Blue screen crashes

  • Thread starter Thread starter Dominiccoombe
  • Start date Start date
Background information on Stop Error report:
http://msdn2.microsoft.com/en-us/library/ms794023.aspx

A kernel mode program generated an exception which the error handler
didn't catch. These are nearly always hardware compatibility issues
(which sometimes means a driver issue or a need for a BIOS upgrade).
http://aumha.org/a/stop.htm

Has there been any use of remote control software to maintain, update or
service this computer. Is the laptop used for work as well as pleasure?

What is your Windows XP CD as it is described on the face of the CD?

What is your computer make and model? How old is it?


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Dominiccoombe said:
this is the latest dump anaalysis to go with the event viewer


Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
System Uptime: 0 days 7:58:40.554
Loading Kernel Symbols
..........................................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}



Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80550320, The address that the exception occurred at
Arg3: a467aae8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+471
80550320 813e80000000 cmp dword ptr [esi],80h

TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
ErrCode = 00000000
eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0 nv
up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
80550320 813e80000000 cmp dword ptr [esi],80h
ds:0023:00000024=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: hpqste08.exe

LAST_CONTROL_TRANSFER: from bf802a9b to 80550320

STACK_TEXT:
a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72 e3b89b20
e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
a467abe0 bf84ac19 e3a82430 00000002 a467abfc
win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
a467ac14 bf8209f9 00000000 88d5fda8 00000000
win32k!DestroyProcessesObjects+0x70
a467ac3c bf819e30 00000001 a467ac64 bf819ef4
win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8 00000001
00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07 88d5fda8
00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0 8058c841
40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
WARNING: Frame IP not in any known module. Following frames may be
wrong. 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!HeavyFreePool+bb
bf802a9b 5d pop ebp

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!HeavyFreePool+bb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6

FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

Followup: MachineOwner
---------



Dominiccoombe said:
All,

I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
HDD

reinstalled the latest version of spysweeper.

Will see how it goes.

Dom

in meantime I will check out the malware
 
Gerry,

my machine is a custom built.

asus p5n32-sli se deluxe mobo
Kingston 2 * 1GB ram
WD SATA 250GB HDD
Intel core 2 duo E6600
XFX geforce 6800gt

My windows XP Pro cd is part of the MS Action pack.

This machine is a desktop used at home for mostly office applications.

It is about 1 1/2 years old.



Gerry said:
Background information on Stop Error report:
http://msdn2.microsoft.com/en-us/library/ms794023.aspx

A kernel mode program generated an exception which the error handler
didn't catch. These are nearly always hardware compatibility issues
(which sometimes means a driver issue or a need for a BIOS upgrade).
http://aumha.org/a/stop.htm

Has there been any use of remote control software to maintain, update or
service this computer. Is the laptop used for work as well as pleasure?

What is your Windows XP CD as it is described on the face of the CD?

What is your computer make and model? How old is it?


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Dominiccoombe said:
this is the latest dump anaalysis to go with the event viewer


Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
System Uptime: 0 days 7:58:40.554
Loading Kernel Symbols
..........................................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}



Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80550320, The address that the exception occurred at
Arg3: a467aae8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+471
80550320 813e80000000 cmp dword ptr [esi],80h

TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
ErrCode = 00000000
eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0 nv
up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
80550320 813e80000000 cmp dword ptr [esi],80h
ds:0023:00000024=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: hpqste08.exe

LAST_CONTROL_TRANSFER: from bf802a9b to 80550320

STACK_TEXT:
a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72 e3b89b20
e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
a467abe0 bf84ac19 e3a82430 00000002 a467abfc
win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
a467ac14 bf8209f9 00000000 88d5fda8 00000000
win32k!DestroyProcessesObjects+0x70
a467ac3c bf819e30 00000001 a467ac64 bf819ef4
win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8 00000001
00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07 88d5fda8
00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0 8058c841
40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
WARNING: Frame IP not in any known module. Following frames may be
wrong. 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!HeavyFreePool+bb
bf802a9b 5d pop ebp

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!HeavyFreePool+bb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6

FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

Followup: MachineOwner
---------



Dominiccoombe said:
All,

I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
HDD

reinstalled the latest version of spysweeper.

