kernel_security_check_failure
I just recently updated my operating system to Windows 10 and I've been having kernel_security_check_failure on more and more occasions. I've run my Webroot security software with no errors detected. Could someone let me know what I could do
about this? I have an HP desktop with AMD Phenom II X4 810 processor 2.60GHz, 8.0 GB RAM, 64 bit operating system. When I got the windows 10 upgrade invite, it said my system was compatible. Please advise. I am not as up on some of
the lingo from the other bogged entries so I'll need some additional direction on what to do. Thanks.
Joanna
September 13th, 2015 4:28pm
We do need the actual log files (called a DMP files) as they contain the only record of the sequence of events leading up to the crash, what drivers
were loaded, and what was responsible.
Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
If you have any questions about the procedure please ask
September 13th, 2015 5:12pm
Thanks for the info on how to upload the files. Here's the link to the files on onedrive. https://onedrive.live.com/redir?resid=CA67F1D87D614CB1!132&authkey=!AGypGIMzzV7--kg&ithint=folder%2c
September 13th, 2015 7:52pm
Related to athur.sys CB42/CB43/MB42/MB43 Network Adapter from Atheros Communications, Inc. Yours is from 2010
Completely remove the current driver and install the newest driver available. For instructions on how to do that Read all about updating drivers by my partner JMH3143 here http://answers.microsoft.com/en-us/windows/wiki/windows_other-hardware/updating-a-driver/a5e6345e-af9b-4099-bef0-8d22254aa1c1?tm=1436753520149
Microsoft (R) Windows Debugger Version 10.0.10240.9 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\zigza\Desktop\091315-29937-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
Windows 10 Kernel Version 10240 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 10240.16431.amd64fre.th1.150810-2333
Machine Name:
Kernel base = 0xfffff803`b5613000 PsLoadedModuleList = 0xfffff803`b5938030
Debug session time: Sun Sep 13 15:43:49.187 2015 (UTC - 4:00)
System Uptime: 1 days 18:32:47.987
Loading Kernel Symbols
...............................................................
................................................................
................................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, ffffd000f237d6f0, ffffd000f237d648, 0}
*** WARNING: Unable to verify timestamp for athurx.sys
*** ERROR: Module load completed but symbols could not be loaded for athurx.sys
Probably caused by : athurx.sys ( athurx+5f01 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd000f237d6f0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd000f237d648, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
SYSTEM_SKU: NY549AA#ABA
BIOS_DATE: 09/11/2009
BASEBOARD_PRODUCT: ALOE
BASEBOARD_VERSION: 1.01
BUGCHECK_P1: 3
BUGCHECK_P2: ffffd000f237d6f0
BUGCHECK_P3: ffffd000f237d648
BUGCHECK_P4: 0
TRAP_FRAME: ffffd000f237d6f0 -- (.trap 0xffffd000f237d6f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe001e1c3770c rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe001e1c34ca4 rsi=0000000000000000 rdi=0000000000000000
rip=fffff803b57c6974 rsp=ffffd000f237d880 rbp=0000000000000000
r8=ffffe001e174ec80 r9=ffffe001e1ba81a0 r10=ffffe001e173c880
r11=ffffe001dfc2b670 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt! ?? ::FNODOBFM::`string'+0x57074:
fffff803`b57c6974 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd000f237d648 -- (.exr 0xffffd000f237d648)
ExceptionAddress: fffff803b57c6974 (nt! ?? ::FNODOBFM::`string'+0x0000000000057074)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CPU_COUNT: 4
CPU_MHZ: a28
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: 4
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 10.0.10240.9 amd64fre
LAST_CONTROL_TRANSFER: from fffff803b576b6a9 to fffff803b5760d00
STACK_TEXT:
ffffd000`f237d3c8 fffff803`b576b6a9 : 00000000`00000139 00000000`00000003 ffffd000`f237d6f0 ffffd000`f237d648 : nt!KeBugCheckEx
ffffd000`f237d3d0 fffff803`b576b9d0 : 00000000`ffffffff 00000000`00000000 ffffe001`e4906180 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`f237d510 fffff803`b576abf4 : ffffe001`df76a860 ffffe001`df76a860 ffff1334`8288d8cc ffffe001`de87efd0 : nt!KiFastFailDispatch+0xd0
ffffd000`f237d6f0 fffff803`b57c6974 : 00000000`00000000 ffffe001`e1836050 ffffd000`f237d902 fffff803`b561a282 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`f237d880 fffff801`faad5f01 : ffffe001`e1ce6c10 ffffd000`f237dad9 ffffe001`dfc82710 ffffe001`e1ba81a0 : nt! ?? ::FNODOBFM::`string'+0x57074
ffffd000`f237d8c0 ffffe001`e1ce6c10 : ffffd000`f237dad9 ffffe001`dfc82710 ffffe001`e1ba81a0 ffffd000`f237d9c0 : athurx+0x5f01
ffffd000`f237d8c8 ffffd000`f237dad9 : ffffe001`dfc82710 ffffe001`e1ba81a0 ffffd000`f237d9c0 fffff801`faafa24f : 0xffffe001`e1ce6c10
ffffd000`f237d8d0 ffffe001`dfc82710 : ffffe001`e1ba81a0 ffffd000`f237d9c0 fffff801`faafa24f ffffe001`e173c030 : 0xffffd000`f237dad9
