving files behind Download and run the Norton Removal Tool

Hope this helps,
Captain

 

[Trevor2]

BSoD Win 7 Pro not starting again/still

Thanks again. However problem persists. I uninstalled N360 then installed MSE. Then used Norton Removal software after noticing the forum advice to use this.

This morning - same problem flash of BSoD, then black screen of Windows Error recovery 'Your computer is unable to start' (keyboard will not allow up/down between the two options). Insert Win repair disk (keyboard/ mouse working now), I did not choose to restore, 'Startup repair is unable to repair this computer automatically - then chose 'finish', restart then it seems to start ok and I can log on.

Attached are the minidump folders and ntblog file (seems to show that the Nortons drivers are not now being installed. The minidump file does not seem to be updated (still dated 16 June, although I cannot read the contents), is the someting significant in the date not being updated to the more recent failure dates (every morining)??

It seems that Nortons is not the problem. Any insight would again be greatfully received.
Kind regards Trevor

 

[CarlTR6]

Hi Trevor. The latest dump points to symevent.sys as causing the crash. Symevent.sys is a driver for Symantec Event Library which belongs to the software SYMEVENT by Symantec Corporation (www.symantec.com). This file is a driver created by Symantec that is used to scan files for viruses. You can check this link for more information:

Geek Speak. > Windows Blue Screen Crash and Symantec Antivirus - SYMEVENT.SYS 0x0000007f

It appears that Norton is still biting you. You might try running the Norton Removal tool again. I have also read that this driver is part of PCAnywhere10. I have not been able to confirm this last statement. If you have PCAnywhere installed, uninstall it while you are troubleshooting. If you don't and the Norton Removal tool doesn't remove this, navigate to it and rename it from symevent.sys to symevent.bak. It should be located in c:\windows\system32\drivers. If you don't find it there, do a search for it in Windows Explorer.

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp1_Minidump.zip\Minidump\061610-20685-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*[URL="http://msdl.microsoft.com/download/symbols"]Symbol information[/URL]
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.x86fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0x8301c000 PsLoadedModuleList = 0x83164810
Debug session time: Tue Jun 15 17:13:04.203 2010 (GMT-4)
System Uptime: 0 days 0:00:10.779

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {8c9fb108, 2, 1, 830afd36}

*** WARNING: Unable to verify timestamp for [COLOR=Red]SYMEVENT.SYS[/COLOR]
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
[COLOR=Red]Probably caused by : SYMEVENT.SYS[/COLOR] ( SYMEVENT+14517 )

Followup: MachineOwner

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 8c9fb108, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 830afd36, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from 83184718
Unable to read MiSystemVaType memory at 83164160
 8c9fb108 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!MiUnlinkFreeOrZeroedPage+fa
830afd36 894c1004        mov     dword ptr [eax+edx+4],ecx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  8e38adc4 -- (.trap 0xffffffff8e38adc4)
ErrCode = 00000002
eax=085fb104 ebx=00000007 ecx=000c8ccf edx=84400000 esi=859fb1e4 edi=85abe10c
eip=830afd36 esp=8e38ae38 ebp=8e38ae5c iopl=0         nv up ei pl nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00210216
nt!MiUnlinkFreeOrZeroedPage+0xfa:
830afd36 894c1004        mov     dword ptr [eax+edx+4],ecx ds:0023:8c9fb108=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 830afd36 to 8306282b

STACK_TEXT:  
8e38adc4 830afd36 badb0d00 84400000 8e38ae24 nt!KiTrap0E+0x2cf
8e38ae5c 83098a6c 000c8f7f 859fb1e4 000c8f7f nt!MiUnlinkFreeOrZeroedPage+0xfa
8e38ae9c 8309947e 00000001 00000001 c047d978 nt!MiClaimPhysicalRun+0x14d
8e38af2c 831e1da2 00000000 000c8f7f 00000000 nt!MiFindContiguousPages+0x3d5
8e38af60 831e1642 a04aeefb 85b89798 00000000 nt!MiAllocateDriverPage+0x28
8e38affc 831dffd5 90b66f60 00000000 83182820 nt!MiLoadImageSection+0x217
8e38b068 831bf2c0 8e38b1f0 00000000 00000000 nt!MmLoadSystemImage+0x3be
8e38b25c 831bd499 00000001 00000000 8e38b284 nt!IopLoadDriver+0x386
8e38b2a4 831bd3e3 8e38b2c0 a04af21f c0000001 nt!IopLoadUnloadDriver+0x70
8e38b318 912c3517 8e38b448 874148b8 8e38b3a0 nt!NtLoadDriver+0x169
WARNING: Stack unwind information not available. Following frames may be wrong.
8e38b394 8305f44a 8e38b448 8e38b460 8305d5e1 SYMEVENT+0x14517
8e38b394 00000000 8e38b448 8e38b460 8305d5e1 nt!KiFastCallEntry+0x12a
8e38b404 8305d5e1 00000008 00200203 936e6ec8 0x0
8e38b408 00000000 00200203 936e6ec8 8e38b448 nt!ZwLoadDriver+0x11


STACK_COMMAND:  kb

FOLLOWUP_IP: 
SYMEVENT+14517
912c3517 ??              ???