Will see how it goes.

Dom

in meantime I will check out the malware

:

Dominic

What Warning and Error Reports appear in Event Viewer since it's
removal? Can you please post copies.

If you have had a malware infestation one holds the door open to let
it's friends in.

Can you please post a copy of the latest Stop error report.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



Dominiccoombe wrote:
Gerry,

SSFS0BB8.SYS - does not exist on the machine after the uninstall of
webroot.


I will follow your spyware suggestions after I do the verifier and
chkdsk /r

Dominic

:

Dominic

Background information on Stop Error message
http://msdn2.microsoft.com/en-us/library/ms793989.aspx

http://aumha.org/a/stop.htm

SSFS0BB8.SYS -This file concerns me as I cannot ascertain what
it is but it has often cropped up in HijackThis files where the
user is seeking to remove malware.

Can you locate the file in Windows Explorer and examine it's
properties by right clicking on the file. Instructions on how to
Show hidden files are in the next paragraph.

Go to Start, Control Panel, Folder Options, View, Advanced
Settings and verify that the box before "Show hidden files and
folders" is checked and "Hide protected operating system files "
is unchecked. You may need to scroll down to see the second item.
You should also make certain that the box before "Hide extensions
for known file types" is not checked. Next in Windows Explorer
make sure View, Details is selected and then select View, Choose
Details and check before Name, Type, Total Size, and Free Space.


What are your anti-virus and anti-spyware arrangements?
http://www.elephantboycomputers.com/page2.html#Removing_Malware

I do not think it is is worth pursuing other avenues of enquiry
until the situation regarding malware is clearer.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Dominiccoombe wrote:
Gerry,

The last line of the minidump says
"Probably caused by : SSFS0BB8.SYS ( SSFS0BB8+2dd1 )"

Event Viewer
Date 12/18/07
Event Save Dump
Time 5:05:31
event id 1001
 
Gerry,

the machine is about 1 1/2 years old.
it is custom built.
this is a desktop mostly used for browsing, ms office, and outlook and ms
money.

parts include

asus p5n32-sle se deluxe mobo
Kingston 2 * 1GB ram 5-5-5-15
WD SATA 3gb 250GB
xfx geforce 6800gt
Intel core duo E6600 cpu


Yes I did have some remore control software on the machine for a short time.
it was logmein

my xp cd is xp pro from the microsoft action pack.


Gerry said:
Background information on Stop Error report:
http://msdn2.microsoft.com/en-us/library/ms794023.aspx

A kernel mode program generated an exception which the error handler
didn't catch. These are nearly always hardware compatibility issues
(which sometimes means a driver issue or a need for a BIOS upgrade).
http://aumha.org/a/stop.htm

Has there been any use of remote control software to maintain, update or
service this computer. Is the laptop used for work as well as pleasure?

What is your Windows XP CD as it is described on the face of the CD?

What is your computer make and model? How old is it?


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Dominiccoombe said:
this is the latest dump anaalysis to go with the event viewer


Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
System Uptime: 0 days 7:58:40.554
Loading Kernel Symbols
..........................................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}



Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80550320, The address that the exception occurred at
Arg3: a467aae8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+471
80550320 813e80000000 cmp dword ptr [esi],80h

TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
ErrCode = 00000000
eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0 nv
up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
80550320 813e80000000 cmp dword ptr [esi],80h
ds:0023:00000024=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: hpqste08.exe

LAST_CONTROL_TRANSFER: from bf802a9b to 80550320

STACK_TEXT:
a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72 e3b89b20
e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
a467abe0 bf84ac19 e3a82430 00000002 a467abfc
win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
a467ac14 bf8209f9 00000000 88d5fda8 00000000
win32k!DestroyProcessesObjects+0x70
a467ac3c bf819e30 00000001 a467ac64 bf819ef4
win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8 00000001
00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07 88d5fda8
00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0 8058c841
40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
WARNING: Frame IP not in any known module. Following frames may be
wrong. 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!HeavyFreePool+bb
bf802a9b 5d pop ebp

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!HeavyFreePool+bb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6

FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

Followup: MachineOwner
---------



Dominiccoombe said:
All,

I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
HDD

reinstalled the latest version of spysweeper.

