IRQL BSOD + a host of other BSOD errors... pls help:(

[Ant0ni081]

Hello all and thankyou in advance for any time spent trying to fix my issues.
I've recently rebuilt my pc and updated to Win10 pro... all was well for a few weeks but now i seem to constantly be on the recieving end of multiple crashes BSOD style.

I've done a fair amount of reading up on them all but i just cant seem to fix the issues. Hence I'm here for the help of pros. I'm not sure what information you need from me to maybe hunt out the problem but i'll link a few of the errors i have pulled from my event viewer. PLs if you need any more information just shout and i'll gather it for you to take a look over.

I have mostly seen IRQL issues, which i have come to know as a driver conflict of some sort. All drivers, as far as i am aware are up to day with clean installs after sweeping the old drives off the system. As most of the IRQL errors have been accompanied with the nvlddmkm.sys via the GPU drivers.

Win10pro has been updated to the newest version.. and maybe its a issue with that? im not sure.

Other errors which have Blue screened me over the troublesome period have been ...

KMODE EXCEPTION NOT HANDLED
ATTEMPTED WRITE TO READ ONLY MEMORY
CLOCK WATCHDOG TIMED OUT
INTERUPT EXCEPTION NOT HANDLED
SYSTEM THREAD EXCEPTION NOT HANDLED

The system seems stable and runs well.. its just these BSOD that pop up sometimes 10 times a day and other times 1-2 a day. And I'm baffled what to do next.

Here are some dumps and pls ask if you need more info.. many thanks.

 

[Ant0ni081]

Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 25/07/2016 14:00:59
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DESKTOP-5F99R7M
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xffffb00d8899098b, 0x00000000000000ff, 0x0000000000000021, 0xfffff8036f89c6ff). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 31bd18a8-b2e9-43ad-ae6d-5735603be403.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-07-25T13:00:59.871244200Z" />
<EventRecordID>2909</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DESKTOP-5F99R7M</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x0000000a (0xffffb00d8899098b, 0x00000000000000ff, 0x0000000000000021, 0xfffff8036f89c6ff)</Data>
<Data Name="param2">C:\WINDOWS\MEMORY.DMP</Data>
<Data Name="param3">31bd18a8-b2e9-43ad-ae6d-5735603be403</Data>
</EventData>
</Event>






Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 25/07/2016 14:00:54
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: DESKTOP-5F99R7M
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>3</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2016-07-25T13:00:54.691573000Z" />
<EventRecordID>2892</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>DESKTOP-5F99R7M</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">10</Data>
<Data Name="BugcheckParameter1">0xffffb00d8899098b</Data>
<Data Name="BugcheckParameter2">0xff</Data>
<Data Name="BugcheckParameter3">0x21</Data>
<Data Name="BugcheckParameter4">0xfffff8036f89c6ff</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
</EventData>
</Event>







Log Name: System
Source: EventLog
Date: 25/07/2016 14:00:58
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DESKTOP-5F99R7M
Description:
The previous system shutdown at 13:23:28 on ?25/?07/?2016 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-07-25T13:00:58.543067800Z" />
<EventRecordID>2882</EventRecordID>
<Channel>System</Channel>
<Computer>DESKTOP-5F99R7M</Computer>
<Security />
</System>
<EventData>
<Data>13:23:28</Data>
<Data>?25/?07/?2016</Data>
<Data>
</Data>
<Data>
</Data>
<Data>5</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E0070700010019000D0017001C000402E0070700010019000C0017001C0004023C0000003C000000000000000000000000000000000000000100000000000000</Binary>
</EventData>
</Event>




Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 25/07/2016 13:23:29
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DESKTOP-5F99R7M
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xffffd1a3f6a7b7b2, 0x00000000000000ff, 0x0000000000000012, 0xfffff800628946ff). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: e849c1af-157a-482f-ac51-59b372384da8.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-07-25T12:23:29.829321400Z" />
<EventRecordID>2867</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DESKTOP-5F99R7M</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x0000000a (0xffffd1a3f6a7b7b2, 0x00000000000000ff, 0x0000000000000012, 0xfffff800628946ff)</Data>
<Data Name="param2">C:\WINDOWS\MEMORY.DMP</Data>
<Data Name="param3">e849c1af-157a-482f-ac51-59b372384da8</Data>
</EventData>
</Event>



Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 25/07/2016 13:23:28
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: DESKTOP-5F99R7M
Description:
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\{d184cfd3-37bb-11e6-9bd2-806e6f6e6963}#0000000008100000.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2016-07-25T12:23:28.519016200Z" />
<EventRecordID>2863</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="376" />
<Channel>System</Channel>
<Computer>DESKTOP-5F99R7M</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">70</Data>
<Data Name="DriverName">SWD\WPDBUSENUM\{d184cfd3-37bb-11e6-9bd2-806e6f6e6963}#0000000008100000</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WudfRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>



Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 25/07/2016 13:23:24
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: DESKTOP-5F99R7M
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>3</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2016-07-25T12:23:24.734862200Z" />
<EventRecordID>2850</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>DESKTOP-5F99R7M</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">10</Data>
<Data Name="BugcheckParameter1">0xffffd1a3f6a7b7b2</Data>
<Data Name="BugcheckParameter2">0xff</Data>
<Data Name="BugcheckParameter3">0x12</Data>
<Data Name="BugcheckParameter4">0xfffff800628946ff</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
</EventData>
</Event>



Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 25/07/2016 03:30:48
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: DESKTOP-5F99R7M
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2016-07-25T02:30:48.544122100Z" />
<EventRecordID>2750</EventRecordID>
<Correlation />
<Execution ProcessID="860" ThreadID="5692" />
<Channel>System</Channel>
<Computer>DESKTOP-5F99R7M</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

 

[LukeFatwalker]

It's most likely an issue with drivers, if you've re-installed/updated the affected drivers, then the next step would be to to run Startup Repairs. See if there's an issue with your boot manager. If there is, simply run Startup Repairs to fix it.

If that doesn't work, back up what you can (I'm assuming you can't boot into Windows but if you can, back up any data you can) and reformat the machine.

After you reformat, simply start a back up regime. Either a disk imager or a snapshot tool. Macrium Reflect and Rollback Rx are great tools (with freeware versions).

 

[Ant0ni081]

windows boots fine, no blue screen loop. So i'll try your suggestion of the start up repair and post back if anything pops up, cheers.

 

[Ant0ni081]

nothings showing. and i'd rather someone take a look at these dumps if anyone knows how. i really dont want to do a complete format if i can help it.

 

[LukeFatwalker]

nothings showing. and i'd rather someone take a look at these dumps if anyone knows how. i really dont want to do a complete format if i can help it.

Cheers, good luck!

 

[johnbl]

You would have to put your actual memory dump file c:windows\memory.dmp on a cloud server like microsoft onedrive, share the file as public and post a link.
You might also look in c:\windows\minidump directory for more dumps.
Minidumps are smaller and are not over written like kernel and full memory dumps.

 

[Ant0ni081]

i have this come up when using whocrashed if its any help

On Tue 30/08/2016 13:28:01 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\083016-4984-01.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF800A008E6FF, 0x0, 0xFFFFFFFFFFFFFFFF)
Error: KMODE_EXCEPTION_NOT_HANDLED
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

On Tue 30/08/2016 13:22:31 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\083016-4843-01.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0xA (0x2, 0xFF, 0x0, 0xFFFFF802108AAC8F)
Error: IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.


as for the mini dump files in the directory when i open them they juust look like a bunch of encrypted code? how am i ment to make sense of them? :/

 

[johnbl]

they are binary files, you have to use a tool like the windows debugger to read them.

i have this come up when using whocrashed if its any help

On Tue 30/08/2016 13:28:01 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\083016-4984-01.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF800A008E6FF, 0x0, 0xFFFFFFFFFFFFFFFF)
Error: KMODE_EXCEPTION_NOT_HANDLED
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

On Tue 30/08/2016 13:22:31 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\083016-4843-01.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0xA (0x2, 0xFF, 0x0, 0xFFFFF802108AAC8F)
Error: IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.


as for the mini dump files in the directory when i open them they juust look like a bunch of encrypted code? how am i ment to make sense of them? :/