Windows 10 Blue screen after every full night shutdown.

SnowManBawb

SnowManBawb

Member
Joined
Feb 25, 2016
Messages
54
Hello.



So, I've had this problem with my pc for a while now and I just have no idea what the problem might be anymore. Ive tried posting on different sites but no one answered.



Here is the problem every time my pc has been shut down for longer then an hour, the next boot up will end up in a blue screen displaying a different error code each time. Here are is few ive seen.



IRQL_NOT_LESS_OR_EQUAL



KMODE_EXCEPTION_NOT_HANDLED


Sometimes the blue screen will happen 10 minutes after it has fully started sometimes right after i log in.



Here are my specs.



  • CPU Intel Core i5-4440 3.10 GHZ

  • Motherboard Asus H87M-PLUS

  • RAM 2 4gb sticks of Corsair DDR3 vengance ram

  • GPU Asus strix R9 390

  • Case Fractal Design Core 1000

  • Storage Samsung 850 evo 250 gb, 500GB Seagate ST500DM002, and a 1 tb external

  • PSU Corsair CS750M

Ive also ran Windgb and here are the results based on the latest blue screen.
Here is what it came up with. :(


Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\021516-4484-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10586.103.amd64fre.th2_release.160126-1819
Machine Name:
Kernel base = 0xfffff802`e1404000 PsLoadedModuleList = 0xfffff802`e16e2cf0
Debug session time: Mon Feb 15 15:26:13.882 2016 (UTC + 2:00)
System Uptime: 0 days 0:02:20.537
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {4, ffffe0018343dd60, ffffe0018343dcb8, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
extents for the thread.
Arg2: ffffe0018343dd60, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffe0018343dcb8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 10586.103.amd64fre.th2_release.160126-1819

SYSTEM_MANUFACTURER: ASUS

SYSTEM_PRODUCT_NAME: All Series

SYSTEM_SKU: All

SYSTEM_VERSION: System Version

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: 0306

BIOS_DATE: 04/07/2013

BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT: H87M-PLUS

BASEBOARD_VERSION: Rev X.0x

DUMP_TYPE: 2

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_P1: 4

BUGCHECK_P2: ffffe0018343dd60

BUGCHECK_P3: ffffe0018343dcb8

BUGCHECK_P4: 0

TRAP_FRAME: 4b6778440205000e -- (.trap 0x4b6778440205000e)
Unable to read trap frame at 4b677844`0205000e

EXCEPTION_RECORD: 0000000000820003 -- (.exr 0x820003)
Cannot read Exception record @ 0000000000820003

CPU_COUNT: 4

CPU_MHZ: c1c

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: ESP_OUT_OF_RANGE

BUGCHECK_STR: 0x139

PROCESS_NAME: AvastSvc.exe

CURRENT_IRQL: 1

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000004

WATSON_BKT_EVENT: BEX

ANALYSIS_SESSION_HOST: SNOWMANBAWB-PC

ANALYSIS_SESSION_TIME: 02-25-2016 23:47:29.0881

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

BAD_STACK_POINTER: ffffe0018343da38

LAST_CONTROL_TRANSFER: from fffff802e1550fe9 to fffff802e1546480

FAULTING_THREAD: 0000000000000000

STACK_TEXT:
ffffe001`8343da38 fffff802`e1550fe9 : 00000000`00000139 00000000`00000004 ffffe001`8343dd60 ffffe001`8343dcb8 : nt!KeBugCheckEx
ffffe001`8343da40 fffff802`e1551310 : 00000000`00000000 00000000`00000000 00000180`00000400 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffe001`8343db80 fffff802`e15504f3 : ffffc001`d3e6fba8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffe001`8343dd60 fffff802`e155b157 : ffffe001`8343e650 ffffe001`8343ee00 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf3
ffffe001`8343def0 fffff802`e1408d81 : 00000000`00000000 ffffb000`5fe51000 65657246`00000002 0dc38236`36a514f1 : nt! ?? ::FNODOBFM::`string'+0x6357
ffffe001`8343df20 fffff802`e14075a8 : ffffe001`8343ee38 ffffe001`8343eb50 ffffe001`8343ee38 00000000`00000001 : nt!RtlDispatchException+0x71
ffffe001`8343e620 fffff802`e15510c2 : 00000000`00820003 00000000`00000000 4b677844`0205000e 0dc38236`36a526d1 : nt!KiDispatchException+0x144
ffffe001`8343ed00 fffff802`e154edc6 : ffffe001`8343ef90 ffffe001`834416a0 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
ffffe001`8343eee0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInvalidOpcodeFault+0x106


