Share via

I have random BSOD at Windows start up

Anonymous
2013-08-29T02:18:00+00:00

Hello,

I have been having trouble with windows 7 x64 starting, it does not happen all the time but it will happen maybe every other day, then not happen for a week very intermittent I'd say, when I power up my system, right after the UEFI bios loads, before windows gets a chance load I get a BSOD, I have collected a bunch of crash dump files and it seems to be the same issue with a file related to swmsflt.sys not sure what it means, I googled it and found that it seems to be maybe a driver or something corrupted but not sure, was wondering if there is software bug fix for this or something.

I have not made new hardware additions to my system so I don't think something like that is the problem, I have added 2 external USB HDD attached 24/7 but would that have issues they work fine.

I have made a system restore point with a utility to basically put my system back to just the raw os and sp1 but thought I would see if this is fixable before I took that step.

Here is the latest dump file analysis.

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\082813-32448-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 7601.18205.amd64fre.win7sp1_gdr.130708-1532

Machine Name:

Kernel base = 0xfffff80003254000 PsLoadedModuleList = 0xfffff800034976d0

Debug session time: Wed Aug 28 10:31:31.123 2013 (UTC - 4:00)

System Uptime: 0 days 0:00:22.386

Loading Kernel Symbols

...............................................................

................................................................

..........

Loading User Symbols

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, fffff800035365a4, fffff880050b14f8, fffff880050b0d50}

Unable to load image swmsflt.sys, Win32 error 0n2

*** WARNING: Unable to verify timestamp for swmsflt.sys

*** ERROR: Module load completed but symbols could not be loaded for swmsflt.sys

Probably caused by : swmsflt.sys ( swmsflt+153e )

Followup: MachineOwner

1: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

This is a very common bugcheck.  Usually the exception address pinpoints

the driver/function that caused the problem.  Always note this address

as well as the link date of the driver/image that contains this address.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff800035365a4, The address that the exception occurred at

Arg3: fffff880050b14f8, Exception Record Address

Arg4: fffff880050b0d50, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:

nt!IoDeleteAllDependencyRelations+20

fffff800`035365a4 488b9d38010000  mov     rbx,qword ptr [rbp+138h]

EXCEPTION_RECORD:  fffff880050b14f8 -- (.exr 0xfffff880050b14f8)

ExceptionAddress: fffff800035365a4 (nt!IoDeleteAllDependencyRelations+0x0000000000000020)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 0000000000000000

Parameter[1]: 0000000000000138

Attempt to read from address 0000000000000138

CONTEXT:  fffff880050b0d50 -- (.cxr 0xfffff880050b0d50)

rax=0000000000000001 rbx=0000000000000000 rcx=fffff800034cdb20

rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000

rip=fffff800035365a4 rsp=fffff880050b1730 rbp=0000000000000000

r8=fffffa80323288d0  r9=0000000000000000 r10=fffffa8031051760

r11=fffffa80323288e0 r12=fffffa8033655be0 r13=fffffa8033655e18

r14=fffffa8033655be0 r15=fffffa80336ecba8

iopl=0         nv up ei ng nz na pe nc

cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282

nt!IoDeleteAllDependencyRelations+0x20:

fffff800035365a4 488b9d38010000  mov     rbx,qword ptr [rbp+138h] ss:0018:0000000000000138=????????????????

Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000138

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003501100

0000000000000138

FOLLOWUP_IP:

swmsflt+153e

fffff880`04d6153e ??              ???

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from fffff8000326cc73 to fffff800035365a4

STACK_TEXT:

fffff880050b1730 fffff8000326cc73 : 0000000000000000 fffffa8033714180 0000000000000000 0000000000000000 : nt!IoDeleteAllDependencyRelations+0x20

fffff880050b1760 fffff88004d6153e : 0000000000000001 fffffa8033655e18 0000000000000000 fffffa80336ec3f0 : nt!IoDeleteDevice+0x23

fffff880050b1790 0000000000000001 : fffffa8033655e18 0000000000000000 fffffa80336ec3f0 fffff880050b18c0 : swmsflt+0x153e

fffff880050b1798 fffffa8033655e18 : 0000000000000000 fffffa80336ec3f0 fffff880050b18c0 0000000000000000 : 0x1

fffff880050b17a0 0000000000000000 : fffffa80336ec3f0 fffff880050b18c0 0000000000000000 00000000002a0028 : 0xfffffa80`33655e18

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  swmsflt+153e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: swmsflt

IMAGE_NAME:  swmsflt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4adde5ae

STACK_COMMAND:  .cxr 0xfffff880050b0d50 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_swmsflt+153e

BUCKET_ID:  X64_0x7E_swmsflt+153e

Followup: MachineOwner

Windows for home | Previous Windows versions | Devices and drivers

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Anonymous
    2013-08-30T00:49:29+00:00

    Hi,

    I received the email, thanks a lot.

    All of the latest attached DMP files are of the **SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)**bugcheck.

