Share via

kernel security check failure

Anonymous
2014-03-06T01:01:38+00:00

Hi there ,

Recently upgrade my desktop with a  Gigabyte motherboard (G1.sniper Z5S) and a I5 3.1ghz

Started getting random crashes. 

I have done a complete reformat of Windows and still getting critical errors 

event view says Kernel-power   event ID 41 Task Category (63) 

here is the xml from event viewer 

Log Name:      System

Source:        Microsoft-Windows-Kernel-Power

Date:          3/6/2014 7:39:15 PM

Event ID:      41

Task Category: (63)

Level:         Critical

Keywords:      (2)

User:          SYSTEM

Computer:      Jason

Description:

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />

    <EventID>41</EventID>

    <Version>3</Version>

    <Level>1</Level>

    <Task>63</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000002</Keywords>

    <TimeCreated SystemTime="2014-03-07T03:39:15.959599900Z" />

    <EventRecordID>1975</EventRecordID>

    <Correlation />

    <Execution ProcessID="4" ThreadID="8" />

    <Channel>System</Channel>

    <Computer>Jason</Computer>

    <Security UserID="S-1-5-18" />

  </System>

  <EventData>

    <Data Name="BugcheckCode">313</Data>

    <Data Name="BugcheckParameter1">0x3</Data>

    <Data Name="BugcheckParameter2">0xfffff802c3de26e0</Data>

    <Data Name="BugcheckParameter3">0xfffff802c3de2638</Data>

    <Data Name="BugcheckParameter4">0x0</Data>

    <Data Name="SleepInProgress">0</Data>

    <Data Name="PowerButtonTimestamp">0</Data>

    <Data Name="BootAppStatus">0</Data>

  </EventData>

</Event>

Any suggestions what could be causing the problem or what to do to correct this ?

Thank you

Windows for home | Previous Windows versions | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2014-03-06T10:59:48+00:00

Thanks, much appreciated!

The attached DMP files are of the KERNEL_SECURITY_CHECK_FAILURE (139) bug check.

This bug check indicates that the kernel has detected the corruption of a critical data structure.

BugCheck 139, {3, fffff802c3de26e0, fffff802c3de2638, 0}

The 1st parameter of the bugcheck is 3 which indicates that a LIST_ENTRY was corrupted. Code 3, LIST_ENTRY corruption. This type of bug check can be difficult to track down and indicates that an inconsistency has been introduced into a doubly-linked list (detected when an individual list entry element is added to or removed from the list).

----------------

1. Uninstall Gigabyte Easy Saver - mobo power utility driver ASAP.

2. If you're still crashing after the above, enable Driver Verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8/8.1, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point

Windows 7 - START | type create | select "Create a Restore Point"

Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"

2. Select - "Select individual settings from a full list"

3. Check the following boxes -

  • Special Pool
  • Pool Tracking
  • Force IRQL Checking
  • Deadlock Detection
  • Security Checks (Windows 7 & 8)
  • DDI compliance checking (Windows 8)
  • Miscellaneous Checks

4. Select  - "Select driver names from a list"

5. Click on the "Provider" tab. This will sort all of the drivers by the provider.

6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.

7. Click on Finish.

8. Restart.

Important information regarding Driver Verifier:

  • If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.
  • After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

  • Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
  • Once in Safe Mode - Start > Search > type "cmd" without the quotes.
  • To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

・    Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

  • Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
  • Once in Safe Mode - Start > type "system restore" without the quotes.
  • Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:

http://support.microsoft.com/kb/244617

Regards,

Patrick

Was this answer helpful?

7 people found this answer helpful.
0 comments

8 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2014-03-06T10:42:50+00:00

    Was this answer helpful?

    0 comments
  2. Anonymous
    2014-03-06T03:29:27+00:00

    Unfortunately, that's not the proper link. See here on how to share the link - http://windows.microsoft.com/en-us/onedrive/share-file-folder

    Regards,

    Patrick

    Was this answer helpful?

    0 comments
  3. Anonymous
    2014-03-06T01:45:30+00:00

    See mini dump here 

    <iframe src="https://onedrive.live.com/embed?cid=0DBB3045CCDD8E3B&resid=DBB3045CCDD8E3B%211932&authkey=ANCUd4Z-dEetpKo" width="98" height="120" frameborder="0" scrolling="no"></iframe>

    Was this answer helpful?

    0 comments
  4. Anonymous
    2014-03-06T01:30:18+00:00

    Hi,

    In order to assist you, we will need the .DMP files to analyze what exactly occurred at the time of the crash, etc.

    If you don't know where .DMP files are located, here's how to get to them:

    1. Navigate to the %systemroot%\Minidump folder.

    2. Copy any and all DMP files in the Minidump folder to your Desktop and then zip up these files.

    3. Upload the zip containing the .DMP files to Onedrive or a hosting site of your choice and paste in your reply. Prefered sites: Onedrive, Mediafire, Dropbox, etc. Nothing with wait-timers.

    4 (optional): The type of .DMP files located in the Minidump folder are known as Small Memory Dumps. In %systemroot% there will be what is known as a Kernel-Dump (if your system is set to generate). It is labeled MEMORY.DMP. The difference between Small Memory Dumps and Kernel-Dumps in the simplest definition is a Kernel-Dump contains much more information at the time of the crash, therefore allowing further debugging of your issue. If your upload speed permits it, and you aren't going against any strict bandwidth and/or usage caps, etc, the Kernel-Dump is the best choice. Do note that Kernel-Dumps are much larger in size due to containing much more info, which is why I mentioned upload speed, etc.

    If you are going to use Onedrive but don't know how to upload to it, please visit the following:

    Upload photos and files to Onedrive.

    Please note that any "cleaner" programs such as TuneUp Utilities, CCleaner, etc, by default will delete .DMP files upon use.

    If your computer is not generating .DMP files, please do the following:

    1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.

    2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.

    3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log'.

    Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.

    4. Double check that the WERS is ENABLED:

    Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.

    If you cannot get into normal mode to do any of this, please do this via Safe Mode.

    Regards,

    Patrick

    Was this answer helpful?

    0 comments