A kernel mode program generated an exception which the error handler
didn't catch. These are nearly always hardware compatibility issues
(which sometimes means a driver issue or a need for a BIOS upgrade). http://aumha.org/a/stop.htm
Has there been any use of remote control software to maintain, update or
service this computer. Is the laptop used for work as well as pleasure?
What is your Windows XP CD as it is described on the face of the CD?
What is your computer make and model? How old is it?
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Dominiccoombe wrote:
> this is the latest dump anaalysis to go with the event viewer
>
>
> Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
> Copyright (c) Microsoft Corporation. All rights reserved.
>
>
> Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
> Mini Kernel Dump File: Only registers and stack trace are available
>
> Symbol search path is:
> srv*c:\symbols*http://msdl.microsoft.com/download/symbols
> Executable search path is: c:\windows\i386
> Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
> compatible
> Product: WinNt, suite: TerminalServer SingleUserTS
> Built by: 2600.xpsp_sp2_gdr.070227-2254
> Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
> Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
> System Uptime: 0 days 7:58:40.554
> Loading Kernel Symbols
> ..........................................................................................................................................
> Loading User Symbols
> Loading unloaded module list
> ...............
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}
>
>
>
> Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )
>
> Followup: MachineOwner
> ---------
>
> 0: kd> !analyze -v
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
> This is a very common bugcheck. Usually the exception address
> pinpoints
> the driver/function that caused the problem. Always note this address
> as well as the link date of the driver/image that contains this
> address.
> Some common problems are exception code 0x80000003. This means a hard
> coded breakpoint or assertion was hit, but this system was booted
> /NODEBUG. This is not supposed to happen as developers should never
> have hardcoded breakpoints in retail code, but ...
> If this happens, make sure a debugger gets connected, and the
> system is booted /DEBUG. This will let us see why this breakpoint is
> happening.
> Arguments:
> Arg1: c0000005, The exception code that was not handled
> Arg2: 80550320, The address that the exception occurred at
> Arg3: a467aae8, Trap Frame
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
>
>
>
> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> referenced memory at "0x%08lx". The memory could not be "%s".
>
> FAULTING_IP:
> nt!ExFreePoolWithTag+471
> 80550320 813e80000000 cmp dword ptr [esi],80h
>
> TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
> ErrCode = 00000000
> eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
> edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0 nv
> up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
> gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
> 80550320 813e80000000 cmp dword ptr [esi],80h
> ds:0023:00000024=????????
> Resetting default scope
>
> CUSTOMER_CRASH_COUNT: 1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x8E
>
> PROCESS_NAME: hpqste08.exe
>
> LAST_CONTROL_TRANSFER: from bf802a9b to 80550320
>
> STACK_TEXT:
> a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
> nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
> e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
> e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72 e3b89b20
> e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
> a467abe0 bf84ac19 e3a82430 00000002 a467abfc
> win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
> bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
> 8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
> a467ac14 bf8209f9 00000000 88d5fda8 00000000
> win32k!DestroyProcessesObjects+0x70
> a467ac3c bf819e30 00000001 a467ac64 bf819ef4
> win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8 00000001
> 00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07 88d5fda8
> 00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0 8058c841
> 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
> a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
> a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
> a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
> WARNING: Frame IP not in any known module. Following frames may be
> wrong. 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> win32k!HeavyFreePool+bb
> bf802a9b 5d pop ebp
>
> SYMBOL_STACK_INDEX: 1
>
> SYMBOL_NAME: win32k!HeavyFreePool+bb
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: win32k
>
> IMAGE_NAME: win32k.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6
>
> FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
>
> BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
>
> Followup: MachineOwner
> ---------
>
>
>
> "Dominiccoombe" wrote:
>
>> All,
>>
>> I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
>> HDD
>>
>> reinstalled the latest version of spysweeper.
>>
>> Will see how it goes.
>>
>> Dom
>>
>> in meantime I will check out the malware
>>
>> "Gerry" wrote:
>>
>>> Dominic
>>>
>>> What Warning and Error Reports appear in Event Viewer since it's
>>> removal? Can you please post copies.
>>>
>>> If you have had a malware infestation one holds the door open to let
>>> it's friends in.
>>>
>>> Can you please post a copy of the latest Stop error report.
>>>
>>>
>>> --
>>>
>>>
>>>
>>> Hope this helps.
>>>
>>> Gerry
>>> ~~~~
>>> FCA
>>> Stourport, England
>>> Enquire, plan and execute
>>> ~~~~~~~~~~~~~~~~~~~
>>>
>>>
>>>
>>> Dominiccoombe wrote:
>>>> Gerry,
>>>>
>>>> SSFS0BB8.SYS - does not exist on the machine after the uninstall of
>>>> webroot.
>>>>
>>>>
>>>> I will follow your spyware suggestions after I do the verifier and
>>>> chkdsk /r
>>>>
>>>> Dominic
>>>>
>>>> "Gerry" wrote:
>>>>
>>>>> Dominic
>>>>>
>>>>> Background information on Stop Error message
>>>>> http://msdn2.microsoft.com/en-us/library/ms793989.aspx
>>>>>
>>>>> http://aumha.org/a/stop.htm
>>>>>
>>>>> SSFS0BB8.SYS -This file concerns me as I cannot ascertain what
>>>>> it is but it has often cropped up in HijackThis files where the
>>>>> user is seeking to remove malware.
>>>>>
>>>>> Can you locate the file in Windows Explorer and examine it's
>>>>> properties by right clicking on the file. Instructions on how to
>>>>> Show hidden files are in the next paragraph.
>>>>>
>>>>> Go to Start, Control Panel, Folder Options, View, Advanced
>>>>> Settings and verify that the box before "Show hidden files and
>>>>> folders" is checked and "Hide protected operating system files "
>>>>> is unchecked. You may need to scroll down to see the second item.
>>>>> You should also make certain that the box before "Hide extensions
>>>>> for known file types" is not checked. Next in Windows Explorer
>>>>> make sure View, Details is selected and then select View, Choose
>>>>> Details and check before Name, Type, Total Size, and Free Space.
>>>>>
>>>>>
>>>>> What are your anti-virus and anti-spyware arrangements?
>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>
>>>>> I do not think it is is worth pursuing other avenues of enquiry
>>>>> until the situation regarding malware is clearer.
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>> Hope this helps.
>>>>>
>>>>> Gerry
>>>>> ~~~~
>>>>> FCA
>>>>> Stourport, England
>>>>> Enquire, plan and execute
>>>>> ~~~~~~~~~~~~~~~~~~~
>>>>>
>>>>> Dominiccoombe wrote:
>>>>>> Gerry,
>>>>>>
>>>>>> The last line of the minidump says
>>>>>> "Probably caused by : SSFS0BB8.SYS ( SSFS0BB8+2dd1 )"
>>>>>>
>>>>>> Event Viewer
>>>>>> Date 12/18/07
>>>>>> Event Save Dump
>>>>>> Time 5:05:31
>>>>>> event id 1001
>>>>>>
>>>>>> The computer has rebooted from a bugcheck. The bugcheck was:
>>>>>> 0x0000007a (0x00000003, 0xc0000005, 0x0000005c, 0x00000000). A
>>>>>> dump was saved in: C:\WINDOWS\Minidump\Mini121807-01.dmp.
>>>>>>
>>>>>> For more information, see Help and Support Center at
>>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>>>
>>>>>> Does any of that help??
>>>>>>
>>>>>> dominic
>>>>>>
>>>>>> "Gerry" wrote:
>>>>>>
>>>>>>> Dominic
>>>>>>>
>>>>>>> Something like this:
>>>>>>>
>>>>>>> Stop 0x0000000E (0xc0000005, 0xB84B23E9, 0xB6A7894, 0xB5A786D0)
>>>>>>>
>>>>>>> VETEFILE.SYS Address B84B23E9 Datestamp 468DE154
>>>>>>>
>>>>>>> Examining dump files is a skilled art that few posting here are
>>>>>>> able to undertake. Given your question I doubt you will be able
>>>>>>> to deduce their meaning.
>>>>>>>
>>>>>>> I suggest you also post copies of Reports from Event Viewer.
>>>>>>>
>>>>>>> Please post copies of all Error and Warning Reports appearing in
>>>>>>> the System and Application logs in Event Viewer for the last
>>>>>>> boot. No Information Reports or Duplicates please. Indicate
>>>>>>> which also appear in a previous boot.
>>>>>>>
>>>>>>> You can access Event Viewer by selecting Start, Control Panel,
>>>>>>> Administrative Tools, and Event Viewer. When researching the
>>>>>>> meaning of the error, information regarding Event ID, Source and
>>>>>>> Description are important.