Will see how it goes.

Dom

in meantime I will check out the malware

:

Dominic

What Warning and Error Reports appear in Event Viewer since it's
removal? Can you please post copies.

If you have had a malware infestation one holds the door open to let
it's friends in.

Can you please post a copy of the latest Stop error report.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



Dominiccoombe wrote:
Gerry,

SSFS0BB8.SYS - does not exist on the machine after the uninstall of
webroot.


I will follow your spyware suggestions after I do the verifier and
chkdsk /r

Dominic

:

Dominic

Background information on Stop Error message
http://msdn2.microsoft.com/en-us/library/ms793989.aspx

http://aumha.org/a/stop.htm

SSFS0BB8.SYS -This file concerns me as I cannot ascertain what
it is but it has often cropped up in HijackThis files where the
user is seeking to remove malware.

Can you locate the file in Windows Explorer and examine it's
properties by right clicking on the file. Instructions on how to
Show hidden files are in the next paragraph.

Go to Start, Control Panel, Folder Options, View, Advanced
Settings and verify that the box before "Show hidden files and
folders" is checked and "Hide protected operating system files "
is unchecked. You may need to scroll down to see the second item.
You should also make certain that the box before "Hide extensions
for known file types" is not checked. Next in Windows Explorer
make sure View, Details is selected and then select View, Choose
Details and check before Name, Type, Total Size, and Free Space.


What are your anti-virus and anti-spyware arrangements?
http://www.elephantboycomputers.com/page2.html#Removing_Malware

I do not think it is is worth pursuing other avenues of enquiry
until the situation regarding malware is clearer.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Dominiccoombe wrote:
Gerry,

The last line of the minidump says
"Probably caused by : SSFS0BB8.SYS ( SSFS0BB8+2dd1 )"

Event Viewer
Date 12/18/07
Event Save Dump
Time 5:05:31
event id 1001
 
Dominiccoombe said:
this is the latest dump anaalysis to go with the event viewer


Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
System Uptime: 0 days 7:58:40.554
Loading Kernel Symbols
..........................................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}



Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80550320, The address that the exception occurred at
Arg3: a467aae8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+471
80550320 813e80000000 cmp dword ptr [esi],80h

TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
ErrCode = 00000000
eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024 edi=00000000
eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!ExFreePoolWithTag+0x471:
80550320 813e80000000 cmp dword ptr [esi],80h
ds:0023:00000024=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: hpqste08.exe

LAST_CONTROL_TRANSFER: from bf802a9b to 80550320

STACK_TEXT:
a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8 nt!ExFreePoolWithTag+0x471
a467aba0 bf80e88f e3b89b20 bf9ab0e8 e3b89b20 win32k!HeavyFreePool+0xbb
a467abb8 bf838fac e3b89b20 e3b89b20 a467abe0 win32k!HMFreeObject+0xa0
a467abc8 bf838f72 e3b89b20 e3a82430 bc513f0c
win32k!DestroyEmptyCursorObject+0x1b
a467abe0 bf84ac19 e3a82430 00000002 a467abfc win32k!_DestroyCursor+0x105
a467abf0 bf84ac01 e3b89b20 a467ac14 bf8c09a6 win32k!DestroyUnlockedCursor+0xf
a467abfc bf8c09a6 bc5127e4 8905dde0 e3b3a820
win32k!HMDestroyUnlockedObject+0x1c
a467ac14 bf8209f9 00000000 88d5fda8 00000000
win32k!DestroyProcessesObjects+0x70
a467ac3c bf819e30 00000001 a467ac64 bf819ef4 win32k!xxxDestroyThreadInfo+0x22c
a467ac48 bf819ef4 88d5fda8 00000001 00000000 win32k!UserThreadCallout+0x4b
a467ac64 8056fc07 88d5fda8 00000001 88e3f968 win32k!W32pThreadCallout+0x3d
a467acf0 8058c841 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!HeavyFreePool+bb
bf802a9b 5d pop ebp

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!HeavyFreePool+bb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6

FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

Followup: MachineOwner
---------



Dominiccoombe said:
All,

I did verifer and chkdsk /r which ran for about 2 hours on my 250gb HDD

reinstalled the latest version of spysweeper.

