Windows 10 Blue screen after every full night shutdown.

[SnowManBawb]

Hello.



So, I've had this problem with my pc for a while now and I just have no idea what the problem might be anymore. Ive tried posting on different sites but no one answered.



Here is the problem every time my pc has been shut down for longer then an hour, the next boot up will end up in a blue screen displaying a different error code each time. Here are is few ive seen.



IRQL_NOT_LESS_OR_EQUAL



KMODE_EXCEPTION_NOT_HANDLED


Sometimes the blue screen will happen 10 minutes after it has fully started sometimes right after i log in.



Here are my specs.

• CPU Intel Core i5-4440 3.10 GHZ
  
  
• Motherboard Asus H87M-PLUS
  
  
• RAM 2 4gb sticks of Corsair DDR3 vengance ram
  
  
• GPU Asus strix R9 390
  
  
• Case Fractal Design Core 1000
  
  
• Storage Samsung 850 evo 250 gb, 500GB Seagate ST500DM002, and a 1 tb external
  
  
• PSU Corsair CS750M

Ive also ran Windgb and here are the results based on the latest blue screen.
Here is what it came up with.


Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\021516-4484-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10586.103.amd64fre.th2_release.160126-1819
Machine Name:
Kernel base = 0xfffff802`e1404000 PsLoadedModuleList = 0xfffff802`e16e2cf0
Debug session time: Mon Feb 15 15:26:13.882 2016 (UTC + 2:00)
System Uptime: 0 days 0:02:20.537
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {4, ffffe0018343dd60, ffffe0018343dcb8, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
extents for the thread.
Arg2: ffffe0018343dd60, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffe0018343dcb8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 10586.103.amd64fre.th2_release.160126-1819

SYSTEM_MANUFACTURER: ASUS

SYSTEM_PRODUCT_NAME: All Series

SYSTEM_SKU: All

SYSTEM_VERSION: System Version

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: 0306

BIOS_DATE: 04/07/2013

BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT: H87M-PLUS

BASEBOARD_VERSION: Rev X.0x

DUMP_TYPE: 2

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_P1: 4

BUGCHECK_P2: ffffe0018343dd60

BUGCHECK_P3: ffffe0018343dcb8

BUGCHECK_P4: 0

TRAP_FRAME: 4b6778440205000e -- (.trap 0x4b6778440205000e)
Unable to read trap frame at 4b677844`0205000e

EXCEPTION_RECORD: 0000000000820003 -- (.exr 0x820003)
Cannot read Exception record @ 0000000000820003

CPU_COUNT: 4

CPU_MHZ: c1c

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: ESP_OUT_OF_RANGE

BUGCHECK_STR: 0x139

PROCESS_NAME: AvastSvc.exe

CURRENT_IRQL: 1

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000004

WATSON_BKT_EVENT: BEX

ANALYSIS_SESSION_HOST: SNOWMANBAWB-PC

ANALYSIS_SESSION_TIME: 02-25-2016 23:47:29.0881

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

BAD_STACK_POINTER: ffffe0018343da38

LAST_CONTROL_TRANSFER: from fffff802e1550fe9 to fffff802e1546480

FAULTING_THREAD: 0000000000000000

STACK_TEXT:
ffffe001`8343da38 fffff802`e1550fe9 : 00000000`00000139 00000000`00000004 ffffe001`8343dd60 ffffe001`8343dcb8 : nt!KeBugCheckEx
ffffe001`8343da40 fffff802`e1551310 : 00000000`00000000 00000000`00000000 00000180`00000400 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffe001`8343db80 fffff802`e15504f3 : ffffc001`d3e6fba8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffe001`8343dd60 fffff802`e155b157 : ffffe001`8343e650 ffffe001`8343ee00 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf3
ffffe001`8343def0 fffff802`e1408d81 : 00000000`00000000 ffffb000`5fe51000 65657246`00000002 0dc38236`36a514f1 : nt! ?? ::FNODOBFM::`string'+0x6357
ffffe001`8343df20 fffff802`e14075a8 : ffffe001`8343ee38 ffffe001`8343eb50 ffffe001`8343ee38 00000000`00000001 : nt!RtlDispatchException+0x71
ffffe001`8343e620 fffff802`e15510c2 : 00000000`00820003 00000000`00000000 4b677844`0205000e 0dc38236`36a526d1 : nt!KiDispatchException+0x144
ffffe001`8343ed00 fffff802`e154edc6 : ffffe001`8343ef90 ffffe001`834416a0 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
ffffe001`8343eee0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInvalidOpcodeFault+0x106


