Serious Error.

Lately i've been having really bad computer problems. Windows Explorer crashing, start menu and desk top icons disappearing. At first I thought it was either a virus or a trojan. Did a virus and trojan scan... and I was "clean" Well it seems some friends of mine had the SAME problem as me and didn't know what it was, and had to reformat. I'm thinking this might be a new virus or a trojan.


Well, today I was turning on my computer and tried to get online I left the room for a moment and when I came back in I saw that my computer had restarted on its own. I was like... what the heck.

Then I got this message:

"The system has recovered from a serious error"




The error report contained this:
(the image is at the bottom of my post)







I don't know what to do about this problem. I don't know if this is a new virus or trojan or if something is really wrong with my computer. But I find it weird that my friends had the same problem. I looked in my Event Viewer log, and it said something about corrupt files.

 

Usually, a minidump is also created from the error and that is what prompts Windows Error Reporting to pop up(the above test).

How computer saavy are you?

Try this:

http://majorgeeks.com/vb/showthread.php?t=35246

If you can, post what the debug output says.

Also, post the description of the event ID you saw in the event viewer (double click to open).

We need more info to know what might be happening.

 

theres 3 different descriptions. I don't really feel comfortable with the debugging thing. Don't really understand it. I'm afraid i'm going to mess something up.
About how computer saavy I am:
I'm okay at the computer. I wouldn't condsider myself a beginner, but I wouldn't consider myself the best at it.

 

I dont know enough about zone alarm to know if that will cause Windows Error Reporting to pop up on boot. Maybe someone else can chime in there.

IF you want, you can zip the memory dump you have (should be the same date this happened) and attach it to a post. Someone here might be able to take a look at it.

 

hey adryn..take a look at the SP lvl in the Error Signature in the first image...notice anything odd?

 

I have to edit something in the picture guys. Post them back up in a second.

 

Yeah I see it says 0_0, but in truth, I dont know how to read Windows Error Report popups

However, if Can, if you dont have Sp1, you need to get it. It fixes a problem that cuases the above error to come up.

 

okay...

 

I'm sorry.... but what is Sp1?


Also whats wrong with the: 0_0

 

http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx

 

Also Can, you can also check your event logs (under system) for a source of ssystem error. This is your stop error.

Post the description if you can.

 

Found the system error:

 

Ok, so you had a stop 0x50.

Any other system errors in the list in the system event log?

 

Nope just that one.

 

Ok...Look at the time it ocurred. Make a mental note of it.

Now look at the system event log directly below it. What does it say?

Look in the application event log for logs that happened just before the system error.

Post those as well.

Or do what Halo says. I don't know much about ZA.

 

So... my problem is my firewall?

 

Uninstall it and see

 

It happened at 11:11
Here i'll just show you a screen shot.

 

Well, I was hoping for the descriptions

Check the application log for events happening right around 11:10-11:11, and post their descriptions.

 

Doesn't the lastest version have bugs though?

 

I'm gonna step out. I think I am just confusing things

Sorry. I'm talking to other people at the same time and keep losing my train of thought and making a mess of things here.

 

NO don't leave. You're doing fine.

Sorry that took me awhile to get together

 

information I found referencing that file

http://www.techadvice.com/specs/answer.asp?aid=533

http://www.the-it-mercenary.com/forums/Help/posts/2637.html

 

Thank you Kodo!

I've never had problems like this before. It seems like the majority of the people who are having problems with that file have AOL 9.0. I have AOL 8.0 Plus.
I don't know if that makes a difference though....

 

Can,

If you want, zip and post your minidump file from when this happened. They are named with the date and located in c:\windows\minidump.

Should be only one for this date.

The debug may show what file was responsible.

 

Hi! Thanks for coming back.
Okay, i'll try this.
It wont hurt my computer if I try it right?
Also.. I don't know how to do this

Sorry if i'm frustrating you.

Thanks so much for all the help you've given me.

should I do a search for C:\windows\minidump and open it?

 

Go to that folder, and zip the file.

Then attach it to a post.

I cna look at it, if/when i get a chance.

 

Theres 2 options for zipping it:


Compress to ZIP + Options

Compress to Minidump.zip


Which one should I choose?


Also if I attach the zip file in this post, no one can get personal information out of it right?
That kind of freaks me out.


Also when I zip the file, am I supposed to save it?
Or, is the ZIP file automatically saved?

 

Compress to Minidump.zip

It should save to the same directory that you started the creation process in. So in this case, most likely, C:\windows\minidump.

As for personal info, it shows system uptime, OS version, and thats about it really as far as "personal" info.

