(*4*) (*3*) Good Morning Everyone,
I’m in search of some lend a hand right here.
I’ve posted the worm test research underneath.
DSAPI.exe is Dell reinforce lend a hand to my working out and I’ve got rid of this from the pc.
The different issues I’ve spotted are:
The C: is staying at 100% ” Active time ” however the disk switch fee could be very very low
The HDD begins spinning up after which stops this occurs frequently till I put the pc into sleep mode. When I take the pc out of sleep
mode the laborious disk pressure does now not make the noises however the PC continues to be fairly gradual.
Checked energy choices
The HDD has been changed roughly 6 months in the past
I ran a disk test remaining evening at the C: and it discovered no mistakes however after the test completed the pc hanged and I needed to laborious restart
I’ve ran HDD checking out instrument which doesn’t display any mistakes Can(*1*)
Mini Kernel Dump File: Only registers and stack hint are to be had
Symbol seek trail is: srv*
(*6*) seek trail is:
Windows 10 Kernel Version 19041 MP 8 procs Free x64
Product: WinNt, suite: TerminalServer UnmarriedUserTS
Edition construct lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`1e000000 PsLoadedModuleList = 0xfffff802`1ec2a2b0
Debug consultation time: Mon Jan 4 16:51:26.179 2021 UTC + 8:00
System Uptime: 1 days 4:08:54.870
Loading Kernel Symbols
………………………………………………………
……………………………………………………….
……………………………………………………….
……………………………
Loading User Symbols
Loading unloaded module checklist
……………………………………….
For research of this report, run !analyze -v
nt!KeBugCheckEx:
fffff802`1e3f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff840e`4200d4f0=0000000000000139
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE 139
A kernel element has corrupted a essential information construction. The corruption
may just doubtlessly permit a malicious consumer to achieve keep watch over of this device.
(*12*):
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted i.e. double take away.
Arg2: ffff840e4200d810, Address of the lure body for the exception that led to the bugcheck
Arg3: ffff840e4200d768, Address of the exception document for the exception that led to the bugcheck
Arg4: 0000000000000000, Reserved
(*10*) Details:
——————
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5843
Key : Analysis.DebugAnalysisSupplier.CPP
Value: Create: 8007007e on DESKTOP-6P699JR
Key : Analysis.DebugInformation
Value: CreateObject
Key : Analysis.DebugStyle
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 34886
Key : Analysis.Memory.CommitPeak.Mb
Value: 86
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.(*8*)
Value: 2021-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffff840e4200d810
BUGCHECK_P3: ffff840e4200d768
BUGCHECK_P4: 0
TRAP_FRAME: ffff840e4200d810 — .lure 0xffff840e4200d810
NOTE: The lure body does now not include all registers.
Some sign up values could also be zeroed or wrong.
rax=ffff8880f3f27d80 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffd20eacb68158 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8021e2651f3 rsp=ffff840e4200d9a0 rbp=ffff8880f3f20180
r8=0000000000000000 r9=00000027e3ddbd4c r10=0000fffff8021e36
r11=ffff840e4200da38 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KiCommitThreadWait+0x5c3:
fffff802`1e2651f3 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff840e4200d768 — .exr 0xffff840e4200d768
ExceptionAddress: fffff8021e2651f3 nt!KiCommitThreadWait+0x00000000000005c3
ExceptionCode: c0000409 Security test failure or stack buffer overrun
ExceptionFlags: 00000001
QuantityParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 !blackboxbsd
BLACKBOXNTFS: 1 !blackboxntfs
BLACKBOXPNP: 1 !blackboxpnp
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: DSAPI.exe
ERROR_CODE: NTSTATUS 0xc0000409 – The system detected an overrun of a stack-primarily based buffer on this application. This overrun may just doubtlessly permit a malicious consumer to achieve keep watch over of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffff840e`4200d4e8 fffff802`1e407769 : 00000000`00000139 00000000`00000003 ffff840e`4200d810 ffff840e`4200d768 : nt!KeBugCheckEx
ffff840e`4200d4f0 fffff802`1e407b90 : ffff8880`00000000 00000000`00000000 ffff7879`83000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
ffff840e`4200d630 fffff802`1e405f23 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffff840e`4200d810 fffff802`1e2651f3 : ffff840e`4200da40 fffff802`1e278387 000000eb`f0f9b331 00000000`00989680 : nt!KiRaiseSecurityCheckFailure+0x323
ffff840e`4200d9a0 fffff802`1e2296d2 : 00000000`00000000 00000000`00000000 ffffd20e`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x5c3
ffff840e`4200da40 fffff802`1e5edd7f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000002 : nt!KeDelayExecutionThread+0x122
ffff840e`4200dad0 fffff802`1e4071b8 : 00000000`00000000 00000000`00000001 ffffffff`fffe7960 ffff840e`4200db80 : nt!NtDelayExecution+0x5f
ffff840e`4200db00 00007ff9`162ac634 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000dc`40e7f468 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`162ac634
SYMBOL_NAME: nt!KiCommitThreadWait+5c3
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.685
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 5c3
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiCommitThreadWait
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {369b7001-cfef-011b-6243-985c04f34d42}
Followup: MachineProprietor
🙂