Windows has recovered from a serious error

By knight1fox3 ยท 9 replies
Sep 28, 2009
  1. Hello,

    I help with the maintenance on a friend's PC to keep it free of viruses and spyware. Upon running Spybot Search & Destroy (v 1.6.2), it gets about 25% complete and the system crashes and automatically reboots. Upon reboot, a windows message pops up indicating the system has recovered from a serious error. I did some research on this message and common causes. I found that often the error can be pin-pointed by looking that the windows dmp file. This particular fault is definitely repeatable and each dmp file looks the same so I am certain the information in the dmp file is fairly accurate. The system specs are as follows:

    Windows XP (32-bit) SP3
    AMD Athlon XP 2.2GHz
    ASUS A7N8X mobo
    2 GB of DDR400 Corsair RAM
    ATI Rage vid card (don't know the model off hand)

    I have all the latest drivers installed including the mobo BIOS. All windows updates have been done as well. Attached is the information I extracted from the dmp file using windows debugger. According to the info, the root cause seems to be the "ntoskrnl.exe" file. I would like to get some feedback from anyone on if I am interpreting the dmp file info correctly. Also, does this error point to potential hardware (mainly memory) failure? I have not tried re-seating components and cleaning the dust out. I have known this to help in some cases. Any additional feedback on this issue would be greatly appreciated. Let me know if I need to provide any additional information. Thanks in advance!

    Attached Files:

  2. almcneil

    almcneil TS Guru Posts: 1,277

    Your friend's computer either has file system corruption or Windows system corruption. I'd run a file system check first. If that doens't solve the problem then a Windows Repair.

    To run a file system check, My Computer -> Lock Disk (right-click) -> Properties -> Tools -> Error Checking -> Check Now -> (select both options/checkboxes) -> Start -> (restart computer)

    Repost with results.

    -- Andy
  3. knight1fox3

    knight1fox3 TS Rookie Topic Starter

    Thanks for the quick response Andy. I will run the file system check and report back with the results as soon as I can.
  4. knight1fox3

    knight1fox3 TS Rookie Topic Starter

    Ok I ran the system file checker. I believe the log file was then stored in the root directory of C:\ (called bootex.txt). Are these the results you wanted to see? See below for the contents of bootex.txt:

    Checking file system on C:
    The type of the file system is NTFS.

    A disk check has been scheduled.
    Windows will now check the disk.
    Cleaning up minor inconsistencies on the drive.
    Cleaning up 236 unused index entries from index $SII of file 0x9.
    Cleaning up 236 unused index entries from index $SDH of file 0x9.
    Cleaning up 236 unused security descriptors.
    CHKDSK is verifying file data (stage 4 of 5)...
    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
    Free space verification is complete.

    199141708 KB total disk space.
    34133428 KB in 62912 files.
    21456 KB in 5224 indexes.
    0 KB in bad sectors.
    142176 KB in use by the system.
    65536 KB occupied by the log file.
    164844648 KB available on disk.

    4096 bytes in each allocation unit.
    49785427 total allocation units on disk.
    41211162 allocation units available on disk.

    Internal Info:
    10 0d 01 00 33 0a 01 00 27 6b 01 00 00 00 00 00 ....3...'k......
    eb 1f 00 00 02 00 00 00 1a 08 00 00 00 00 00 00 ................
    72 9c c2 01 00 00 00 00 00 ae 4c 2d 00 00 00 00 r.........L-....
    7c 63 40 08 00 00 00 00 0e 07 d2 d4 02 00 00 00 |c@.............
    c6 87 ad ed 07 00 00 00 6e 60 cb 00 0b 00 00 00 ........n`......
    99 9e 36 00 00 00 00 00 90 38 07 00 c0 f5 00 00 ..6......8......
    00 00 00 00 00 d0 56 23 08 00 00 00 68 14 00 00 ......V#....h...

    Windows has finished checking your disk.
    Please wait while your computer restarts.
  5. almcneil

    almcneil TS Guru Posts: 1,277

    OK, try running Spybot again and see if it crashes.