>>>>>>>
>>>>>>> A tip for posting copies of Error Reports! Run Event Viewer and
>>>>>>> double click on the error you want to copy. In the window, which
>>>>>>> appears is a button resembling two pages. Click the button and
>>>>>>> close Event Viewer.Now start your message (email) and do a paste
>>>>>>> into the body of the message. Make sure this is the first paste
>>>>>>> after exiting from Event Viewer.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hope this helps.
>>>>>>>
>>>>>>> Gerry
>>>>>>> ~~~~
>>>>>>> FCA
>>>>>>> Stourport, England
>>>>>>> Enquire, plan and execute
>>>>>>> ~~~~~~~~~~~~~~~~~~~
>>>>>>>
>>>>>>>
>>>>>>> Dominiccoombe wrote:
>>>>>>>> Hi Gerry,
>>>>>>>>
>>>>>>>> Thanks for your reply.
>>>>>>>>
>>>>>>>> Yes I have backed up important files. do that every night but
>>>>>>>> will make an extra copy now.
>>>>>>>>
>>>>>>>> i already have the automatic restart turned off.
>>>>>>>>
>>>>>>>> I am not sure what info you want off the blue screen.
>>>>>>>>
>>>>>>>> The last one I had said:
>>>>>>>> "a process / crucial thread to the system has unexpectedly
>>>>>>>> exited or stopped"
>>>>>>>>
>>>>>>>> Can I find a please to look at the dumps? will they help me?
>>>>>>>>
>>>>>>>> Dominic
>>>>>>>> "Gerry" wrote:
>>>>>>>>
>>>>>>>>> Dominic
>>>>>>>>>
>>>>>>>>> Have you backed up important data files?
>>>>>>>>>
>>>>>>>>> Please post a copy of the Stop Error Report.
>>>>>>>>>
>>>>>>>>> Disable automatic restart on system failure. This should
>>>>>>>>> help by allowing time to write down the STOP code properly.
>>>>>>>>> Right click on the My Computer icon on the Desktop and select
>>>>>>>>> Properties, Advanced, Start-Up and Recovery, System Failure
>>>>>>>>> and uncheck box before Automatically Restart.
>>>>>>>>>
>>>>>>>>> Do not re-enable automatic restart on system failure until you
>>>>>>>>> have resolved the problem. Check for variants of the Stop
>>>>>>>>> Error message.
>>>>>>>>>
>>>>>>>>> An alternative is to keep pressing the F8 key during Start-Up
>>>>>>>>> and select option - Disable automatic restart on system
>>>>>>>>> failure.
>>>>>>>>>
>>>>>>>>> If you are using a wireless keyboard and the F8 key does not
>>>>>>>>> work substitute a wired keyboard and mouse for this exercise
>>>>>>>>> only.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hope this helps.
>>>>>>>>>
>>>>>>>>> Gerry
>>>>>>>>> ~~~~
>>>>>>>>> FCA
>>>>>>>>> Stourport, England
>>>>>>>>> Enquire, plan and execute
>>>>>>>>> ~~~~~~~~~~~~~~~~~~~
>>>>>>>>>
>>>>>>>>> Dominiccoombe wrote:
>>>>>>>>>> hi all,
>>>>>>>>>>
>>>>>>>>>> my xp pro machine has progresses from crashing nearly every
>>>>>>>>>> program and having the odd unexplained reboot to now having
>>>>>>>>>> blue screen crashes.
>>>>>>>>>>
>>>>>>>>>> I look at the blue screen but there is nothing that stands
>>>>>>>>>> out as a problem.
>>>>>>>>>>
>>>>>>>>>> Usually blue screens are either drivers or hardware failure.
>>>>>>>>>>
>>>>>>>>>> Could someone help me through this mess.
>>>>>>>>>>
>>>>>>>>>> thanks
>>>>>>>>>>
>>>>>>>>>> Dominic
asus p5n32-sli se deluxe mobo
Kingston 2 * 1GB ram
WD SATA 250GB HDD
Intel core 2 duo E6600
XFX geforce 6800gt
My windows XP Pro cd is part of the MS Action pack.
This machine is a desktop used at home for mostly office applications.
It is about 1 1/2 years old.
"Gerry" wrote:
> Background information on Stop Error report:
> http://msdn2.microsoft.com/en-us/library/ms794023.aspx
>
> A kernel mode program generated an exception which the error handler
> didn't catch. These are nearly always hardware compatibility issues
> (which sometimes means a driver issue or a need for a BIOS upgrade).
> http://aumha.org/a/stop.htm
>
> Has there been any use of remote control software to maintain, update or
> service this computer. Is the laptop used for work as well as pleasure?
>
> What is your Windows XP CD as it is described on the face of the CD?
>
> What is your computer make and model? How old is it?
>
>
> --
>
>
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
> Dominiccoombe wrote:
> > this is the latest dump anaalysis to go with the event viewer
> >
> >
> > Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
> > Copyright (c) Microsoft Corporation. All rights reserved.
> >
> >
> > Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
> > Mini Kernel Dump File: Only registers and stack trace are available
> >
> > Symbol search path is:
> > srv*c:\symbols*http://msdl.microsoft.com/download/symbols
> > Executable search path is: c:\windows\i386
> > Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
> > compatible
> > Product: WinNt, suite: TerminalServer SingleUserTS
> > Built by: 2600.xpsp_sp2_gdr.070227-2254
> > Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
> > Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
> > System Uptime: 0 days 7:58:40.554
> > Loading Kernel Symbols
> > ..........................................................................................................................................
> > Loading User Symbols
> > Loading unloaded module list
> > ...............
> > *******************************************************************************
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> > *******************************************************************************
> >
> > Use !analyze -v to get detailed debugging information.
> >
> > BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}
> >
> >
> >
> > Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )
> >
> > Followup: MachineOwner
> > ---------
> >
> > 0: kd> !analyze -v
> > *******************************************************************************
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> > *******************************************************************************
> >
> > KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
> > This is a very common bugcheck. Usually the exception address
> > pinpoints
> > the driver/function that caused the problem. Always note this address
> > as well as the link date of the driver/image that contains this
> > address.
> > Some common problems are exception code 0x80000003. This means a hard
> > coded breakpoint or assertion was hit, but this system was booted
> > /NODEBUG. This is not supposed to happen as developers should never
> > have hardcoded breakpoints in retail code, but ...
> > If this happens, make sure a debugger gets connected, and the
> > system is booted /DEBUG. This will let us see why this breakpoint is
> > happening.
> > Arguments:
> > Arg1: c0000005, The exception code that was not handled
> > Arg2: 80550320, The address that the exception occurred at
> > Arg3: a467aae8, Trap Frame
> > Arg4: 00000000
> >
> > Debugging Details:
> > ------------------
> >
> >
> >
> >
> > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> > referenced memory at "0x%08lx". The memory could not be "%s".
> >
> > FAULTING_IP:
> > nt!ExFreePoolWithTag+471
> > 80550320 813e80000000 cmp dword ptr [esi],80h
> >
> > TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
> > ErrCode = 00000000
> > eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
> > edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0 nv
> > up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
> > gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
> > 80550320 813e80000000 cmp dword ptr [esi],80h
> > ds:0023:00000024=????????
> > Resetting default scope
> >
> > CUSTOMER_CRASH_COUNT: 1
> >
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x8E
> >
> > PROCESS_NAME: hpqste08.exe
> >
> > LAST_CONTROL_TRANSFER: from bf802a9b to 80550320
> >
> > STACK_TEXT:
> > a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
> > nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
> > e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
> > e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72 e3b89b20
> > e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
> > a467abe0 bf84ac19 e3a82430 00000002 a467abfc
> > win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
> > bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
> > 8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
> > a467ac14 bf8209f9 00000000 88d5fda8 00000000
> > win32k!DestroyProcessesObjects+0x70
> > a467ac3c bf819e30 00000001 a467ac64 bf819ef4
> > win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8 00000001
> > 00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07 88d5fda8
> > 00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0 8058c841
> > 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
> > a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
> > a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
> > a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
> > WARNING: Frame IP not in any known module. Following frames may be
> > wrong. 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b
> >
> >
> > STACK_COMMAND: kb
> >
> > FOLLOWUP_IP:
> > win32k!HeavyFreePool+bb
> > bf802a9b 5d pop ebp
> >
> > SYMBOL_STACK_INDEX: 1
> >
> > SYMBOL_NAME: win32k!HeavyFreePool+bb
> >
> > FOLLOWUP_NAME: MachineOwner
> >
> > MODULE_NAME: win32k
> >
> > IMAGE_NAME: win32k.sys
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6
> >
> > FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
> >
> > BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
> >
> > Followup: MachineOwner
> > ---------
> >
> >
> >
> > "Dominiccoombe" wrote:
> >
> >> All,
> >>
> >> I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
> >> HDD
> >>
> >> reinstalled the latest version of spysweeper.