 

Dont get the whole folder. Just the file from the date this happened.

 

YAY I did it.

 

Oops I think I gave you the whole foler. But there is only one thing inside of it.
So is that okay?

 

The memory dump confirmed what Kodo mentioned and your screenshots show.

I'm not gonna bother posting the full debug results, unless you really want me to.

Probably caused by : ATWPKT2.SYS


AOL done caused your problem:



Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\v-1jersc\Desktop\Mini062404-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 UP Free x86 compatible
Product: WinNt
Built by: 2600.xpclnt_qfe.021108-2107
Kernel base = 0x804d0000 PsLoadedModuleList = 0x8053e0a8
Debug session time: Thu Jun 24 11:10:10 2004
System Uptime: 0 days 0:02:24.578
Loading Kernel Symbols
..................................................................................................................
Loading unloaded module list
....................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {ff9180fc, 0, 80594931, 0}


Could not read faulting driver name
Unable to load image ATWPKT2.SYS, Win32 error 2
*** WARNING: Unable to verify timestamp for ATWPKT2.SYS
*** ERROR: Module load completed but symbols could not be loaded for ATWPKT2.SYS
Probably caused by : ATWPKT2.SYS ( ATWPKT2+bb7 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ff9180fc, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 80594931, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: ff9180fc

FAULTING_IP:
nt!ObpCaptureObjectName+7f
80594931 8b08 mov ecx,[eax]

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

LAST_CONTROL_TRANSFER: from 80594b05 to 80594931

TRAP_FRAME: f6a54928 -- (.trap fffffffff6a54928)
ErrCode = 00000000
eax=ff9180fc ebx=80d18834 ecx=00000000 edx=00000000 esi=00000000 edi=f6a54a64
eip=80594931 esp=f6a5499c ebp=f6a549e0 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!ObpCaptureObjectName+0x7f:
80594931 8b08 mov ecx,[eax] ds:0023:ff9180fc=????????
Resetting default scope

STACK_TEXT:
f6a549e0 80594b05 00000000 ff9180fc f6a54a64 nt!ObpCaptureObjectName+0x7f
f6a54a34 8058fa40 80eb5248 00000000 00000000 nt!ObpCaptureObjectCreateInformation+0x135
f6a54a78 80598643 f6a54b70 80eb5248 00000000 nt!ObOpenObjectByName+0x60
f6a54ad0 80528421 f6a54b90 00010000 f6a54b70 nt!NtOpenSymbolicLinkObject+0x73
f6a54ad0 804f419d f6a54b90 00010000 f6a54b70 nt!KiSystemService+0xc4
f6a54b54 8054c924 f6a54b90 00010000 f6a54b70 nt!ZwOpenSymbolicLinkObject+0x11
f6a54b88 fc7f1bb7 ff9180fc 006e006c 80d21b88 nt!IoDeleteSymbolicLink+0x3a
WARNING: Stack unwind information not available. Following frames may be wrong.
f6a54bc4 fc7f1c92 f6a54be0 f6a54bd8 00000000 ATWPKT2+0xbb7
f6a54bf4 fc7f1f34 80dfbcf8 8058fd6a 80d18700 ATWPKT2+0xc92
f6a54c34 804e6185 80d18338 ffb328e8 8069d43c ATWPKT2+0xf34
f6a54c44 8055687c 80d1e750 023fe534 ffb328e8 nt!IopfCallDriver+0x31
f6a54c58 805575a7 80d18338 ffb328e8 80d1e750 nt!IopSynchronousServiceTail+0x5e
f6a54d00 80550468 000001d8 00000000 00000000 nt!IopXxxControlFile+0x5a5
f6a54d34 80528421 000001d8 00000000 00000000 nt!NtDeviceIoControlFile+0x28
f6a54d34 7ffe0304 000001d8 00000000 00000000 nt!KiSystemService+0xc4
03aef3e4 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4


FOLLOWUP_IP:
ATWPKT2+bb7
fc7f1bb7 ?? ???

SYMBOL_STACK_INDEX: 7

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: ATWPKT2+bb7

MODULE_NAME: ATWPKT2

IMAGE_NAME: ATWPKT2.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 3e5fa379

STACK_COMMAND: .trap fffffffff6a54928 ; kb

BUCKET_ID: 0x50_ATWPKT2+bb7

Followup: MachineOwner
---------

 

Thank you so much for taking the time to look at my zip file.

AOL is ruining my computer.

...great.


What exactly should I do about this?

 

Well, if you must use AOL, I would try reinstalling it as your first step.