    -- Andy
  6. knight1fox3

    knight1fox3 TS Rookie Topic Starter

    Crashed again about 25% through the Spybot scan. I've attached the dmp file. I believe this one indicates a driver fault but it doesn't say where. Any additional thoughts on this? Thanks again.
  7. almcneil

    almcneil TS Guru Posts: 1,277

    After revewiing everything we've done so far, a Windows Repair is the next logical step.

    Repost if you need help initiating a Windows Repair.

    -- Andy
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    If you still need help, you may be able to locate an Error in the Event Viewer that corresponds to the time of the 'serious error' message. That will give us additional information to troubleshoot.

    I suggest you hold off on a reformat or reinstall and do this first:

    Start> Run> type in eventvwr

    Do this on each the System and the Applications logs:
    [1]. Click to open the log>
    [2]. Look for the Error>
    [3] .Right click on the Error> Properties>
    [4]. Click on Copy button, top right, below the down arrow >
    [5]. Paste here (Ctrl V)
    • You can ignore Warnings and Information Events.
    • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
    • You don't need to include the lines of code in the box below the Description, if any.
    • Please do not copy the entire Event log.

    Errors are time coded. Check the computer clock on message.

    I don't do dump files and it doesn't sound like Andy opened them either. The Error in the Event Viewer should point to the driver.
  9. knight1fox3

    knight1fox3 TS Rookie Topic Starter

    Hi Bobbye,

    Thanks for the reply. Consequently, I tried Andy's suggestion above on doing a windows repair. That seemed to make things worse to the point where I could not even boot. I was able to return the system to the "Last Known Good Config" and from there I ran a system restore. Things are back to normal now and I am able to boot normally. However, the system crash still persists. I just tried running Spybot again and sure enough, windows crashed and the system rebooted itself. As you requested, below are the two errors in the System log. No relevant errors were reported in the Applications log. There were multiple instances of each error shown below, so I only pasted the results once for each.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7023
    Date: 10/4/2009
    Time: 6:01:13 PM
    User: N/A
    Computer: SERENITY
    The description for Event ID ( 7023 ) in Source ( Service Control Manager ) cannot be found.
    The local computer may not have the necessary registry information or message DLL files to
    display messages from a remote computer. You may be able to use the /AUXSOURCE= flag
    to retrieve this description; see Help and Support for details. The following information is part
    of the event: IPSEC Services, The specified module could not be found.

    Event Type: Error
    Event Source: Rasman
    Event Category: None
    Event ID: 20063
    Date: 10/4/2009
    Time: 6:01:24 PM
    User: N/A
    Computer: SERENITY
    Remote Access Connection Manager failed to start because the Point to Point Protocol failed
    to initialize. The specified module could not be found.

    For more information, see Help and Support Center at "h t t p : / / g o . m i c r o s o f t . c o m / f w l i n k / e v e n t s .a s p".
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Regarding Error Event ID 20006, Source: Rasman> Please see this:

    The fix calls for a Registry Edit. Before you do this, you should back up the Registry.
    Manual steps to back up the registry in Windows XP:
    Then proceed with the regedit as outlined by Symantec.

    I don't usually work with dump files, but since yours weren't checked I took a look- I also note you have posted this in the Spybot forum but at this time, with no reply.

    For the dump entries:
    See Post #2 for description and explanation of KiFindReadyThread

    This appears in the dump files: KiFindReadyThread- note there is a similar but different entry KiReadyThread

    And this KiChainedDispatch2ndLvl+39appears in relation to avgrsx.exe>> this is the AVG Resident Shield.

    I could probably copy and paste all day to impress you with my vast knowledge about this-but-there is no vast knowledge of this in MY head. It is also apparent that no one else is opening your dump files and reading them.

    Something is happening to cause interrupts:

    Rather than confuse you further, I will hope someone in the Spybot forum will interpret these for you and guide you to a resolution.

    My advice would be to do nothing further until you find what's happening and what options you have for the resolution. Sorry I can't do more.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...