> >>
> >> Will see how it goes.
> >>
> >> Dom
> >>
> >> in meantime I will check out the malware
> >>
> >> "Gerry" wrote:
> >>
> >>> Dominic
> >>>
> >>> What Warning and Error Reports appear in Event Viewer since it's
> >>> removal? Can you please post copies.
> >>>
> >>> If you have had a malware infestation one holds the door open to let
> >>> it's friends in.
> >>>
> >>> Can you please post a copy of the latest Stop error report.
> >>>
> >>>
> >>> --
> >>>
> >>>
> >>>
> >>> Hope this helps.
> >>>
> >>> Gerry
> >>> ~~~~
> >>> FCA
> >>> Stourport, England
> >>> Enquire, plan and execute
> >>> ~~~~~~~~~~~~~~~~~~~
> >>>
> >>>
> >>>
> >>> Dominiccoombe wrote:
> >>>> Gerry,
> >>>>
> >>>> SSFS0BB8.SYS - does not exist on the machine after the uninstall of
> >>>> webroot.
> >>>>
> >>>>
> >>>> I will follow your spyware suggestions after I do the verifier and
> >>>> chkdsk /r
> >>>>
> >>>> Dominic
> >>>>
> >>>> "Gerry" wrote:
> >>>>
> >>>>> Dominic
> >>>>>
> >>>>> Background information on Stop Error message
> >>>>> http://msdn2.microsoft.com/en-us/library/ms793989.aspx
> >>>>>
> >>>>> http://aumha.org/a/stop.htm
> >>>>>
> >>>>> SSFS0BB8.SYS -This file concerns me as I cannot ascertain what
> >>>>> it is but it has often cropped up in HijackThis files where the
> >>>>> user is seeking to remove malware.
> >>>>>
> >>>>> Can you locate the file in Windows Explorer and examine it's
> >>>>> properties by right clicking on the file. Instructions on how to
> >>>>> Show hidden files are in the next paragraph.
> >>>>>
> >>>>> Go to Start, Control Panel, Folder Options, View, Advanced
> >>>>> Settings and verify that the box before "Show hidden files and
> >>>>> folders" is checked and "Hide protected operating system files "
> >>>>> is unchecked. You may need to scroll down to see the second item.
> >>>>> You should also make certain that the box before "Hide extensions
> >>>>> for known file types" is not checked. Next in Windows Explorer
> >>>>> make sure View, Details is selected and then select View, Choose
> >>>>> Details and check before Name, Type, Total Size, and Free Space.
> >>>>>
> >>>>>
> >>>>> What are your anti-virus and anti-spyware arrangements?
> >>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> >>>>>
> >>>>> I do not think it is is worth pursuing other avenues of enquiry
> >>>>> until the situation regarding malware is clearer.
> >>>>>
> >>>>> --
> >>>>>
> >>>>>
> >>>>>
> >>>>> Hope this helps.
> >>>>>
> >>>>> Gerry
> >>>>> ~~~~
> >>>>> FCA
> >>>>> Stourport, England
> >>>>> Enquire, plan and execute
> >>>>> ~~~~~~~~~~~~~~~~~~~
> >>>>>
> >>>>> Dominiccoombe wrote:
> >>>>>> Gerry,
> >>>>>>
> >>>>>> The last line of the minidump says
> >>>>>> "Probably caused by : SSFS0BB8.SYS ( SSFS0BB8+2dd1 )"
> >>>>>>
> >>>>>> Event Viewer
> >>>>>> Date 12/18/07
> >>>>>> Event Save Dump
> >>>>>> Time 5:05:31
> >>>>>> event id 1001
> >>>>>>
the machine is about 1 1/2 years old.
it is custom built.
this is a desktop mostly used for browsing, ms office, and outlook and ms
money.
parts include
asus p5n32-sle se deluxe mobo
Kingston 2 * 1GB ram 5-5-5-15
WD SATA 3gb 250GB
xfx geforce 6800gt
Intel core duo E6600 cpu
Yes I did have some remore control software on the machine for a short time.
it was logmein
my xp cd is xp pro from the microsoft action pack.
"Gerry" wrote:
> Background information on Stop Error report:
> http://msdn2.microsoft.com/en-us/library/ms794023.aspx
>
> A kernel mode program generated an exception which the error handler
> didn't catch. These are nearly always hardware compatibility issues
> (which sometimes means a driver issue or a need for a BIOS upgrade).
> http://aumha.org/a/stop.htm
>
> Has there been any use of remote control software to maintain, update or
> service this computer. Is the laptop used for work as well as pleasure?
>
> What is your Windows XP CD as it is described on the face of the CD?
>
> What is your computer make and model? How old is it?
>
>
> --
>
>
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
> Dominiccoombe wrote:
> > this is the latest dump anaalysis to go with the event viewer
> >
> >
> > Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
> > Copyright (c) Microsoft Corporation. All rights reserved.
> >
> >
> > Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
> > Mini Kernel Dump File: Only registers and stack trace are available
> >
> > Symbol search path is:
> > srv*c:\symbols*http://msdl.microsoft.com/download/symbols
> > Executable search path is: c:\windows\i386
> > Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
> > compatible
> > Product: WinNt, suite: TerminalServer SingleUserTS
> > Built by: 2600.xpsp_sp2_gdr.070227-2254
> > Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
> > Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
> > System Uptime: 0 days 7:58:40.554
> > Loading Kernel Symbols
> > ..........................................................................................................................................
> > Loading User Symbols
> > Loading unloaded module list
> > ...............
> > *******************************************************************************
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> > *******************************************************************************
> >
> > Use !analyze -v to get detailed debugging information.
> >
> > BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}
> >
> >
> >
> > Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )
> >
> > Followup: MachineOwner
> > ---------
> >
> > 0: kd> !analyze -v
> > *******************************************************************************
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> > *******************************************************************************
> >
> > KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
> > This is a very common bugcheck. Usually the exception address
> > pinpoints
> > the driver/function that caused the problem. Always note this address
> > as well as the link date of the driver/image that contains this
> > address.
> > Some common problems are exception code 0x80000003. This means a hard
> > coded breakpoint or assertion was hit, but this system was booted
> > /NODEBUG. This is not supposed to happen as developers should never
> > have hardcoded breakpoints in retail code, but ...
> > If this happens, make sure a debugger gets connected, and the
> > system is booted /DEBUG. This will let us see why this breakpoint is
> > happening.
> > Arguments:
> > Arg1: c0000005, The exception code that was not handled
> > Arg2: 80550320, The address that the exception occurred at
> > Arg3: a467aae8, Trap Frame
> > Arg4: 00000000
> >
> > Debugging Details:
> > ------------------
> >
> >
> >
> >
> > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> > referenced memory at "0x%08lx". The memory could not be "%s".
> >
> > FAULTING_IP:
> > nt!ExFreePoolWithTag+471
> > 80550320 813e80000000 cmp dword ptr [esi],80h
> >
> > TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
> > ErrCode = 00000000
> > eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
> > edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0 nv
> > up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
> > gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
> > 80550320 813e80000000 cmp dword ptr [esi],80h
> > ds:0023:00000024=????????
> > Resetting default scope
> >
> > CUSTOMER_CRASH_COUNT: 1
> >
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x8E
> >
> > PROCESS_NAME: hpqste08.exe
> >
> > LAST_CONTROL_TRANSFER: from bf802a9b to 80550320
> >
> > STACK_TEXT:
> > a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
> > nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
> > e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
> > e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72 e3b89b20
> > e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
> > a467abe0 bf84ac19 e3a82430 00000002 a467abfc
> > win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
> > bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
> > 8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
> > a467ac14 bf8209f9 00000000 88d5fda8 00000000
> > win32k!DestroyProcessesObjects+0x70
> > a467ac3c bf819e30 00000001 a467ac64 bf819ef4
> > win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8 00000001
> > 00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07 88d5fda8
> > 00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0 8058c841
> > 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
> > a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
> > a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
> > a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
> > WARNING: Frame IP not in any known module. Following frames may be
> > wrong. 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b
> >
> >
> > STACK_COMMAND: kb
> >
> > FOLLOWUP_IP:
> > win32k!HeavyFreePool+bb
> > bf802a9b 5d pop ebp
> >
> > SYMBOL_STACK_INDEX: 1
> >
> > SYMBOL_NAME: win32k!HeavyFreePool+bb
> >
> > FOLLOWUP_NAME: MachineOwner
> >
> > MODULE_NAME: win32k
> >
> > IMAGE_NAME: win32k.sys
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6
> >
> > FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
> >
> > BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
> >
> > Followup: MachineOwner
> > ---------
> >
> >
> >
> > "Dominiccoombe" wrote:
> >
> >> All,
> >>
> >> I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
> >> HDD
> >>
> >> reinstalled the latest version of spysweeper.
