[SOLVED] Random "Kernel-Power 41" errors in Windows 10 (2004) ?

[razorofdeath]

The computer was built in May 2011. The PC has Windows 10 (version 2004) installed.

CPU: Intel Core i5 2500K Quad Core Unlocked Processor LGA1155 3.3GHZ Sandy Bridge 6MB
RAM: G.SKILL Ripjaws X F3-12800CL9D-8GBXL 8GB 2X4GB DDR3-1600 CL9-9-9-24 Memory
Motherboard: MSI P67A-GD53 (B3) P67 ATX LGA1155 DDR3 2PCI-E16 3PCI-E 2PCI SLI CrossFireX SATA3 USB3 Motherboard
Video card: Gigabyte Radeon HD 5570 670MHZ 1Gb 1.6GHZ GDDR3 DVI HDMI VGA DIRECTX11 PCI-E Video Card
HDD: Western Digital Caviar Black 1TB SATA3 6GB/S 7200RPM 64MB Cache 3.5IN Dual Proc Hard Drive OEM
SSD #1: Samsung 840 Pro 256GB
SSD #2: Crucial M4 SSD Micron C400 64GB 2.5IN Solid State Disk Flash Drive SATA3 6Gbps
Optical: LG GH22NS50 Black 22X Sata Dvd Writer Oem
Case: Coolermaster CM 690 II Advanced ATX Mid Tower Case Black 4X5.25 1X3.5EXT 6X3.5INT
PSU: Thermaltake TR2 600W (W0388RU) ATX12V V2.2 24PIN Power Supply with 120MM Fan

--------------------------

HWMonitor data:

CPU cores temperature: ~45-50 degree Celsius at IDLE
GPU temperature: 40 degree Celsius at IDLE

+3.3 = 3.3v
+5 = 5.7v
+12 = 8.138v

============

CrystalDiskInfo Health
Crucial SSD = 94%
Samsung SSD = 93%
WD HDD = Good, no bad sector whatsoever.

--------------------------

Kernel-Power ID 41 (63) - Critical Error

BugcheckCode related with the Errors:
0 = ???
1 = Bug Check 0x1: APC_INDEX_MISMATCH
10 = Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL
30 = Bug Check 0x1E: KMODE_EXCEPTION_NOT_HANDLED
59 = Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION
80 = Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA
307 = Bug Check 0x133 DPC_WATCHDOG_VIOLATION
313 = Bug Check 0x139: KERNEL_SECURITY_CHECK_FAILURE

When I have an error, it's a random of those BugcheckCode that appear in the Kernel-Power.

--------------------------

Hi, I need help.

This PC restart randomly since late september/october, almost on IDLE.

I don't know what can be the cause. I got a lot of Kernel-Power error with different random BugcheckCode.

In the Hardware manager, it doesn't seems to have any driver error or missing.

50% RAM is in use actually (4GB/8GB Total), after the boot, which seems enough headroom for Windows 10.

Can it be related with the PSU or a driver/software? What can I do?

Thank you!

 

[Fix_that_Glitch]

Find out which ram stick is bad and remove it. Should stop random restarting then. If it does replace the bad stick with the same ram if you can find it or just buy new 8gb ram it's cheap enough.

 

[Zerk2012]

+12 = 8.138v

 

[scout_03]

try to use another psu your 12v line is out of specs .

 

[Fix_that_Glitch]

+12 = 8.138v

Didn't see that ,yeah you are correct sir.

 

[razorofdeath]

Thanks for the response guys!

I will have to test it further in a couple of days because I'm not sure if the HWMonitor voltage is good or not. Can I trust it or not, that's the question. I have read in a couple of place that voltage software is not that accurate.

The way I see this problem:

1. It can be related with the power strip he was using, the power cable connected to the PSU or the cable inside the computer (not tight enough).
2. It can also be Software/Driver related
3. Finally PSU related

----------------

What I want to do with the computer of my client (in remote):

1. Test the voltage with AIDA64, HWInfo and OpenHardwareMonitor. Check if it's the same as what I have with HWMonitor.
2. I want to make a stress tests with AIDA64, OCCT and BurnInTest. Check if the computer will freeze or not.
3. I want to check if there's driver issue with Driver Verifier (inside Windows).

What do you think?
I can also make a in-place upgrade with the MediaCreationTool since he's not on 20H2.

Thx!

 

[Fix_that_Glitch]

Yeah I would update/upgrade the windows and all drivers to current and see if that fixes the issue, before upening up the computer and potentially getting in to a can of worms.

 

[razorofdeath]

Hi guys!

The voltage from (OCCT and AIDA64) seems to be at 3.328V, 5.045V and 12.056V. I have done a memory stress test with AIDA64 (10 min) and a PSU stress test with OCCT (~7 min) and no error whatsoever, no BSOD.

I have test all the third-party drivers (not related with Microsoft) with Driver Verifier and the computer has crash when the computer has restarted. So it's seems to be a driver issue but which one... That's the question!

------------------

I have analyzed the dump file generated by Driver Verifier with WhoCrashed:

crash dump file: C:\WINDOWS\Minidump\120420-10234-01.dmp
This was probably caused by the following module: verifierext.sys (0xFFFFF8073C43B3E8)
Bugcheck code: 0xC4 (0x2001F, 0xFFFFF8073C43B3E8, 0x0, 0x0)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
file path: C:\WINDOWS\system32\drivers\verifierext.sys
product: Système d’exploitation Microsoft® Windows®
company: Microsoft Corporation
description: Extension du vérificateur de pilotes
Bug check description: This is the general bug check code for fatal errors found by Driver Verifier.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.