Will see how it goes.

Dom

in meantime I will check out the malware


Uninstall your HP Printer and then run a check on your RAM and on the HDD.
Run Disk Clean up and Defrag in Safe Mode, try to monitor the Event Viewer
for error and check other Devices in the Device Manager for Conflict or
Malfunctioning.
If all goes okay without errors then the Printer driver was corrupt/damaged
and causing the issue to arise and you need to download the latest driver
for it from HP site.
This can happen if the system overheated or a Bad RAM, Motherboard going
Nuts or a BIOS outdated.
HTH.
nass
 
Dominic

I would try Start, Run, type "sfc /scannow" without quotes
and hit Enter.

Description of Windows XP and Windows Server 2003 System
File Checker (Sfc.exe)
http://support.microsoft.com/default.aspx?scid=kb;en-us;310747

You will need your CD.

Try Start, Run, type "sigverif.exe" without quotes and hit OK. What
drivers are listed as unsigned? Disregard those which are not checked.

I am wondering whether you left behind a bit og logmein when you
uninstalled?


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Gerry,

the machine is about 1 1/2 years old.
it is custom built.
this is a desktop mostly used for browsing, ms office, and outlook
and ms money.

parts include

asus p5n32-sle se deluxe mobo
Kingston 2 * 1GB ram 5-5-5-15
WD SATA 3gb 250GB
xfx geforce 6800gt
Intel core duo E6600 cpu


Yes I did have some remore control software on the machine for a
short time. it was logmein

my xp cd is xp pro from the microsoft action pack.


Gerry said:
Background information on Stop Error report:
http://msdn2.microsoft.com/en-us/library/ms794023.aspx

A kernel mode program generated an exception which the error handler
didn't catch. These are nearly always hardware compatibility issues
(which sometimes means a driver issue or a need for a BIOS upgrade).
http://aumha.org/a/stop.htm

Has there been any use of remote control software to maintain,
update or service this computer. Is the laptop used for work as well
as pleasure?

What is your Windows XP CD as it is described on the face of the CD?

What is your computer make and model? How old is it?


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Dominiccoombe said:
this is the latest dump anaalysis to go with the event viewer


Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free
x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
System Uptime: 0 days 7:58:40.554
Loading Kernel Symbols
..........................................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}



Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this
address as well as the link date of the driver/image that contains
this address.
Some common problems are exception code 0x80000003. This means a
hard coded breakpoint or assertion was hit, but this system was
booted /NODEBUG. This is not supposed to happen as developers
should never have hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint
is happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80550320, The address that the exception occurred at
Arg3: a467aae8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+471
80550320 813e80000000 cmp dword ptr [esi],80h

TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
ErrCode = 00000000
eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0
nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
80550320 813e80000000 cmp dword ptr [esi],80h
ds:0023:00000024=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: hpqste08.exe

LAST_CONTROL_TRANSFER: from bf802a9b to 80550320

STACK_TEXT:
a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72
e3b89b20 e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
a467abe0 bf84ac19 e3a82430 00000002 a467abfc
win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
a467ac14 bf8209f9 00000000 88d5fda8 00000000
win32k!DestroyProcessesObjects+0x70
a467ac3c bf819e30 00000001 a467ac64 bf819ef4
win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8
00000001 00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07
88d5fda8 00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0
8058c841 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c
nt!PsExitSpecialApc+0x22 a467ad4c 804de263 00000001 00000000
a467ad64 nt!KiDeliverApc+0x1af a467ad4c 7df7bd1b 00000001 00000000
a467ad64 nt!Kei386EoiHelper+0x3a WARNING: Frame IP not in any known
module. Following frames may be wrong. 0012fd34 00000000 00000000
00000000 00000000 0x7df7bd1b


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!HeavyFreePool+bb
bf802a9b 5d pop ebp

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!HeavyFreePool+bb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6

FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

Followup: MachineOwner
---------



:

All,

I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
HDD

reinstalled the latest version of spysweeper.

Will see how it goes.

Dom

in meantime I will check out the malware

:

Dominic

What Warning and Error Reports appear in Event Viewer since it's
removal? Can you please post copies.