> >>
> >> Will see how it goes.
> >>
> >> Dom
> >>
> >> in meantime I will check out the malware
> >>
> >> "Gerry" wrote:
> >>
> >>> Dominic
> >>>
> >>> What Warning and Error Reports appear in Event Viewer since it's
> >>> removal? Can you please post copies.
> >>>
> >>> If you have had a malware infestation one holds the door open to let
> >>> it's friends in.
> >>>
> >>> Can you please post a copy of the latest Stop error report.
> >>>
> >>>
> >>> --
> >>>
> >>>
> >>>
> >>> Hope this helps.
> >>>
> >>> Gerry
> >>> ~~~~
> >>> FCA
> >>> Stourport, England
> >>> Enquire, plan and execute
> >>> ~~~~~~~~~~~~~~~~~~~
> >>>
> >>>
> >>>
> >>> Dominiccoombe wrote:
> >>>> Gerry,
> >>>>
> >>>> SSFS0BB8.SYS - does not exist on the machine after the uninstall of
> >>>> webroot.
> >>>>
> >>>>
> >>>> I will follow your spyware suggestions after I do the verifier and
> >>>> chkdsk /r
> >>>>
> >>>> Dominic
> >>>>
> >>>> "Gerry" wrote:
> >>>>
> >>>>> Dominic
> >>>>>
> >>>>> Background information on Stop Error message
> >>>>> http://msdn2.microsoft.com/en-us/library/ms793989.aspx
> >>>>>
> >>>>> http://aumha.org/a/stop.htm
> >>>>>
> >>>>> SSFS0BB8.SYS -This file concerns me as I cannot ascertain what
> >>>>> it is but it has often cropped up in HijackThis files where the
> >>>>> user is seeking to remove malware.
> >>>>>
> >>>>> Can you locate the file in Windows Explorer and examine it's
> >>>>> properties by right clicking on the file. Instructions on how to
> >>>>> Show hidden files are in the next paragraph.
> >>>>>
> >>>>> Go to Start, Control Panel, Folder Options, View, Advanced
> >>>>> Settings and verify that the box before "Show hidden files and
> >>>>> folders" is checked and "Hide protected operating system files "
> >>>>> is unchecked. You may need to scroll down to see the second item.
> >>>>> You should also make certain that the box before "Hide extensions
> >>>>> for known file types" is not checked. Next in Windows Explorer
> >>>>> make sure View, Details is selected and then select View, Choose
> >>>>> Details and check before Name, Type, Total Size, and Free Space.
> >>>>>
> >>>>>
> >>>>> What are your anti-virus and anti-spyware arrangements?
> >>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> >>>>>
> >>>>> I do not think it is is worth pursuing other avenues of enquiry
> >>>>> until the situation regarding malware is clearer.
> >>>>>
> >>>>> --
> >>>>>
> >>>>>
> >>>>>
> >>>>> Hope this helps.
> >>>>>
> >>>>> Gerry
> >>>>> ~~~~
> >>>>> FCA
> >>>>> Stourport, England
> >>>>> Enquire, plan and execute
> >>>>> ~~~~~~~~~~~~~~~~~~~
> >>>>>
> >>>>> Dominiccoombe wrote:
> >>>>>> Gerry,
> >>>>>>
> >>>>>> The last line of the minidump says
> >>>>>> "Probably caused by : SSFS0BB8.SYS ( SSFS0BB8+2dd1 )"
> >>>>>>
> >>>>>> Event Viewer
> >>>>>> Date 12/18/07
> >>>>>> Event Save Dump
> >>>>>> Time 5:05:31
> >>>>>> event id 1001
> >>>>>>
"Dominiccoombe" wrote:
> this is the latest dump anaalysis to go with the event viewer
>
>
> Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
> Copyright (c) Microsoft Corporation. All rights reserved.
>
>
> Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
> Mini Kernel Dump File: Only registers and stack trace are available
>
> Symbol search path is:
> srv*c:\symbols*http://msdl.microsoft.com/download/symbols
> Executable search path is: c:\windows\i386
> Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
> compatible
> Product: WinNt, suite: TerminalServer SingleUserTS
> Built by: 2600.xpsp_sp2_gdr.070227-2254
> Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
> Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
> System Uptime: 0 days 7:58:40.554
> Loading Kernel Symbols
> ..........................................................................................................................................
> Loading User Symbols
> Loading unloaded module list
> ...............
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}
>
>
>
> Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )
>
> Followup: MachineOwner
> ---------
>
> 0: kd> !analyze -v
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
> This is a very common bugcheck. Usually the exception address pinpoints
> the driver/function that caused the problem. Always note this address
> as well as the link date of the driver/image that contains this address.
> Some common problems are exception code 0x80000003. This means a hard
> coded breakpoint or assertion was hit, but this system was booted
> /NODEBUG. This is not supposed to happen as developers should never have
> hardcoded breakpoints in retail code, but ...
> If this happens, make sure a debugger gets connected, and the
> system is booted /DEBUG. This will let us see why this breakpoint is
> happening.
> Arguments:
> Arg1: c0000005, The exception code that was not handled
> Arg2: 80550320, The address that the exception occurred at
> Arg3: a467aae8, Trap Frame
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
>
>
>
> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> referenced memory at "0x%08lx". The memory could not be "%s".
>
> FAULTING_IP:
> nt!ExFreePoolWithTag+471
> 80550320 813e80000000 cmp dword ptr [esi],80h
>
> TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
> ErrCode = 00000000
> eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024 edi=00000000
> eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0 nv up ei pl nz na po nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
> nt!ExFreePoolWithTag+0x471:
> 80550320 813e80000000 cmp dword ptr [esi],80h
> ds:0023:00000024=????????
> Resetting default scope
>
> CUSTOMER_CRASH_COUNT: 1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x8E
>
> PROCESS_NAME: hpqste08.exe
>
> LAST_CONTROL_TRANSFER: from bf802a9b to 80550320
>
> STACK_TEXT:
> a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8 nt!ExFreePoolWithTag+0x471
> a467aba0 bf80e88f e3b89b20 bf9ab0e8 e3b89b20 win32k!HeavyFreePool+0xbb
> a467abb8 bf838fac e3b89b20 e3b89b20 a467abe0 win32k!HMFreeObject+0xa0
> a467abc8 bf838f72 e3b89b20 e3a82430 bc513f0c
> win32k!DestroyEmptyCursorObject+0x1b
> a467abe0 bf84ac19 e3a82430 00000002 a467abfc win32k!_DestroyCursor+0x105
> a467abf0 bf84ac01 e3b89b20 a467ac14 bf8c09a6 win32k!DestroyUnlockedCursor+0xf
> a467abfc bf8c09a6 bc5127e4 8905dde0 e3b3a820
> win32k!HMDestroyUnlockedObject+0x1c
> a467ac14 bf8209f9 00000000 88d5fda8 00000000
> win32k!DestroyProcessesObjects+0x70
> a467ac3c bf819e30 00000001 a467ac64 bf819ef4 win32k!xxxDestroyThreadInfo+0x22c
> a467ac48 bf819ef4 88d5fda8 00000001 00000000 win32k!UserThreadCallout+0x4b
> a467ac64 8056fc07 88d5fda8 00000001 88e3f968 win32k!W32pThreadCallout+0x3d
> a467acf0 8058c841 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
> a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
> a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
> a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> win32k!HeavyFreePool+bb
> bf802a9b 5d pop ebp
>
> SYMBOL_STACK_INDEX: 1
>
> SYMBOL_NAME: win32k!HeavyFreePool+bb
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: win32k
>
> IMAGE_NAME: win32k.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6
>
> FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
>
> BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
>
> Followup: MachineOwner
> ---------
>
>
>
> "Dominiccoombe" wrote:
>
> > All,
> >
> > I did verifer and chkdsk /r which ran for about 2 hours on my 250gb HDD
> >
> > reinstalled the latest version of spysweeper.