SYMBOL_STACK_INDEX:  a

SYMBOL_NAME:  SYMEVENT+14517

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  [COLOR=Red]SYMEVENT.SYS[/COLOR]

DEBUG_FLR_IMAGE_TIMESTAMP:  4a849231

FAILURE_BUCKET_ID:  0xA_SYMEVENT+14517

BUCKET_ID:  0xA_SYMEVENT+14517

Followup: MachineOwner
---------

After you get this driver removed from your system, reboot and run your computer. Post back immediately if you get another BOSD. After a couple of days if you don't get another BODS, please post back and let us know. Analyzing these BSOD's is a trial and error thing.

 

[gregrocker]

Sometimes in cases like this the best solution is to clean reinstall to get past the insidious Norton infection, unless you have a restore point before you intalled it. There is always some residual level of corruption left after uninstalling Norton bloatware monster.

You can try the Norton removal tool but it doesn't always help.

 

[CarlTR6]

Greg, would Revo uninstaller help? I have not had Norton on my systems since the Win 98 days; so I am not versed it cleaning it out.

 

[gregrocker]

If he hasn't already uninstalled, then yes Revo in Advanced mode will get it out as best as can be done. It might even be worth reinstalling it if you didn't do this before, since Revo will vacuum up all the Registry keys and hidden folders.

Afterwards, run sfc/ scannow to see if the removal has damaged system files beyond repair, as often happens with Norton or Ofc trial removal - evidence that a clean reinstall is needed..

 

[CarlTR6]

Thanks, Greg. I did not know how well Revo does with the Norton monster. I certainly agree with running SFC following the removal.

 

[Trevor2]

BSOD Win 7 not starting again

Thanks for your assistance.

Nortons does still leave a lot of 'stuff' (that I could easily identify) even when using the Nortons Removal Tool -but nothing that looked like any drivers. May still have been stuff in the Registry. Didn't touch the registry but cleaned out what other stuff I saw.

Fridat night to Saturday morning. Same problem, decided to do a another clean install Saturday.

Saturday night to overnight 'cold' restart on Sunday morning. Installed Win7 Pro, MSE and all of Gigabyte's (from their disk) hardware drives and some utility drivers (ET6, DMI View, and Update Mgr, and Win's 23 inportant updates and 13 optional updates. Sunday morning very much the same problem except that the BSOD indicates a Stop:00000007E problem (no file name mentioned). Only problen is ET6 will not start again?

Tripple checked that the nemory (GSkill) was on the approved list and inserted in the correct slots - everything ok seemingly. New Seagate 1TB (unallocated) used to setup.

Sunday night to Monday morning's cold start. Installed Win7 Pro, MSE and 3 updates from MS, did not install any of Gigabytes hardware or software (drivers). Monday morning (today) very similar problem however I was unable to see what was on the BSOF as is flashed past too quickly. There was no Minidump directory or ntblog file (this may have been started from me enabling in previous installations).

This may still be a Win7 problem but is looking increasingly like a hardware problem. I did see an inconclusive post on a forum about the GSkill (F3-12800CL9D-4GBNQ) despite being on the approved list for the AMD MB (Gigabyte 790FXTA-UD5) it is targeted towards Intel CPU's and is a possible problem on an AMD board. Another suggested a problem between CPU (AMD Phenom II X4 965) and the GSkill that mainly resided with how AMD's CPU's handle a particular process and that it was not the memory that was at fault.

Strange that Win7 will start/restart straight away or withing a couple of hours but will not start if left overnight or for as yet uncertain longer time (never tested thoroughly to try to identify what is the time period for this)?

I had emailed (a couple of days ago) Gigabyte about ET6 not starting they said it was a issue with installation (online newer download over the original DVD version) and to reinstall. However as can be seen from today's failure to start, that was not the problem as no Gigabyte software was installed and the problem remains.

Darn! If more light can be shed I would be thankful?
Looks like I am over to the Gigabyte and hardware forums. Suggestions on which are the better boards to help from here would also be appreciated.

Kind regards Trevor