If you have had a malware infestation one holds the door open to
let it's friends in.

Can you please post a copy of the latest Stop error report.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



Dominiccoombe wrote:
Gerry,

SSFS0BB8.SYS - does not exist on the machine after the uninstall
of webroot.


I will follow your spyware suggestions after I do the verifier
and chkdsk /r

Dominic

:

Dominic

Background information on Stop Error message
http://msdn2.microsoft.com/en-us/library/ms793989.aspx

http://aumha.org/a/stop.htm

SSFS0BB8.SYS -This file concerns me as I cannot ascertain what
it is but it has often cropped up in HijackThis files where the
user is seeking to remove malware.

Can you locate the file in Windows Explorer and examine it's
properties by right clicking on the file. Instructions on how to
Show hidden files are in the next paragraph.

Go to Start, Control Panel, Folder Options, View, Advanced
Settings and verify that the box before "Show hidden files and
folders" is checked and "Hide protected operating system files "
is unchecked. You may need to scroll down to see the second
item. You should also make certain that the box before "Hide
extensions for known file types" is not checked. Next in
Windows Explorer make sure View, Details is selected and then
select View, Choose Details and check before Name, Type, Total
Size, and Free Space.


What are your anti-virus and anti-spyware arrangements?
http://www.elephantboycomputers.com/page2.html#Removing_Malware

I do not think it is is worth pursuing other avenues of enquiry
until the situation regarding malware is clearer.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Dominiccoombe wrote:
Gerry,

The last line of the minidump says
"Probably caused by : SSFS0BB8.SYS ( SSFS0BB8+2dd1 )"

Event Viewer
Date 12/18/07
Event Save Dump
Time 5:05:31
event id 1001
 
Nass

That reference is to a Digital Imager i.e, scanner not a printer,
although it could be an All in One.