THREAD_SHA1_HASH_MOD_FUNC: 93ff434f099106b58fd2a86313b2862abc617562

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6ca9d805ff691236db9ae5a22166f7ed00e151d5

THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe

FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff802`e1551310 c644242000 mov byte ptr [rsp+20h],0

FAULT_INSTR_CODE: 202444c6

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt!KiFastFailDispatch+d0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 56a849a9

IMAGE_VERSION: 10.0.10586.103

STACK_COMMAND: ~0s ; kb

BUCKET_ID_FUNC_OFFSET: d0

FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

BUCKET_ID: 0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

PRIMARY_PROBLEM_CLASS: 0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

TARGET_TIME: 2016-02-15T13:26:13.000Z

OSBUILD: 10586

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-01-27 06:38:01

BUILDDATESTAMP_STR: 160126-1819

BUILDLAB_STR: th2_release

BUILDOSVER_STR: 10.0.10586.103.amd64fre.th2_release.160126-1819

ANALYSIS_SESSION_ELAPSED_TIME: 395

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x139_missing_gsframe_stackptr_error_nt!kifastfaildispatch

FAILURE_ID_HASH: {7b0febb5-6007-4f2b-3d38-57fef278d8d5}

Followup: MachineOwner
---------

3: kd> lmvm nt
Browse full module list
start end module name
fffff802`e1404000 fffff802`e1bd0000 nt (pdb symbols) C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\ntkrnlmp.pdb\D03C5CF7862E48FE84A06333F1CFA5981\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\ntoskrnl.exe\56A849A97cc000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Wed Jan 27 06:38:01 2016 (56A849A9)
CheckSum: 00727A26
ImageSize: 007CC000
File version: 10.0.10586.103
Product version: 10.0.10586.103
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.10586.103
FileVersion: 10.0.10586.103 (th2_release.160126-1819)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.

 

[kemical]

I see from the other files included that you may have been playing SuperMeatBoy.exe? If so was the network component still disabled in the bios?

 

[SnowManBawb]

I see from the other files included that you may have been playing SuperMeatBoy.exe? If so was the network component still disabled in the bios?

whoa what? The blue screens code was memory exception. It wasnt disabled when i was playing the game.
The PC blue screened and then I restarted to check if it will blue screen again. It didnt so i restarted it and turned the network back on.
Should I have left the network off for the entire day? I turned everything off before i turned it off for the night.

 

[kemical]

Should I have left the network off for the entire day

No it was only off to see if blue screen still occurred on the cold boot.

What happened regarding the tests Usasma outlined for you or are you yet to go through those?

As you mentioned about the cpu spiking just prior to the blue screen did you try using process explorer to see whatever process was involved.

Bawb check the drive using Seatools
SeaTools | Seagate

Did you turn off the pagefile at all? (no pagefile no dump file)

 

[SnowManBawb]

No it was only off to see if blue screen still occurred on the cold boot.

What happened regarding the tests Usasma outlined for you or are you yet to go through those?

As you mentioned about the cpu spiking just prior to the blue screen did you try using process explorer to see whatever process was involved.

Bawb check the drive using Seatools
SeaTools | Seagate

Did you turn off the pagefile at all? (no pagefile no dump file)

I got the programs and checked for malware and it came up clean. I also ran the other tests he mentioned with no real culprit. Checked all the drivers he mentioned and updated them as well. Also checked if there were any windows updates that ive missed, which I hadnt.