> >
> > Will see how it goes.
> >
> > Dom
> >
> > in meantime I will check out the malware
> >
> > "Gerry" wrote:
> >
> > > Dominic
> > >
> > > What Warning and Error Reports appear in Event Viewer since it's
> > > removal? Can you please post copies.
> > >
> > > If you have had a malware infestation one holds the door open to let
> > > it's friends in.
> > >
> > > Can you please post a copy of the latest Stop error report.
> > >
> > >
> > > --
> > >
> > >
> > >
> > > Hope this helps.
> > >
> > > Gerry
> > > ~~~~
> > > FCA
> > > Stourport, England
> > > Enquire, plan and execute
> > > ~~~~~~~~~~~~~~~~~~~
Uninstall your HP Printer and then run a check on your RAM and on the HDD.
Run Disk Clean up and Defrag in Safe Mode, try to monitor the Event Viewer
for error and check other Devices in the Device Manager for Conflict or
Malfunctioning.
If all goes okay without errors then the Printer driver was corrupt/damaged
and causing the issue to arise and you need to download the latest driver
for it from HP site.
This can happen if the system overheated or a Bad RAM, Motherboard going
Nuts or a BIOS outdated.
HTH.
nass
---- http://www.nasstec.co.uk
Try Start, Run, type "sigverif.exe" without quotes and hit OK. What
drivers are listed as unsigned? Disregard those which are not checked.
I am wondering whether you left behind a bit og logmein when you
uninstalled?
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Dominiccoombe wrote:
> Gerry,
>
> the machine is about 1 1/2 years old.
> it is custom built.
> this is a desktop mostly used for browsing, ms office, and outlook
> and ms money.
>
> parts include
>
> asus p5n32-sle se deluxe mobo
> Kingston 2 * 1GB ram 5-5-5-15
> WD SATA 3gb 250GB
> xfx geforce 6800gt
> Intel core duo E6600 cpu
>
>
> Yes I did have some remore control software on the machine for a
> short time. it was logmein
>
> my xp cd is xp pro from the microsoft action pack.
>
>
> "Gerry" wrote:
>
>> Background information on Stop Error report:
>> http://msdn2.microsoft.com/en-us/library/ms794023.aspx
>>
>> A kernel mode program generated an exception which the error handler
>> didn't catch. These are nearly always hardware compatibility issues
>> (which sometimes means a driver issue or a need for a BIOS upgrade).
>> http://aumha.org/a/stop.htm
>>
>> Has there been any use of remote control software to maintain,
>> update or service this computer. Is the laptop used for work as well
>> as pleasure?
>>
>> What is your Windows XP CD as it is described on the face of the CD?
>>
>> What is your computer make and model? How old is it?
>>
>>
>> --
>>
>>
>>
>> Hope this helps.
>>
>> Gerry
>> ~~~~
>> FCA
>> Stourport, England
>> Enquire, plan and execute
>> ~~~~~~~~~~~~~~~~~~~
>> Dominiccoombe wrote:
>>> this is the latest dump anaalysis to go with the event viewer
>>>
>>>
>>> Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
>>> Copyright (c) Microsoft Corporation. All rights reserved.
>>>
>>>
>>> Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
>>> Mini Kernel Dump File: Only registers and stack trace are available
>>>
>>> Symbol search path is:
>>> srv*c:\symbols*http://msdl.microsoft.com/download/symbols
>>> Executable search path is: c:\windows\i386
>>> Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free
>>> x86 compatible
>>> Product: WinNt, suite: TerminalServer SingleUserTS
>>> Built by: 2600.xpsp_sp2_gdr.070227-2254
>>> Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
>>> Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
>>> System Uptime: 0 days 7:58:40.554
>>> Loading Kernel Symbols
>>> ..........................................................................................................................................
>>> Loading User Symbols
>>> Loading unloaded module list
>>> ...............
>>> *******************************************************************************
>>> *
>>> *
>>> * Bugcheck Analysis
>>> *
>>> *
>>> *
>>> *******************************************************************************
>>>
>>> Use !analyze -v to get detailed debugging information.
>>>
>>> BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}
>>>
>>>
>>>
>>> Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )
>>>
>>> Followup: MachineOwner
>>> ---------
>>>
>>> 0: kd> !analyze -v
>>> *******************************************************************************
>>> *
>>> *
>>> * Bugcheck Analysis
>>> *
>>> *
>>> *
>>> *******************************************************************************
>>>
>>> KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
>>> This is a very common bugcheck. Usually the exception address
>>> pinpoints
>>> the driver/function that caused the problem. Always note this
>>> address as well as the link date of the driver/image that contains
>>> this address.
>>> Some common problems are exception code 0x80000003. This means a
>>> hard coded breakpoint or assertion was hit, but this system was
>>> booted /NODEBUG. This is not supposed to happen as developers
>>> should never have hardcoded breakpoints in retail code, but ...
>>> If this happens, make sure a debugger gets connected, and the
>>> system is booted /DEBUG. This will let us see why this breakpoint
>>> is happening.
>>> Arguments:
>>> Arg1: c0000005, The exception code that was not handled
>>> Arg2: 80550320, The address that the exception occurred at
>>> Arg3: a467aae8, Trap Frame
>>> Arg4: 00000000
>>>
>>> Debugging Details:
>>> ------------------
>>>
>>>
>>>
>>>
>>> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
>>> referenced memory at "0x%08lx". The memory could not be "%s".
>>>
>>> FAULTING_IP:
>>> nt!ExFreePoolWithTag+471
>>> 80550320 813e80000000 cmp dword ptr [esi],80h
>>>
>>> TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
>>> ErrCode = 00000000
>>> eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
>>> edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0
>>> nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
>>> gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
>>> 80550320 813e80000000 cmp dword ptr [esi],80h
>>> ds:0023:00000024=????????
>>> Resetting default scope
>>>
>>> CUSTOMER_CRASH_COUNT: 1
>>>
>>> DEFAULT_BUCKET_ID: DRIVER_FAULT
>>>
>>> BUGCHECK_STR: 0x8E
>>>
>>> PROCESS_NAME: hpqste08.exe
>>>
>>> LAST_CONTROL_TRANSFER: from bf802a9b to 80550320
>>>
>>> STACK_TEXT:
>>> a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
>>> nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
>>> e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
>>> e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72
>>> e3b89b20 e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
>>> a467abe0 bf84ac19 e3a82430 00000002 a467abfc
>>> win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
>>> bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
>>> 8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
>>> a467ac14 bf8209f9 00000000 88d5fda8 00000000
>>> win32k!DestroyProcessesObjects+0x70
>>> a467ac3c bf819e30 00000001 a467ac64 bf819ef4
>>> win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8
>>> 00000001 00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07
>>> 88d5fda8 00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0
>>> 8058c841 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
>>> a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c
>>> nt!PsExitSpecialApc+0x22 a467ad4c 804de263 00000001 00000000
>>> a467ad64 nt!KiDeliverApc+0x1af a467ad4c 7df7bd1b 00000001 00000000
>>> a467ad64 nt!Kei386EoiHelper+0x3a WARNING: Frame IP not in any known
>>> module. Following frames may be wrong. 0012fd34 00000000 00000000
>>> 00000000 00000000 0x7df7bd1b
>>>
>>>
>>> STACK_COMMAND: kb
>>>
>>> FOLLOWUP_IP:
>>> win32k!HeavyFreePool+bb
>>> bf802a9b 5d pop ebp
>>>
>>> SYMBOL_STACK_INDEX: 1
>>>
>>> SYMBOL_NAME: win32k!HeavyFreePool+bb
>>>
>>> FOLLOWUP_NAME: MachineOwner
>>>
>>> MODULE_NAME: win32k
>>>
>>> IMAGE_NAME: win32k.sys
>>>
>>> DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6
>>>
>>> FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
>>>
>>> BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
>>>
>>> Followup: MachineOwner
>>> ---------
>>>
>>>
>>>
>>> "Dominiccoombe" wrote:
>>>
>>>> All,
>>>>
>>>> I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
>>>> HDD
>>>>
>>>> reinstalled the latest version of spysweeper.
>>>>
>>>> Will see how it goes.
>>>>
>>>> Dom
>>>>
>>>> in meantime I will check out the malware
>>>>
>>>> "Gerry" wrote:
>>>>
>>>>> Dominic
>>>>>
>>>>> What Warning and Error Reports appear in Event Viewer since it's
>>>>> removal? Can you please post copies.
>>>>>
>>>>> If you have had a malware infestation one holds the door open to
>>>>> let it's friends in.