    If we look at the call stack of the DMP's, we can see the following:

    1: kd> kv

    Child-SP          RetAddr           : Args to Child                                                           : Call Site

    fffff880050b0528 fffff8000363a584 : 000000000000007e ffffffffc0000005 fffff800035365a4 fffff880050b14f8 : nt!KeBugCheckEx

    fffff880050b0530 fffff800035f4be1 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!PspUnhandledExceptionInSystemThread+0x24

    fffff880050b0570 fffff800032f4cdc : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt! ?? ::NNGAKEGL::`string'+0x223d

    fffff880050b05a0 fffff800032f475d : fffff8000342c8a8 fffff880050b1c00 0000000000000000 fffff80003254000 : nt!_C_specific_handler+0x8c

    fffff880050b0610 fffff800032f3535 : fffff8000342c8a8 fffff880050b0688 fffff880050b14f8 fffff80003254000 : nt!RtlpExecuteHandlerForException+0xd

    fffff880050b0640 fffff800033044e1 : fffff880050b14f8 fffff880050b0d50 fffff88000000000 0000000000000005 : nt!RtlDispatchException+0x415

    fffff880050b0d20 fffff800032c9202 : fffff880050b14f8 0000000000000000 fffff880050b15a0 0000000000000000 : nt!KiDispatchException+0x135

    fffff880050b13c0 fffff800032c7d7a : 0000000000000000 0000000000000138 fffff880009cb100 0000000000000000 : nt!KiExceptionDispatch+0xc2

    fffff880050b15a0 fffff800035365a4 : fffffa80336ec4f8 fffff800032bf5d2 fffffa8033697800 fffffa80336ec3f0 : nt!KiPageFault+0x23a (TrapFrame @ fffff880`050b15a0)

    fffff880050b1730 fffff8000326cc73 : 0000000000000000 fffffa8033714180 0000000000000000 0000000000000000 : nt!IoDeleteAllDependencyRelations+0x20

    fffff880050b1760 fffff88004d6153e : 0000000000000001 fffffa8033655e18 0000000000000000 fffffa80336ec3f0 : nt!IoDeleteDevice+0x23

    fffff880050b1790 0000000000000001 : fffffa8033655e18 0000000000000000 fffffa80336ec3f0 fffff880050b18c0 : swmsflt+0x153e

    fffff880050b1798 fffffa8033655e18 : 0000000000000000 fffffa80336ec3f0 fffff880050b18c0 0000000000000000 : 0x1

    fffff880050b17a0 0000000000000000 : fffffa80336ec3f0 fffff880050b18c0 0000000000000000 00000000002a0028 : 0xfffffa80`33655e18

    We can see that swmsflt.sys is mentioned in the stack, as well as the failure bucket ID -

    FAILURE_BUCKET_ID:  X64_0x7E_swmsflt+153e

    swmsflt.sys is the Sierra Wireless USB Mass Storage Filter Driver. Check for an update here - http://www.sierrawireless.com/Support/Downloads.aspx

    If no update is available, I recommend removing the software or device using this driver for temporary troubleshooting purposes.

    If the above does not help, I would recommend removing SUPERAntispyware for temporary troubleshooting purposes as it may be causing conflicts.

    Regards,

    Patrick

    0 comments
Answer accepted by question author
  1. Anonymous
    2013-08-29T02:38:47+00:00

    Hi,

    In order to assist you, we will need the DMP files to analyze what exactly occurred at the time of the crash, etc.

    If you don't know where DMP files are located, here's how to get to them:

     1.    Navigate to the %systemroot%\Minidump folder.

     2.    Copy any and all DMP files in the Minidump folder to your Desktop and then zip up these files.

     3.    Upload the zip containing the DMP files to Skydrive or a hosting site of your choice and paste in your reply.

    If you are going to use Skydrive but don't know how to upload to it, please visit the following:

    http://www.wikihow.com/Use-SkyDrive

    Please note that any "cleaner" programs such as TuneUp Utilities, CCleaner, etc, by default will delete DMP files upon use.

    If your computer is not generating DMP files, please do the following:

    1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.
    2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.
    3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log' > Ensure 'Automatically restart' is un-checked.

    Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.

    1. Double check that the WERS is ENABLED:

    Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.

    If you cannot get into normal mode to do any of this, please do this via Safe Mode.

    Regards,

    Patrick

    0 comments

8 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2013-08-30T04:20:02+00:00

    Try removing it via safe mode. If it's corrupted and loaded, uninstalling it won't work in normal. If you try safe mode, it won't be loaded, so you may be able to remove it. If it won't work in safe mode for some reason, you can try 'breaking' the driver's functionality by renaming it from swmsflt.sys to

    swmsflt.old via its location in %systemroot%\System32\Drivers and then restarting.

    If you'd like, you can create a restore point before doing so just in case:

    Windows 7 - START | type create | select "Create a Restore Point"

    Regards,

    Patrick

    0 comments
  2. Anonymous
    2013-08-30T04:09:39+00:00

    Hey Patrick,

    Thank you very much for the feedback it makes good sense because I looked at my Uninstall programs list to see what was installed close to the day of the first crash and it was something related to Sierra Wireless so the timing match's your advice, I uninstalled the sprint modem utility and did a restart but my system BSOD me upon reboot so that program may not have been it, then I went to uninstall the Samsung Mobile Driver Set and I get a dialog box,

    "SAMSUNG Mobile Modem driver was not uninstalled successfully (12)

    There is no driver installed previously"

    I have not tried to uninstall this previously so I guess it was corrupted a while back.

    Unless you have some advice on how to remove a bad driver I think I'm stuck.

    Basically I can't uninstall it, so it looks like even though this is most likely the problem I still can't get rid of it, which means I will have use my Macrium utility restore point to go all the way back to a raw OS and SP1 and start putting everything back together from there.

    Thanks.

    0 comments
  3. Anonymous
    2013-08-30T00:34:53+00:00

    Hey Patrick,

    I sent you an email link to SkyDrive for the files.

    Thanks.

    0 comments