ffffd000`f237d8d8 ffffe001`e1ba81a0 : ffffd000`f237d9c0 fffff801`faafa24f ffffe001`e173c030 ffffe001`e1c34ca4 : 0xffffe001`dfc82710
ffffd000`f237d8e0 ffffd000`f237d9c0 : fffff801`faafa24f ffffe001`e173c030 ffffe001`e1c34ca4 00000000`00000000 : 0xffffe001`e1ba81a0
ffffd000`f237d8e8 fffff801`faafa24f : ffffe001`e173c030 ffffe001`e1c34ca4 00000000`00000000 00000000`00000006 : 0xffffd000`f237d9c0
ffffd000`f237d8f0 ffffe001`e173c030 : ffffe001`e1c34ca4 00000000`00000000 00000000`00000006 00000000`00000000 : athurx+0x2a24f
ffffd000`f237d8f8 ffffe001`e1c34ca4 : 00000000`00000000 00000000`00000006 00000000`00000000 ffffe001`e1c34ca4 : 0xffffe001`e173c030
ffffd000`f237d900 00000000`00000000 : 00000000`00000006 00000000`00000000 ffffe001`e1c34ca4 ffffe001`e173c030 : 0xffffe001`e1c34ca4
STACK_COMMAND: kb
FOLLOWUP_IP:
athurx+5f01
fffff801`faad5f01 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: athurx+5f01
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: athurx
IMAGE_NAME: athurx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4cb2d4a1
BUCKET_ID_FUNC_OFFSET: 5f01
FAILURE_BUCKET_ID: 0x139_3_athurx!Unknown_Function
BUCKET_ID: 0x139_3_athurx!Unknown_Function
PRIMARY_PROBLEM_CLASS: 0x139_3_athurx!Unknown_Function
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_athurx!unknown_function
FAILURE_ID_HASH: {1bcf285a-83ad-d79b-05a0-c5605adf91ac}
Followup: MachineOwner
---------
3: kd> lmvm athurx
Browse full module list
start end module name
fffff801`faad0000 fffff801`facad000 athurx T (no symbols)
Loaded symbol image file: athurx.sys
Image path: \SystemRoot\System32\drivers\athurx.sys
Image name: athurx.sys
Browse all global symbols functions data
Timestamp: Mon Oct 11 05:10:57 2010 (4CB2D4A1)
CheckSum: 001D77E1
ImageSize: 001DD000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
September 13th, 2015 8:07pm
Thanks for the information but I'm not finding anything for this driver. I'm assuming it's only the athur.sys
that you listed. I went to your friend's website and it linked to an official and unofficial website which both were unhelpful as it didn't have clear information about the names of the drivers. I'm at a loss. The unofficial website didn't
seem to have patches for Windows 10 for those drivers that were listed which weren't many. I have no idea if mine is part of that list as I can't find any alternate name for the driver. Can I uninstall Windows 10? This ultimately is the reason
for my issue. I'm also having problems at my small business with slow internet connections on all our computers since installing Windows 10. I'm assuming it has something to do with my wireless connections not be compatible. Thanks for any additional
guidance.
September 14th, 2015 10:14am
I would use the Ahteros site. https://www.atheros.cz/
You can install a previous driver in compatibility mode
To install in compatibility mode do the following:
Right click the installer>properties>compatibility>choose OS
http://windows.microsoft.com/en-US/windows-vista/Make-older-programs-run-in-this-version-of-Windows?SignedIn=1
(works in win 7, win 8, and win 10)
Your wireless adapters are fine. It is a simple driver issues and while you can revert back to your previous OS it is NOT RECOMMENDED because far too many things can go wrong if you do
Reverting is not recommended as there are too many possibilities for problems
Reverting can only be done if you installed within the last 30 days (if you created a new user it must be removed before you revert)
To revert go to all settings>update & security>recovery>roll back to a previous OS
This will only work if the windows.old folder is present. If it is not you will have to re-install.
September 14th, 2015 10:19am
Thanks. I assumed there might be issues if I tried to uninstall. I'm still at a loss as to which link to click on the website you listed as I don't know which one is mine. I don't know where to look to see if mine is the AR1111 vs something
else. How can I look at my current driver to see it's alternative name that will match one of those links on the website?
September 14th, 2015 10:40am
If you go into device manager (win key +"X">device manager) and expand the network connections you will see something like the snip below. That should tell you what you have.
September 14th, 2015 10:46am
I've been searching there but my network adapter only says Qualcomm Atheros 802.11 a/b/g/n Dualband Wireless Network Module unlike yours stating the AR9285. I've tried looking at properties to see if I can find some sort of additional information.
Let me know if you have any other suggestions.
I also just realized that I have NETGEAR WNA 100 N150 Wireless USB Adapter. I'm guessing this is the real issue and not the Qualcomm Atheros one. Netgear is what I use for my wireless. Let me know if you agree. I'm going to get the
fix for that adapter presently. Thanks.
-
Edited by
bearpaw7
13 hours 4 minutes ago
September 14th, 2015 12:59pm
Other recent topics