>>>>>
>>>>> Can you please post a copy of the latest Stop error report.
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>> Hope this helps.
>>>>>
>>>>> Gerry
>>>>> ~~~~
>>>>> FCA
>>>>> Stourport, England
>>>>> Enquire, plan and execute
>>>>> ~~~~~~~~~~~~~~~~~~~
>>>>>
>>>>>
>>>>>
>>>>> Dominiccoombe wrote:
>>>>>> Gerry,
>>>>>>
>>>>>> SSFS0BB8.SYS - does not exist on the machine after the uninstall
>>>>>> of webroot.
>>>>>>
>>>>>>
>>>>>> I will follow your spyware suggestions after I do the verifier
>>>>>> and chkdsk /r
>>>>>>
>>>>>> Dominic
>>>>>>
>>>>>> "Gerry" wrote:
>>>>>>
>>>>>>> Dominic
>>>>>>>
>>>>>>> Background information on Stop Error message
>>>>>>> http://msdn2.microsoft.com/en-us/library/ms793989.aspx
>>>>>>>
>>>>>>> http://aumha.org/a/stop.htm
>>>>>>>
>>>>>>> SSFS0BB8.SYS -This file concerns me as I cannot ascertain what
>>>>>>> it is but it has often cropped up in HijackThis files where the
>>>>>>> user is seeking to remove malware.
>>>>>>>
>>>>>>> Can you locate the file in Windows Explorer and examine it's
>>>>>>> properties by right clicking on the file. Instructions on how to
>>>>>>> Show hidden files are in the next paragraph.
>>>>>>>
>>>>>>> Go to Start, Control Panel, Folder Options, View, Advanced
>>>>>>> Settings and verify that the box before "Show hidden files and
>>>>>>> folders" is checked and "Hide protected operating system files "
>>>>>>> is unchecked. You may need to scroll down to see the second
>>>>>>> item. You should also make certain that the box before "Hide
>>>>>>> extensions for known file types" is not checked. Next in
>>>>>>> Windows Explorer make sure View, Details is selected and then
>>>>>>> select View, Choose Details and check before Name, Type, Total
>>>>>>> Size, and Free Space.
>>>>>>>
>>>>>>>
>>>>>>> What are your anti-virus and anti-spyware arrangements?
>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>
>>>>>>> I do not think it is is worth pursuing other avenues of enquiry
>>>>>>> until the situation regarding malware is clearer.
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hope this helps.
>>>>>>>
>>>>>>> Gerry
>>>>>>> ~~~~
>>>>>>> FCA
>>>>>>> Stourport, England
>>>>>>> Enquire, plan and execute
>>>>>>> ~~~~~~~~~~~~~~~~~~~
>>>>>>>
>>>>>>> Dominiccoombe wrote:
>>>>>>>> Gerry,
>>>>>>>>
>>>>>>>> The last line of the minidump says
>>>>>>>> "Probably caused by : SSFS0BB8.SYS ( SSFS0BB8+2dd1 )"
>>>>>>>>
>>>>>>>> Event Viewer
>>>>>>>> Date 12/18/07
>>>>>>>> Event Save Dump
>>>>>>>> Time 5:05:31
>>>>>>>> event id 1001
That reference is to a Digital Imager i.e, scanner not a printer,
although it could be an All in One.
--
Yours sincerely,
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
G.C.J. Cornell
Financial Controller
Twojays Enterprises Ltd gcjc@btinternet.com
Direct line 01299 824508 Fax 01299 822760
~~~~~~~~~~~~~~~~~~~~~~~~
nass wrote:
> "Dominiccoombe" wrote:
>
>> this is the latest dump anaalysis to go with the event viewer
>>
>>
>> Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
>> Copyright (c) Microsoft Corporation. All rights reserved.
>>
>>
>> Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
>> Mini Kernel Dump File: Only registers and stack trace are available
>>
>> Symbol search path is:
>> srv*c:\symbols*http://msdl.microsoft.com/download/symbols
>> Executable search path is: c:\windows\i386
>> Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
>> compatible
>> Product: WinNt, suite: TerminalServer SingleUserTS
>> Built by: 2600.xpsp_sp2_gdr.070227-2254
>> Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
>> Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
>> System Uptime: 0 days 7:58:40.554
>> Loading Kernel Symbols
>> ..........................................................................................................................................
>> Loading User Symbols
>> Loading unloaded module list
>> ...............
>> *******************************************************************************
>> *
>> *
>> * Bugcheck Analysis
>> *
>> *
>> *
>> *******************************************************************************
>>
>> Use !analyze -v to get detailed debugging information.
>>
>> BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}
>>
>>
>>
>> Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )
>>
>> Followup: MachineOwner
>> ---------
>>
>> 0: kd> !analyze -v
>> *******************************************************************************
>> *
>> *
>> * Bugcheck Analysis
>> *
>> *
>> *
>> *******************************************************************************
>>
>> KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
>> This is a very common bugcheck. Usually the exception address
>> pinpoints
>> the driver/function that caused the problem. Always note this
>> address
>> as well as the link date of the driver/image that contains this
>> address.
>> Some common problems are exception code 0x80000003. This means a
>> hard
>> coded breakpoint or assertion was hit, but this system was booted
>> /NODEBUG. This is not supposed to happen as developers should never
>> have hardcoded breakpoints in retail code, but ...
>> If this happens, make sure a debugger gets connected, and the
>> system is booted /DEBUG. This will let us see why this breakpoint is
>> happening.
>> Arguments:
>> Arg1: c0000005, The exception code that was not handled
>> Arg2: 80550320, The address that the exception occurred at
>> Arg3: a467aae8, Trap Frame
>> Arg4: 00000000
>>
>> Debugging Details:
>> ------------------
>>
>>
>>
>>
>> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
>> referenced memory at "0x%08lx". The memory could not be "%s".
>>
>> FAULTING_IP:
>> nt!ExFreePoolWithTag+471
>> 80550320 813e80000000 cmp dword ptr [esi],80h
>>
>> TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
>> ErrCode = 00000000
>> eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
>> edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0
>> nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
>> gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
>> 80550320 813e80000000 cmp dword ptr [esi],80h
>> ds:0023:00000024=????????
>> Resetting default scope
>>
>> CUSTOMER_CRASH_COUNT: 1
>>
>> DEFAULT_BUCKET_ID: DRIVER_FAULT
>>
>> BUGCHECK_STR: 0x8E
>>
>> PROCESS_NAME: hpqste08.exe
>>
>> LAST_CONTROL_TRANSFER: from bf802a9b to 80550320
>>
>> STACK_TEXT:
>> a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
>> nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
>> e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
>> e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72
>> e3b89b20 e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
>> a467abe0 bf84ac19 e3a82430 00000002 a467abfc
>> win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
>> bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
>> 8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
>> a467ac14 bf8209f9 00000000 88d5fda8 00000000
>> win32k!DestroyProcessesObjects+0x70
>> a467ac3c bf819e30 00000001 a467ac64 bf819ef4
>> win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8
>> 00000001 00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07
>> 88d5fda8 00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0
>> 8058c841 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
>> a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
>> a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
>> a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
>> WARNING: Frame IP not in any known module. Following frames may be
>> wrong. 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b
>>
>>
>> STACK_COMMAND: kb
>>
>> FOLLOWUP_IP:
>> win32k!HeavyFreePool+bb
>> bf802a9b 5d pop ebp
>>
>> SYMBOL_STACK_INDEX: 1
>>
>> SYMBOL_NAME: win32k!HeavyFreePool+bb
>>
>> FOLLOWUP_NAME: MachineOwner
>>
>> MODULE_NAME: win32k
>>
>> IMAGE_NAME: win32k.sys
>>
>> DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6
>>
>> FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
>>
>> BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb
>>
>> Followup: MachineOwner
>> ---------
>>
>>
>>
>> "Dominiccoombe" wrote:
>>
>>> All,
>>>
>>> I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
>>> HDD
>>>
>>> reinstalled the latest version of spysweeper.
>>>
>>> Will see how it goes.
>>>
>>> Dom
>>>
>>> in meantime I will check out the malware
>>>
>>> "Gerry" wrote:
>>>
>>>> Dominic
>>>>
>>>> What Warning and Error Reports appear in Event Viewer since it's
>>>> removal? Can you please post copies.
>>>>
>>>> If you have had a malware infestation one holds the door open to
>>>> let it's friends in.
>>>>
>>>> Can you please post a copy of the latest Stop error report.
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>> Hope this helps.