I actually forgot to do that cause you posted that before Usasma. Ill be sure to check what spikes tomorrow. Sorry about that.

Will do!

 

[SnowManBawb]

So I did see something spike up before it blue screened I didnt catch the name but it was 4 processes at once. Ill check again tomorrow gonna try recording it with my phone so i can look back at it.

Also for this boot i disabled most unnecessary start up programs to check if that was what was causing it. Didnt work obviously.

And could CCleaner delete the log of yesterdays blue screen? Cause I did have it as a start up program.

Added the dump file.

 

[kemical]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10D, {5, 1ffee0608928, 1225, ffffe0011e5ad460}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption

Followup: memory_corruption

Morning Bawb,
we have a new dump file! This basically means an error has been discovered in a framework based driver. A driver also appears in the Call stack and most likely the culprit:

xusb22.sys Fri Oct 30 02:41:10 2015: Xbox 360 Wireless Receiver driver uninstall to test.

And could CCleaner delete the log of yesterdays blue screen? Cause I did have it as a start up program.

Almost certainly..

See how you go after removing the above driver.

Post any new dump files.

 

[SnowManBawb]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10D, {5, 1ffee0608928, 1225, ffffe0011e5ad460}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption

Followup: memory_corruption

Morning Bawb,
we have a new dump file! This basically means an error has been discovered in a framework based driver. A driver also appears in the Call stack and most likely the culprit:

xusb22.sys Fri Oct 30 02:41:10 2015: Xbox 360 Wireless Receiver driver uninstall to test.


Almost certainly..

See how you go after removing the above driver.

Post any new dump files.

Alright. Just removed it. Ill post back tomorrow. Have a good day

 

[kemical]

You too Bawb!

 

[SnowManBawb]

So what I feared happened. The spike yesterday was just a coincidence. Nothing spiked up before the blue screen today.
BUT the error code was something ive never seen before. Seems like PC is just making shit up now at this point. It was
KERNEL_SECURITY_CHECK_FAILURE
This what was running just before the crash Link Removed

 

[kemical]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10D, {5, 1ffee0608928, 1225, ffffe0011e5ad460}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption

Followup: memory_corruption

Hi Bawb,
similar bugcheck. Your going to have to start stripping the system back to basics and start testing each individual component as they're added back.
Usasma posted a link which is a guide of sorts:
Link Removed

Did you try removing the Logitech game panel as well as your idea of using another k'board?

 

[usasma]

Sorry for my absence - I think I forgot to turn notifications on, and then I was traveling and totally forgot about checking

Please remove the Game Panel software as kemical suggests. It's driver dates from 2009, so it may have troubles coping with W10.
After the removal, if the BSOD's still occur (and presuming that the xusb22.sys driver remains uninstalled), then try Driver Verifier again.
Also, ensure that the Microsoft wireless XBox controller software is removed also - as the xusb22.sys driver was in this memory dump.

Once those 2 are removed, if the BSOD's continue, please run Driver Verifier. Even if it was run before, removing the xusb22.sys driver and the Logitech GamePanel drivers will give it a fresh look at the system - and will hopefully force the system to give up the name of the actual offending driver.

Here's the scenario that I think is happening:
- a driver/drivers writes to memory space owned by another driver.
- then the offending driver exits
- then, after a while, the other driver checks that memory space, sees unexpected data, freaks out and crashes to a BSOD.
As the offending driver has exited, there's no way to tell what caused it - so the debugger points to the driver that it occurred in.

Beyond that, I think it's a good idea to start the Hardware Stripdown also.
I can't recall if you've tested your memory either - but MemTest86 or MemTest86+ along with Prime95 would be advised to help rule out memory issues. (my list of diagnostics is here: Link Removed )
Also, there was a video driver (actually DirectX) in the raw stack text - so trying the video tests would be a good idea also.

 

[SnowManBawb]

I did remove the logitech driver and then launched the pc with out anything plugged in but a single regular keyboard. still blue screened afterwards.
The xbox driver was then present.
So I guess ill remove the logitech driver again and try booting with both of them gone.