THREAD_SHA1_HASH_MOD_FUNC: 93ff434f099106b58fd2a86313b2862abc617562

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6ca9d805ff691236db9ae5a22166f7ed00e151d5

THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe

FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff802`e1551310 c644242000 mov byte ptr [rsp+20h],0

FAULT_INSTR_CODE: 202444c6

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt!KiFastFailDispatch+d0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 56a849a9

IMAGE_VERSION: 10.0.10586.103

STACK_COMMAND: ~0s ; kb

BUCKET_ID_FUNC_OFFSET: d0

FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

BUCKET_ID: 0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

PRIMARY_PROBLEM_CLASS: 0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

TARGET_TIME: 2016-02-15T13:26:13.000Z

OSBUILD: 10586

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-01-27 06:38:01

BUILDDATESTAMP_STR: 160126-1819

BUILDLAB_STR: th2_release

BUILDOSVER_STR: 10.0.10586.103.amd64fre.th2_release.160126-1819

ANALYSIS_SESSION_ELAPSED_TIME: 395

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x139_missing_gsframe_stackptr_error_nt!kifastfaildispatch

FAILURE_ID_HASH: {7b0febb5-6007-4f2b-3d38-57fef278d8d5}

Followup: MachineOwner
---------

3: kd> lmvm nt
Browse full module list
start end module name
fffff802`e1404000 fffff802`e1bd0000 nt (pdb symbols) C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\ntkrnlmp.pdb\D03C5CF7862E48FE84A06333F1CFA5981\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\ntoskrnl.exe\56A849A97cc000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Wed Jan 27 06:38:01 2016 (56A849A9)
CheckSum: 00727A26
ImageSize: 007CC000
File version: 10.0.10586.103
Product version: 10.0.10586.103
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.10586.103
FileVersion: 10.0.10586.103 (th2_release.160126-1819)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
 
Solution
It looks like your AV is the problem here. I would remove it and test. If you still get BSODs then do the following.

Check for an OS problem from an elevated command prompt type sfc /scannow and test your memory
Sort by date Sort by votes
Just a thought, but have you scanned for malware? It's possible that malware can survive a reinstall.
The drivers that start with MpKsl...... are Windows Defender temporary drivers that normally don't show up in memory dumps.
If you haven't scanned for malware, please try some of these free, independent scanners (in case malware has corrupted your current protection) :
The scans come from this link: Link Removed :
 
Upvote 0 Downvote
Ill be only able to test all the suggested stuff this weekend. But something strange happened recently, because of the blue screens i leave my pc on sleep during the night. And while I was out, the power shut down for 6 hours. When I tried turning my PC back on after the power being out it said overclocking failed prompted me to the BIOS and then I restarted it. It started as it was left the night before which was strange to me.

Ever since then though. Ive been also getting blue screens after putting my pc to sleep. Ill check if anything has changed after i shut it down.

added the dump files as well.
 

Attachments

Upvote 0 Downvote
Code: 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {ffffc0012c5a2320, 0, fffff8013c63ed58, 2}


Could not read faulting driver name
Probably caused by : memory_corruption

Followup: memory_corruption
Hi Bawb,
I didn't really see anything different regarding the dump files and we are just going have to go through your system section by section, driver by driver and see if we can track this issue down.

Bawb you need to remove or update the driver below (even if it's to simply test.)

LGPBTDD.sys Wed Jul 01 19:47:52 2009: Logitech GamePanel Software
http://www.logitech.com/en-us/support-downloads

At least half of your dumps blamed the network driver again. Please try this as it only takes a moment to test. Go into the bios and turn off the on board network chip. Test for bsod by waiting an hour before restarting system.

Please post any results obtained.
 
Upvote 0 Downvote
checked all of that everything came up clean.

Alright about to do the long list of things what Usasma posted.

After one of the blue screens i did automatic repair which removed the logitech gaming software so i tried running the pc today and it still crashed. A lot later i might add. here are the dumps files from this morning.

I wont reinstall the software after im done doing all of what Ussasma has posted, speaking of which I will start right now.
 

Attachments

Upvote 0 Downvote
You didn't try turning off the network yet? I would have tried this first as it only takes moments to try. Please, please try this at the earliest opportunity.
What about the game panel software did you remove that?

I'll debug the dump file but Bawb you going have to start trying the things we suggest as otherwise we are just going round in circles

Back shortly.
 