>>>>
>>>> Gerry
>>>> ~~~~
>>>> FCA
>>>> Stourport, England
>>>> Enquire, plan and execute
>>>> ~~~~~~~~~~~~~~~~~~~
>
>
> Uninstall your HP Printer and then run a check on your RAM and on the
> HDD. Run Disk Clean up and Defrag in Safe Mode, try to monitor the
> Event Viewer for error and check other Devices in the Device Manager
> for Conflict or Malfunctioning.
> If all goes okay without errors then the Printer driver was
> corrupt/damaged and causing the issue to arise and you need to
> download the latest driver for it from HP site.
> This can happen if the system overheated or a Bad RAM, Motherboard
> going Nuts or a BIOS outdated.
> HTH.
> nass
> ----
> http://www.nasstec.co.uk
"Gerry" wrote:
> Nass
>
> That reference is to a Digital Imager i.e, scanner not a printer,
> although it could be an All in One.
>
>
> --
> Yours sincerely,
>
> Gerry
> ~~~~~~~~~~~~~~~~~~~~~~~~
> FCA
>
> G.C.J. Cornell
> Financial Controller
> Twojays Enterprises Ltd
> gcjcSPAMLAME@btinternet.com
> Direct line 01299 824508 Fax 01299 822760
>
> ~~~~~~~~~~~~~~~~~~~~~~~~
Hi Gerry,
Yes, it is for HP Digital Imaging, and it could be ALL-In-One HP Printer as
you mentioned, located here:
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
The OP need to take OFF from the Start Up List or uninstall and Reinstall it.
HTH and Happy Xmas.
nass
---- http://www.nasstec.co.uk
I uninstalled everything to do with the printer which is an HP.
I left the machine run for over a day and everything work fine.
I downloaded the plain printer driver fom HP again and reinstalled. am now
waiting and hoping.
Hopefully this was the problem.
Will keep you posted
Happy Christmas and thanks for all the help so far.
Dominic Coombe
"nass" wrote:
>
>
> "Gerry" wrote:
>
> > Nass
> >
> > That reference is to a Digital Imager i.e, scanner not a printer,
> > although it could be an All in One.
> >
> >
> > --
> > Yours sincerely,
> >
> > Gerry
> > ~~~~~~~~~~~~~~~~~~~~~~~~
> > FCA
> >
> > G.C.J. Cornell
> > Financial Controller
> > Twojays Enterprises Ltd
> > gcjcSPAMLAME@btinternet.com
> > Direct line 01299 824508 Fax 01299 822760
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> Hi Gerry,
> Yes, it is for HP Digital Imaging, and it could be ALL-In-One HP Printer as
> you mentioned, located here:
> C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
> The OP need to take OFF from the Start Up List or uninstall and Reinstall it.
> HTH and Happy Xmas.
> nass
> ----
> http://www.nasstec.co.uk
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Dominiccoombe wrote:
> Hi all,
>
> Last post before xmas.
>
> I uninstalled everything to do with the printer which is an HP.
>
> I left the machine run for over a day and everything work fine.
>
> I downloaded the plain printer driver fom HP again and reinstalled.
> am now waiting and hoping.
>
> Hopefully this was the problem.
>
> Will keep you posted
>
> Happy Christmas and thanks for all the help so far.
>
> Dominic Coombe
>
> "nass" wrote:
>
>>
>>
>> "Gerry" wrote:
>>
>>> Nass
>>>
>>> That reference is to a Digital Imager i.e, scanner not a printer,
>>> although it could be an All in One.
>>>
>>>
>>> --
>>> Yours sincerely,
>>>
>>> Gerry
>>> ~~~~~~~~~~~~~~~~~~~~~~~~
>>> FCA
>>>
>>> G.C.J. Cornell
>>> Financial Controller
>>> Twojays Enterprises Ltd
>>> gcjcSPAMLAME@btinternet.com
>>> Direct line 01299 824508 Fax 01299 822760
>>>
>>> ~~~~~~~~~~~~~~~~~~~~~~~~
>>
>>
>> Hi Gerry,
>> Yes, it is for HP Digital Imaging, and it could be ALL-In-One HP
>> Printer as you mentioned, located here:
>> C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
>> The OP need to take OFF from the Start Up List or uninstall and
>> Reinstall it. HTH and Happy Xmas.
>> nass
>> ----
>> http://www.nasstec.co.uk
Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
Hope it's fine Xmas morning as I am travelling down to Wimbledon to
visit my youngest daughter. You do not get smog like we saw in the 40's
and 50's now.
--
Regards.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
nass wrote:
> "Gerry" wrote:
>
>> Nass
>>
>> That reference is to a Digital Imager i.e, scanner not a printer,
>> although it could be an All in One.
>>
>>
>> --
>> Yours sincerely,
>>
>> Gerry
>> ~~~~~~~~~~~~~~~~~~~~~~~~
>> FCA
>>
>> G.C.J. Cornell
>> Financial Controller
>> Twojays Enterprises Ltd
>> gcjcSPAMLAME@btinternet.com
>> Direct line 01299 824508 Fax 01299 822760
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> Hi Gerry,
> Yes, it is for HP Digital Imaging, and it could be ALL-In-One HP
> Printer as you mentioned, located here:
> C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
> The OP need to take OFF from the Start Up List or uninstall and
> Reinstall it. HTH and Happy Xmas.
> nass
> ----
> http://www.nasstec.co.uk
"Gerry" wrote:
> Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
> Hope it's fine Xmas morning as I am travelling down to Wimbledon to
> visit my youngest daughter. You do not get smog like we saw in the 40's
> and 50's now.
>
>
>
> --
> Regards.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
Hi Gerry,
Yes, it is Foggy, we may see the white stuff/fluffy ones . Oh lord, that
before the clean Power came to age Gerry LOL.
Hope you have a nice drive down south and enjoy your Xmas whatever the
weather.
Season Greetings to you and All.
nass
Basically I ended up uninstalling the HP printer driver, spysweerer and
cloudmark antispam and firefox.
I slowly added back the printer driver after reinstalling firefox and have
been running to today without a crash.
I am going to add spysweeper back today.
I will take baby steps.
Atleast we seem to have found what it was.
Dominic
"nass" wrote:
>
>
> "Gerry" wrote:
>
> > Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
> > Hope it's fine Xmas morning as I am travelling down to Wimbledon to
> > visit my youngest daughter. You do not get smog like we saw in the 40's
> > and 50's now.
> >
> >
> >
> > --
> > Regards.
> >
> > Gerry
> > ~~~~
> > FCA
> > Stourport, England
> > Enquire, plan and execute
> > ~~~~~~~~~~~~~~~~~~~
>
> Hi Gerry,
> Yes, it is Foggy, we may see the white stuff/fluffy ones . Oh lord, that
> before the clean Power came to age Gerry LOL.
> Hope you have a nice drive down south and enjoy your Xmas whatever the
> weather.
> Season Greetings to you and All.
> nass
"Dominiccoombe" wrote:
> Hi all,
>
> Happy new year.
>
> Basically I ended up uninstalling the HP printer driver, spysweerer and
> cloudmark antispam and firefox.
>
> I slowly added back the printer driver after reinstalling firefox and have
> been running to today without a crash.
>
> I am going to add spysweeper back today.
> I will take baby steps.
>
> Atleast we seem to have found what it was.
> Dominic
>
> "nass" wrote:
>
> >
> >
> > "Gerry" wrote:
> >
> > > Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
> > > Hope it's fine Xmas morning as I am travelling down to Wimbledon to
> > > visit my youngest daughter. You do not get smog like we saw in the 40's
> > > and 50's now.
> > >
> > >
> > >
> > > --
> > > Regards.
> > >
> > > Gerry
> > > ~~~~
> > > FCA
> > > Stourport, England
> > > Enquire, plan and execute
> > > ~~~~~~~~~~~~~~~~~~~
> >
> > Hi Gerry,
> > Yes, it is Foggy, we may see the white stuff/fluffy ones . Oh lord, that
> > before the clean Power came to age Gerry LOL.
> > Hope you have a nice drive down south and enjoy your Xmas whatever the
> > weather.
> > Season Greetings to you and All.
> > nass
On sunday 12/30 the machine gave up all together and crashed with a
system.drv was corrupted error.
I went into windows recovery console and restored the file from disk.
The machine came up fine.
Does anyone know what wpdmtpDriver is?? there is an entry in event log for
it.
Happy New Years,
Dominic
"nass" wrote:
>
> Good luck, keep us posted.
>
> "Dominiccoombe" wrote:
>
> > Hi all,
> >
> > Happy new year.
> >
> > Basically I ended up uninstalling the HP printer driver, spysweerer and
> > cloudmark antispam and firefox.