 

[kemical]

So I guess ill remove the logitech driver again and try booting with both of them gone.

Worth a try Bawb.

You may want to leave the week end free for the hardware testing too..

 

[SnowManBawb]

Worth a try Bawb.

You may want to leave the week end free for the hardware testing too..

Ill be sure to do that. I did run memtest86 btw for 14 hours and it came up with zero errors.

 

[kemical]

Yes I remember, it was run more than once if i remember correctly. Let us know if you have any questions about the weekends testing.

 

[usasma]

FYI - the Prime95 Blend test will test different features/parts of the RAM.
The other 2 tests (Small FFT's and Large FFT's primarily test the CPU cache and the memory controller)

Good luck!

 

[BIGBEARJEDI]

Hi Bawb,
It's been awhile since I was on this thread. Sorry to hear you're still having problems with it Blue Screening. One thing I noticed on 3 of your last Crash Dump files you uploaded to the thread here: You still have all 3 of your Hard Drives hooked up to your Motherboard. Both kemical and usasma have mentioned stripping down all your components for troubleshooting purposes to the simplest possible configuration. From what I see you haven't yet done this!

YOU MUST REMOVE ALL INTERNAL AND EXTERNAL HARD DRIVES FROM YOUR MOTHERBOARD FOR TROUBLESHOOTING PURPOSES!! The MSINFO32.nfo file in your Crash Dump uploads still shows they are connected. You should only be testing your computer with the C: bootdrive, the Samsung 250GB SSD drive. Please disconnect the other 2 drives [D: drive, WD 1TB drive; and the E: drive, Samsung 1TB usb drive].

Repeat any and all tests you've been asked to do and see if you continue to get Blue Screens or not. If you do not, the error is being produced by 1 or more failed drives or even both drives. Did you complete the SEATOOLS drive diagnostic testing on both those 2 secondary drives? That was in usasma's link here: Link Removed
Check the HW DIAGNOSTICS section here and click on this link: Link Removed

This is very important; you should NOT run these diagnostics on your existing PC (with the ASUS Motherboard) as it's not properly functioning. You'll have to go to another properly functioning PC that does not produce Blue Screens and run these various hard drive tests!!

The next thing I would do after you remove those 2 secondary hard drives from your Motherboard, is to retest your C: bootdrive [that's the Samsung 250GB SSD drive] again and recertify that it's not producing errors in the drive tests. If it is,you'll need to replace that SSD drive before continuing to troubleshoot! Then, continue running the other tests and determine if the Blue Screens are continuing to occur. If the problem persists, at least we know that it's not due to a C: bootdrive failure. And that also may rule out the 2 secondary drives as well (even though it's still a good idea to test them on another working PC).

At this point, we can safely rule out any of your 3 hard drives from contributing to your problem, from the hardware perspective, and focus on Windows corruption issues, drivers not working, etc. that the other guys are helping you with.

Best of luck,
<<<BIGBEARJEDI>>>

 

[kemical]

I think he's testing this weekend BBJ as discussed above.

 

[BIGBEARJEDI]

Yeah, Ross, I saw that; but I wanted to throw out the fact to OP that he still hasn't done the Stripped Down Troubleshooting that John mentioned way back in the beginning of the thread; and it might be causing a problem. Just want to make sure he gets that part done.

I'll go away and do other stuff now. I'll check back next week to give him time to do all that!

BBJ

 

[SnowManBawb]

Ok here is something.

Due to me starting driving school and having a lot of real life stuff happening. I didnt really have time to test the stuff.

But the other day my logitech gaming software program spazzed out, so I went in to its settings and it turns out I had the US layout selcted and I switched over to NORIDC which is the right one. I also changed the keyboard getting the profile from its on board memory.

Ever since then I havent gotten a blue screen on boot. This makes zero sense to me since I had removed the program and keyboard completely before. and it still resulted in a blue screen.