S
sometimesIloveazure
Good Morning Everyone,
I am looking for some help here.
I have posted the bug check analysis below.
DSAPI.exe is Dell support assist to my understanding and I have removed this from the computer.
The other things I have noticed are:
The C: is staying at 100% " Active time " but the disk transfer rate is very very low
The HDD starts spinning up and then stops this happens continuously until I put the computer into sleep mode. When I take the computer out of sleep
mode the hard disk drive does not make the noises but the PC is still quite slow.
Checked power options
The HDD has been replaced approximately 6 months ago
I ran a disk check last night on the C:\ and it found no errors but after the check finished the computer hanged and I had to hard restart
I have ran HDD testing software which does not show any errors ( Can[t remember the names of the software )
I have a 2TB drive and 250 GB free of space this is also the drive that windows is installed on
I have Norton installed and ran scans which does not pick up on any viruses
Created a new user profile
Disabled AV
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Removed\OneDrive\Desktop\010421-65953-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`1e000000 PsLoadedModuleList = 0xfffff802`1ec2a2b0
Debug session time: Mon Jan 4 16:51:26.179 2021 (UTC + 8:00)
System Uptime: 1 days 4:08:54.870
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
..............................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`1e3f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff840e`4200d4f0=0000000000000139
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff840e4200d810, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff840e4200d768, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5843
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-6P699JR
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 34886
Key : Analysis.Memory.CommitPeak.Mb
Value: 86
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffff840e4200d810
BUGCHECK_P3: ffff840e4200d768
BUGCHECK_P4: 0
TRAP_FRAME: ffff840e4200d810 -- (.trap 0xffff840e4200d810)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff8880f3f27d80 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffd20eacb68158 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8021e2651f3 rsp=ffff840e4200d9a0 rbp=ffff8880f3f20180
r8=0000000000000000 r9=00000027e3ddbd4c r10=0000fffff8021e36
r11=ffff840e4200da38 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KiCommitThreadWait+0x5c3:
fffff802`1e2651f3 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff840e4200d768 -- (.exr 0xffff840e4200d768)
ExceptionAddress: fffff8021e2651f3 (nt!KiCommitThreadWait+0x00000000000005c3)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: DSAPI.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffff840e`4200d4e8 fffff802`1e407769 : 00000000`00000139 00000000`00000003 ffff840e`4200d810 ffff840e`4200d768 : nt!KeBugCheckEx
ffff840e`4200d4f0 fffff802`1e407b90 : ffff8880`00000000 00000000`00000000 ffff7879`83000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
ffff840e`4200d630 fffff802`1e405f23 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffff840e`4200d810 fffff802`1e2651f3 : ffff840e`4200da40 fffff802`1e278387 000000eb`f0f9b331 00000000`00989680 : nt!KiRaiseSecurityCheckFailure+0x323
ffff840e`4200d9a0 fffff802`1e2296d2 : 00000000`00000000 00000000`00000000 ffffd20e`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x5c3
ffff840e`4200da40 fffff802`1e5edd7f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000002 : nt!KeDelayExecutionThread+0x122
ffff840e`4200dad0 fffff802`1e4071b8 : 00000000`00000000 00000000`00000001 ffffffff`fffe7960 ffff840e`4200db80 : nt!NtDelayExecution+0x5f
ffff840e`4200db00 00007ff9`162ac634 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000dc`40e7f468 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`162ac634
SYMBOL_NAME: nt!KiCommitThreadWait+5c3
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.685
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 5c3
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiCommitThreadWait
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {369b7001-cfef-011b-6243-985c04f34d42}
Followup: MachineOwner
Continue reading...
I am looking for some help here.
I have posted the bug check analysis below.
DSAPI.exe is Dell support assist to my understanding and I have removed this from the computer.
The other things I have noticed are:
The C: is staying at 100% " Active time " but the disk transfer rate is very very low
The HDD starts spinning up and then stops this happens continuously until I put the computer into sleep mode. When I take the computer out of sleep
mode the hard disk drive does not make the noises but the PC is still quite slow.
Checked power options
The HDD has been replaced approximately 6 months ago
I ran a disk check last night on the C:\ and it found no errors but after the check finished the computer hanged and I had to hard restart
I have ran HDD testing software which does not show any errors ( Can[t remember the names of the software )
I have a 2TB drive and 250 GB free of space this is also the drive that windows is installed on
I have Norton installed and ran scans which does not pick up on any viruses
Created a new user profile
Disabled AV
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Removed\OneDrive\Desktop\010421-65953-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`1e000000 PsLoadedModuleList = 0xfffff802`1ec2a2b0
Debug session time: Mon Jan 4 16:51:26.179 2021 (UTC + 8:00)
System Uptime: 1 days 4:08:54.870
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
..............................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`1e3f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff840e`4200d4f0=0000000000000139
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff840e4200d810, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff840e4200d768, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5843
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-6P699JR
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 34886
Key : Analysis.Memory.CommitPeak.Mb
Value: 86
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffff840e4200d810
BUGCHECK_P3: ffff840e4200d768
BUGCHECK_P4: 0
TRAP_FRAME: ffff840e4200d810 -- (.trap 0xffff840e4200d810)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff8880f3f27d80 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffd20eacb68158 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8021e2651f3 rsp=ffff840e4200d9a0 rbp=ffff8880f3f20180
r8=0000000000000000 r9=00000027e3ddbd4c r10=0000fffff8021e36
r11=ffff840e4200da38 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KiCommitThreadWait+0x5c3:
fffff802`1e2651f3 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff840e4200d768 -- (.exr 0xffff840e4200d768)
ExceptionAddress: fffff8021e2651f3 (nt!KiCommitThreadWait+0x00000000000005c3)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: DSAPI.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffff840e`4200d4e8 fffff802`1e407769 : 00000000`00000139 00000000`00000003 ffff840e`4200d810 ffff840e`4200d768 : nt!KeBugCheckEx
ffff840e`4200d4f0 fffff802`1e407b90 : ffff8880`00000000 00000000`00000000 ffff7879`83000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
ffff840e`4200d630 fffff802`1e405f23 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffff840e`4200d810 fffff802`1e2651f3 : ffff840e`4200da40 fffff802`1e278387 000000eb`f0f9b331 00000000`00989680 : nt!KiRaiseSecurityCheckFailure+0x323
ffff840e`4200d9a0 fffff802`1e2296d2 : 00000000`00000000 00000000`00000000 ffffd20e`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x5c3
ffff840e`4200da40 fffff802`1e5edd7f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000002 : nt!KeDelayExecutionThread+0x122
ffff840e`4200dad0 fffff802`1e4071b8 : 00000000`00000000 00000000`00000001 ffffffff`fffe7960 ffff840e`4200db80 : nt!NtDelayExecution+0x5f
ffff840e`4200db00 00007ff9`162ac634 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000dc`40e7f468 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`162ac634
SYMBOL_NAME: nt!KiCommitThreadWait+5c3
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.685
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 5c3
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiCommitThreadWait
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {369b7001-cfef-011b-6243-985c04f34d42}
Followup: MachineOwner
Continue reading...