> >
> > I slowly added back the printer driver after reinstalling firefox and have
> > been running to today without a crash.
> >
> > I am going to add spysweeper back today.
> > I will take baby steps.
> >
> > Atleast we seem to have found what it was.
> > Dominic
> >
> > "nass" wrote:
> >
> > >
> > >
> > > "Gerry" wrote:
> > >
> > > > Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
> > > > Hope it's fine Xmas morning as I am travelling down to Wimbledon to
> > > > visit my youngest daughter. You do not get smog like we saw in the 40's
> > > > and 50's now.
> > > >
> > > >
> > > >
> > > > --
> > > > Regards.
> > > >
> > > > Gerry
> > > > ~~~~
> > > > FCA
> > > > Stourport, England
> > > > Enquire, plan and execute
> > > > ~~~~~~~~~~~~~~~~~~~
> > >
> > > Hi Gerry,
> > > Yes, it is Foggy, we may see the white stuff/fluffy ones . Oh lord, that
> > > before the clean Power came to age Gerry LOL.
> > > Hope you have a nice drive down south and enjoy your Xmas whatever the
> > > weather.
> > > Season Greetings to you and All.
> > > nass
Hi Dominic,
Do you have Zune Software installed or an Externals Hard drive (USB)?.
Read here: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=11315
Happy new year to you and All.
Good luck and best wishes.
nass
"Dominiccoombe" wrote:
> UPDATE:
>
> On sunday 12/30 the machine gave up all together and crashed with a
> system.drv was corrupted error.
>
> I went into windows recovery console and restored the file from disk.
>
> The machine came up fine.
>
> Does anyone know what wpdmtpDriver is?? there is an entry in event log for
> it.
>
> Happy New Years,
>
> Dominic
>
> "nass" wrote:
>
> >
> > Good luck, keep us posted.
> >
> > "Dominiccoombe" wrote:
> >
> > > Hi all,
> > >
> > > Happy new year.
> > >
> > > Basically I ended up uninstalling the HP printer driver, spysweerer and
> > > cloudmark antispam and firefox.
> > >
> > > I slowly added back the printer driver after reinstalling firefox and have
> > > been running to today without a crash.
> > >
> > > I am going to add spysweeper back today.
> > > I will take baby steps.
> > >
> > > Atleast we seem to have found what it was.
> > > Dominic
> > >
> > > "nass" wrote:
> > >
> > > >
> > > >
> > > > "Gerry" wrote:
> > > >
> > > > > Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
> > > > > Hope it's fine Xmas morning as I am travelling down to Wimbledon to
> > > > > visit my youngest daughter. You do not get smog like we saw in the 40's
> > > > > and 50's now.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Regards.
> > > > >
> > > > > Gerry
> > > > > ~~~~
> > > > > FCA
> > > > > Stourport, England
> > > > > Enquire, plan and execute
> > > > > ~~~~~~~~~~~~~~~~~~~
> > > >
> > > > Hi Gerry,
> > > > Yes, it is Foggy, we may see the white stuff/fluffy ones . Oh lord, that
> > > > before the clean Power came to age Gerry LOL.
> > > > Hope you have a nice drive down south and enjoy your Xmas whatever the
> > > > weather.
> > > > Season Greetings to you and All.
> > > > nass
Correct I have an external USB HDD, has been on the machine since the
beginning.
NO ZUNE.
I will go and read the article.
Dominic
"nass" wrote:
>
> Hi Dominic,
> Do you have Zune Software installed or an Externals Hard drive (USB)?.
> Read here:
> http://www.jsifaq.com/SF/Tips/Tip.aspx?id=11315
> Happy new year to you and All.
> Good luck and best wishes.
> nass
> "Dominiccoombe" wrote:
>
> > UPDATE:
> >
> > On sunday 12/30 the machine gave up all together and crashed with a
> > system.drv was corrupted error.
> >
> > I went into windows recovery console and restored the file from disk.
> >
> > The machine came up fine.
> >
> > Does anyone know what wpdmtpDriver is?? there is an entry in event log for
> > it.
> >
> > Happy New Years,
> >
> > Dominic
> >
> > "nass" wrote:
> >
> > >
> > > Good luck, keep us posted.
> > >
> > > "Dominiccoombe" wrote:
> > >
> > > > Hi all,
> > > >
> > > > Happy new year.
> > > >
> > > > Basically I ended up uninstalling the HP printer driver, spysweerer and
> > > > cloudmark antispam and firefox.
> > > >
> > > > I slowly added back the printer driver after reinstalling firefox and have
> > > > been running to today without a crash.
> > > >
> > > > I am going to add spysweeper back today.
> > > > I will take baby steps.
> > > >
> > > > Atleast we seem to have found what it was.
> > > > Dominic
> > > >
> > > > "nass" wrote:
> > > >
> > > > >
> > > > >
> > > > > "Gerry" wrote:
> > > > >
> > > > > > Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
> > > > > > Hope it's fine Xmas morning as I am travelling down to Wimbledon to
> > > > > > visit my youngest daughter. You do not get smog like we saw in the 40's
> > > > > > and 50's now.
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Regards.
> > > > > >
> > > > > > Gerry
> > > > > > ~~~~
> > > > > > FCA
> > > > > > Stourport, England
> > > > > > Enquire, plan and execute
> > > > > > ~~~~~~~~~~~~~~~~~~~
> > > > >
> > > > > Hi Gerry,
> > > > > Yes, it is Foggy, we may see the white stuff/fluffy ones . Oh lord, that
> > > > > before the clean Power came to age Gerry LOL.
> > > > > Hope you have a nice drive down south and enjoy your Xmas whatever the
> > > > > weather.
> > > > > Season Greetings to you and All.
> > > > > nass
Last night it blue screened with the message
"Bad Pool Header"
anyone care to offer a suggestion to what that is.
Thanks
Dominic
"Dominiccoombe" wrote:
> Correct I have an external USB HDD, has been on the machine since the
> beginning.
>
> NO ZUNE.
>
> I will go and read the article.
>
> Dominic
>
> "nass" wrote:
>
> >
> > Hi Dominic,
> > Do you have Zune Software installed or an Externals Hard drive (USB)?.
> > Read here:
> > http://www.jsifaq.com/SF/Tips/Tip.aspx?id=11315
> > Happy new year to you and All.
> > Good luck and best wishes.
> > nass
> > "Dominiccoombe" wrote:
> >
> > > UPDATE:
> > >
> > > On sunday 12/30 the machine gave up all together and crashed with a
> > > system.drv was corrupted error.
> > >
> > > I went into windows recovery console and restored the file from disk.
> > >
> > > The machine came up fine.
> > >
> > > Does anyone know what wpdmtpDriver is?? there is an entry in event log for
> > > it.
> > >
> > > Happy New Years,
> > >
> > > Dominic
> > >
> > > "nass" wrote:
> > >
> > > >
> > > > Good luck, keep us posted.
> > > >
> > > > "Dominiccoombe" wrote:
> > > >
> > > > > Hi all,
> > > > >
> > > > > Happy new year.
> > > > >
> > > > > Basically I ended up uninstalling the HP printer driver, spysweerer and
> > > > > cloudmark antispam and firefox.
> > > > >
> > > > > I slowly added back the printer driver after reinstalling firefox and have
> > > > > been running to today without a crash.
> > > > >
> > > > > I am going to add spysweeper back today.
> > > > > I will take baby steps.
> > > > >
> > > > > Atleast we seem to have found what it was.
> > > > > Dominic
> > > > >
> > > > > "nass" wrote:
> > > > >
> > > > > >
> > > > > >
> > > > > > "Gerry" wrote:
> > > > > >
> > > > > > > Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
> > > > > > > Hope it's fine Xmas morning as I am travelling down to Wimbledon to
> > > > > > > visit my youngest daughter. You do not get smog like we saw in the 40's
> > > > > > > and 50's now.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Regards.
> > > > > > >
> > > > > > > Gerry
> > > > > > > ~~~~
> > > > > > > FCA
> > > > > > > Stourport, England
> > > > > > > Enquire, plan and execute
> > > > > > > ~~~~~~~~~~~~~~~~~~~
> > > > > >
> > > > > > Hi Gerry,
> > > > > > Yes, it is Foggy, we may see the white stuff/fluffy ones . Oh lord, that
> > > > > > before the clean Power came to age Gerry LOL.
> > > > > > Hope you have a nice drive down south and enjoy your Xmas whatever the
> > > > > > weather.
> > > > > > Season Greetings to you and All.
> > > > > > nass
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
. Oh lord, that