Upvote 0 Downvote
well i was gonna remove the logitech software. I mean Ive been doing most if not every thing you guys have suggested.

What do you mean, just try to get a cold boot with my router off?
 
Upvote 0 Downvote
Code: 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {ffffffffc0000005, fffff801852ca6d0, ffffd000809628b8, ffffd000809620d0}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!ExpScanGeneralLookasideList+40 )

Followup: MachineOwner
Hi Bawb
again nothing conclusive driver wise although I noticed something which I haven't seen before now:

tap-tb-0901.sys Tue Aug 12 08:45:22 2014: TunnelBear Windows Virtual Network Driver. What does this relate to Bawb, any ideas? If it's no longer used please remove.

As you say you have plenty to be going on with regarding the tips Usasma posted as well as the posts I made above. Best of luck and hope all goes well.
 
Upvote 0 Downvote
SnowManBawb said:
What do you mean, just try to get a cold boot with my router off?
Click to expand...
Not the router but your onboard network solution. If you go into the bios try turning it off and then try the cold boot.

I mean Ive been doing most if not every thing you guys have suggested.
Click to expand...
Apologies Bawb, your doing great and we will get there in the end.. I'm not giving up on you so let's get this computer of yours sorted out..
 
Upvote 0 Downvote

Yeah tunnel bear is a VPN that I was testing for a bit for blocked videos/sites and etc.


kemical said:
Not the router but your onboard network solution. If you go into the bios try turning it off and then try the cold boot.
Click to expand...

Alright gotcha. So now Ill finish the driver updates and gonna try to get the pc to cold boot. So ill be back in roughly an hour.

Ill also try using a normal keyboard and mouse and removing any extra devices i have plugged in plus disabling the network.

btw I did try looking this up but I couldnt find a way to boot in safe mode while starting up the pc for windows 10. I saw a bunch of ways while i was already on my desktop.

"Apologies Bawb, your doing great and we will get there in the end.. I'm not giving up on you so let's get this computer of yours sorted out.. "

No worries. One thing that I've noticed most drivers you guys suggest for me to update are already up to date. So even though I update them again in the dump files it probably seems like havent. Idk im gonna shutting down now.
 
Upvote 0 Downvote
SnowManBawb said:
One thing that I've noticed most drivers you guys suggest for me to update are already up to date. So even though I update them again in the dump files it probably seems like havent. Idk im gonna shutting down now.
Click to expand...
Ok Bawb understood. If I do ask about a driver in the future I'll certainly ask first if it's already been updated.

Good luck with the testing..
 
Upvote 0 Downvote
kemical said:
Ok Bawb understood. If I do ask about a driver in the future I'll certainly ask first if it's already been updated.

Good luck with the testing..
Click to expand...
It didnt crash so either my cold boot didnt work or one of the fixes fixed the issue. Either way ill try to boot tomorrow with the same settings and see what the outcome is.
 
Upvote 0 Downvote
Ok great.. John did suggest that it could possibly be a network issue and you have dump files in that area so perhaps we are onto something at last?
 
Upvote 0 Downvote
"KMODE_EXCEPTION_NOT_HANDLED" usually is a device driver missing and a quick look at device manager might provide that item if something is open. With flash drive not showing maybe a usb issue." Run, devmgmt.msc " would give us a quick look at Device Manager and see if any item has a yellow"?" on it.
 
Upvote 0 Downvote
Hehe that's just one dump file of many although we've tried many many things. Hopefully we are finally getting somewhere and tomorrows post will let us know for sure. The last test didn't produce a blue screen which is the first time thats happened.. Fingers crossed for tomorrow!
 
Upvote 0 Downvote
Unfortunately it still crashed, but unlike other times it was just 1 blue screen. Usually there would be like 2 or 3 at a time. Dont know if that helps at all but here are the logs.
 

Attachments

Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

  • Solved
Help Deciphering DPC_WATCHDOG_VIOLATION Error After System Crash
Replies
1
Views
760
ChatGPT
K
  • Solved
Windows 10 several PCs got blue screen in the office
Replies
1
Views
1K
ChatGPT
M
  • Solved
Windows 10 Black Screen & Crashing After Installing New GPU/PSU
Replies
18
Views
9K
dianawolws
  • Solved
Windows 10 BSOD Memory management
Replies
7
Views
4K
Pep
G
  • Solved
Windows 10 BSOD Help
Replies
2
Views
2K
kemical