--
Yours sincerely,

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

G.C.J. Cornell
Financial Controller
Twojays Enterprises Ltd
(e-mail address removed)
Direct line 01299 824508 Fax 01299 822760

~~~~~~~~~~~~~~~~~~~~~~~~
Dominiccoombe said:
this is the latest dump anaalysis to go with the event viewer


Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini122107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Dec 21 02:36:31.843 2007 (GMT-5)
System Uptime: 0 days 7:58:40.554
Loading Kernel Symbols
..........................................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 80550320, a467aae8, 0}



Probably caused by : win32k.sys ( win32k!HeavyFreePool+bb )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this
address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a
hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80550320, The address that the exception occurred at
Arg3: a467aae8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+471
80550320 813e80000000 cmp dword ptr [esi],80h

TRAP_FRAME: a467aae8 -- (.trap 0xffffffffa467aae8)
ErrCode = 00000000
eax=ffdf0004 ebx=89bb4b80 ecx=8055c600 edx=00000060 esi=00000024
edi=00000000 eip=80550320 esp=a467ab5c ebp=a467ab90 iopl=0
nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010202 nt!ExFreePoolWithTag+0x471:
80550320 813e80000000 cmp dword ptr [esi],80h
ds:0023:00000024=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: hpqste08.exe

LAST_CONTROL_TRANSFER: from bf802a9b to 80550320

STACK_TEXT:
a467ab90 bf802a9b e3b89b20 88f876c8 a467abb8
nt!ExFreePoolWithTag+0x471 a467aba0 bf80e88f e3b89b20 bf9ab0e8
e3b89b20 win32k!HeavyFreePool+0xbb a467abb8 bf838fac e3b89b20
e3b89b20 a467abe0 win32k!HMFreeObject+0xa0 a467abc8 bf838f72
e3b89b20 e3a82430 bc513f0c win32k!DestroyEmptyCursorObject+0x1b
a467abe0 bf84ac19 e3a82430 00000002 a467abfc
win32k!_DestroyCursor+0x105 a467abf0 bf84ac01 e3b89b20 a467ac14
bf8c09a6 win32k!DestroyUnlockedCursor+0xf a467abfc bf8c09a6 bc5127e4
8905dde0 e3b3a820 win32k!HMDestroyUnlockedObject+0x1c
a467ac14 bf8209f9 00000000 88d5fda8 00000000
win32k!DestroyProcessesObjects+0x70
a467ac3c bf819e30 00000001 a467ac64 bf819ef4
win32k!xxxDestroyThreadInfo+0x22c a467ac48 bf819ef4 88d5fda8
00000001 00000000 win32k!UserThreadCallout+0x4b a467ac64 8056fc07
88d5fda8 00000001 88e3f968 win32k!W32pThreadCallout+0x3d a467acf0
8058c841 40010004 a467ad4c 804e74b8 nt!PspExitThread+0x3cc
a467acfc 804e74b8 88e3f968 a467ad48 a467ad3c nt!PsExitSpecialApc+0x22
a467ad4c 804de263 00000001 00000000 a467ad64 nt!KiDeliverApc+0x1af
a467ad4c 7df7bd1b 00000001 00000000 a467ad64 nt!Kei386EoiHelper+0x3a
WARNING: Frame IP not in any known module. Following frames may be
wrong. 0012fd34 00000000 00000000 00000000 00000000 0x7df7bd1b


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!HeavyFreePool+bb
bf802a9b 5d pop ebp

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!HeavyFreePool+bb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45f013f6

FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

Followup: MachineOwner
---------



Dominiccoombe said:
All,

I did verifer and chkdsk /r which ran for about 2 hours on my 250gb
HDD

reinstalled the latest version of spysweeper.

Will see how it goes.

Dom

in meantime I will check out the malware

:

Dominic

What Warning and Error Reports appear in Event Viewer since it's
removal? Can you please post copies.

If you have had a malware infestation one holds the door open to
let it's friends in.

Can you please post a copy of the latest Stop error report.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Uninstall your HP Printer and then run a check on your RAM and on the
HDD. Run Disk Clean up and Defrag in Safe Mode, try to monitor the
Event Viewer for error and check other Devices in the Device Manager
for Conflict or Malfunctioning.
If all goes okay without errors then the Printer driver was
corrupt/damaged and causing the issue to arise and you need to
download the latest driver for it from HP site.
This can happen if the system overheated or a Bad RAM, Motherboard
going Nuts or a BIOS outdated.
HTH.
nass
 
Gerry said:
Nass

That reference is to a Digital Imager i.e, scanner not a printer,
although it could be an All in One.


--
Yours sincerely,

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

G.C.J. Cornell
Financial Controller
Twojays Enterprises Ltd
(e-mail address removed)
Direct line 01299 824508 Fax 01299 822760

~~~~~~~~~~~~~~~~~~~~~~~~


Hi Gerry,
Yes, it is for HP Digital Imaging, and it could be ALL-In-One HP Printer as
you mentioned, located here:
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
The OP need to take OFF from the Start Up List or uninstall and Reinstall it.
HTH and Happy Xmas.
nass
 
Hi all,

Last post before xmas.

I uninstalled everything to do with the printer which is an HP.

I left the machine run for over a day and everything work fine.

I downloaded the plain printer driver fom HP again and reinstalled. am now
waiting and hoping.

Hopefully this was the problem.

Will keep you posted

Happy Christmas and thanks for all the help so far.

Dominic Coombe
 
Dominic

Good luck and enjoy your Christmas.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
Hope it's fine Xmas morning as I am travelling down to Wimbledon to
visit my youngest daughter. You do not get smog like we saw in the 40's
and 50's now.



--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Gerry said:
Enjoy your Xmas Nass. I hear it was very foggy earlier today in London.
Hope it's fine Xmas morning as I am travelling down to Wimbledon to
visit my youngest daughter. You do not get smog like we saw in the 40's
and 50's now.



--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Hi Gerry,
Yes, it is Foggy, we may see the white stuff/fluffy ones :-) . Oh lord, that
before the clean Power came to age Gerry LOL.
Hope you have a nice drive down south and enjoy your Xmas whatever the
weather.
Season Greetings to you and All.
nass
 
Hi all,

Happy new year.

Basically I ended up uninstalling the HP printer driver, spysweerer and
cloudmark antispam and firefox.

I slowly added back the printer driver after reinstalling firefox and have
been running to today without a crash.

I am going to add spysweeper back today.
I will take baby steps.

Atleast we seem to have found what it was.
Dominic
 
Good luck, keep us posted.