------------------

I have also analyzed it with Windows Debugger from the Windows SDK kit:

Microsoft (R) Windows Debugger Version 10.0.19041.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\120420-10234-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff8073ae0e000 PsLoadedModuleList = 0xfffff8073ba383b0
Debug session time: Fri Dec 4 14:32:13.915 2020 (UTC - 5:00)
System Uptime: 0 days 0:00:07.671
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
....
For analysis of this file, run !analyze -v
1: kd> !analyze -v
***

• *
• Bugcheck Analysis *
• *

***

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000000002001f, ID of the 'IrqlZwPassive' rule that was violated.
Arg2: fffff8073c43b3e8, A pointer to the string describing the violated rule condition.
Arg3: 0000000000000000, Reserved (unused).
Arg4: 0000000000000000, Reserved (unused).

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for RapportCerberus64_2004080.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 22

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on JPL2-PC

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 21

Key : Analysis.Memory.CommitPeak.Mb
Value: 70

Key : Analysis.System
Value: CreateObject

Key : Dump.Attributes.InsufficientDumpfileSize
Value: 1


DUMP_FILE_ATTRIBUTES: 0xc
Insufficient Dumpfile Size
Kernel Generated Triage Dump

BUGCHECK_CODE: c4

BUGCHECK_P1: 2001f

BUGCHECK_P2: fffff8073c43b3e8

BUGCHECK_P3: 0

BUGCHECK_P4: 0

DV_VIOLATED_CONDITION: ZwOpenKey should only be called at IRQL = PASSIVE_LEVEL.

DV_MSDN_LINK: https://go.microsoft.com/fwlink/?LinkId=216048

DV_RULE_INFO: 0x2001F

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

STACK_TEXT:
ffffb880cc771a88 fffff8073c42702b : 00000000000000c4 000000000002001f fffff8073c43b3e8 0000000000000000 : nt!KeBugCheckEx
ffffb880cc771a90 fffff8073c425717 : 000000000002001f ffffb880cc771b30 fffff8073c43b3e8 00000000000000c4 : VerifierExt!XdvInitiateBugcheck+0x3f
ffffb880cc771ad0 fffff8073c402237 : fffff80d8768b941 ffffb880cc771c78 0000000000000000 0000000000000000 : VerifierExt!XdvUnifiedBugCheck+0x253
ffffb880cc771b60 fffff8073c40229a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : VerifierExt!SLIC_ZwOpenKey_entry_IrqlZwPassive+0x33
ffffb880cc771ba0 fffff8073b7f51f4 : fffff80d8768b941 ffffb880cc771c78 ffffb880cc771c90 0000000000000000 : VerifierExt!ZwOpenKey_wrapper+0x4a
ffffb880cc771c10 fffff80d8768b941 : 0000000000000000 ffffb880cc771de0 ffffffffffffffff 000000000000000f : nt!VfZwOpenKey+0x54
ffffb880cc771c40 0000000000000000 : ffffb880cc771de0 ffffffffffffffff 000000000000000f ffffb880cc771cf0 : RapportCerberus64_2004080+0xfb941


SYMBOL_NAME: RapportCerberus64_2004080+fb941

MODULE_NAME: RapportCerberus64_2004080

IMAGE_NAME: RapportCerberus64_2004080.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: fb941

FAILURE_BUCKET_ID: 0xc4_IrqlZwPassive_XDV_RapportCerberus64_2004080!unknown_function

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {295edb1c-bbeb-a960-12cf-d3932143488d}

Followup: MachineOwner
---------

=======================

So after all of this, if I understand correctly the Windows Debugger, it's seems to be an issue related with "RapportCerberus64_2004080.sys"...

Thx!

 

[razorofdeath]

This is what I have found from the dumps with WinDBG:

5921.dmp = chrome.exe (Npfs.sys), buffer memory full, KERNEL_SECURITY_CHECK_FAILURE (139)

• Unable to load image atc.sys

5968.dmp = ndis.sys, Network Driver Interface Specification, KERNEL_SECURITY_CHECK_FAILURE (139)
6312.dmp = chrome.exe (tcpip.sys), DPC_WATCHDOG_VIOLATION (133)

====

5718.dmp = Process: WDDriveService, RapportCerberus64_2004080.sys, TerminalServer, FLTMGR, PAGE_FAULT_IN_NONPAGED_AREA (50), BUGCHECK_CODE: 50

• Unable to load image gzflt.sys
• Unable to load image atc.sys

6125.dmp = Process: System (storport.sys), storport!RaidUnitCompleteRequest+9d9, IRQL_NOT_LESS_OR_EQUAL (a)
10234.dmp = Process: System, (RapportCerberus64_2004080.sys), TerminalServer, Unable to deliver callback, ZwOpenKey should only be called at IRQL = PASSIVE_LEVEL., DRIVER_VERIFIER_DETECTED_VIOLATION (c4)

--------------------------

What do you think?

Thx!

 

[razorofdeath]

I have found in the computer of my client that "RapportCerberus64_2004080.sys" is a driver related with the software called Trusteer's Rapport from IBM Security Trusteer. It's seems to be a bank related security tools.

For what I have found, it's seems to have a compatibility issue with the process called "WDDriveService", a backup software from Western Digital called WD Backup/WD Discovery.

I have uninstalled the Trusteer's Rapport software from his computer. The computer doesn't have the RapportCerberus64 driver anymore.

He will test the stability of his computer this week but I'm pretty sure, Trusteer, was the problem.

I will confirm it later this week.

Thx!

 

[Fix_that_Glitch]

Nice job, you should do some helping on this website