Dominiccoombe said:
Hi all,

Happy new year.

Basically I ended up uninstalling the HP printer driver, spysweerer and
cloudmark antispam and firefox.

I slowly added back the printer driver after reinstalling firefox and have
been running to today without a crash.

I am going to add spysweeper back today.
I will take baby steps.

Atleast we seem to have found what it was.
Dominic
 
UPDATE:

On sunday 12/30 the machine gave up all together and crashed with a
system.drv was corrupted error.

I went into windows recovery console and restored the file from disk.

The machine came up fine.

Does anyone know what wpdmtpDriver is?? there is an entry in event log for
it.

Happy New Years,

Dominic
 
Correct I have an external USB HDD, has been on the machine since the
beginning.

NO ZUNE.

I will go and read the article.

Dominic
 
Hi All,

Ok my machine is doing it again.

Last night it blue screened with the message
"Bad Pool Header"

anyone care to offer a suggestion to what that is.

Thanks
Dominic
 
Dominic

Background information on Stop Error message
http://msdn2.microsoft.com/en-us/library/ms793223.aspx

A pool header issue is a problem with Windows memory allocation. Device
driver issues are probably the msot common, but this can have diverse
causes including bad sectors or other disk write issues, and problems
with some routers. (By theory, RAM problems would be suspect for memory
pool issues, but I haven't been able to confirm this as a cause.)
Source: http://aumha.org/a/stop.htm

Please post a copy of the actual Stop Error message.

Try running HD Tune(freeware).

Download and run it and see what it turns up.
http://www.hdtune.com/

Select the Info tabs and place the cursor on the drive under Drive
letter and then double click the two page icon ( copy to Clipboard )
and copy into a further message.

Select the Health tab and then double click the two page icon ( copy to
Clipboard ) and copy into a further message. Make sure you do a full
surface scan with HD Tune.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
after reading your very helpful post i must tell you i am a complete novice
when it comes to pc's but i have had the following error message periodically
over the last three weeks
it all starts with a blue screen stating :- kernel data inpage error
the following then comes up :-

ATAPI.SYS-address
f73D650C BASE AT F73C9000,DATESTAMP 4802539d
now as a complete novice this is meaningless to me but the background to
this is that this a pc i have bought locally and was of the opinion that it
was a software conflict caused by a gaming program from the states that i use
most days , but having read these posts it may not be the case
i have taken the pc back to the shop and every time it is plugged in it
appears to work ok
then when i get it home the blue screen appears again
is it possibly a mobo problem or other internal hardware as this is
warranted by the shop for 3 months for hardware only
please tell me that this can be fixed without any further expense the pc
came with Win XP home edition pre loaded and apart from this problem
everything does what i want it to do
some form of printable reply from you would be most appreciated so i can get
another pc from the same shop or get it fixed properly
kindest regards
Terry Andrews

E mail address :- doscomk2a @yahoo.co.uk

nass said:
Hi,
Please read all the info then execute:
This error indicate that a piece of Data is being tried to be accessed from
a bad Sector or the opposite a piece of data tried to be written to a bad
Sectors on a Hard rive or a RAM.
So first check your Hard drive and all the drivers are verified.

Any hardware/software or updates installed recently?, please state all if
any in your next post.
You can use this driver verifier command:
verifier.exe click [OK]
First try to eliminate hardware, by going to Device manager and check by
expanding the Plus [+] to see all devices listed, if there is a
malfunctioning device or conflicting device it will show in Device manager.

This always refer to a bad Hardware/driver installed.
Try the Last good known Configuration to log into the system, then open
Device manager and see if there is any malfunctioining Devices or conflict in
IRQ, also look in the Event Viewer for error message and post them back in
your next post.
Read this articles and see, but how did you get rid of the Contra?.

Open a run command and type in these commands to see if there is a conflict
in /among drivers :
pstat.exe click [OK]
dmpchck.exe click [OK]
What you get from running this commands?.

How to perform a clean boot in Windows XP
http://support.microsoft.com/?id=310353
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/kb/315222/en-us

Try to use the Verifier.exe command to see which Drivers not Verified on
your system:
How to Use Driver Verifier to Troubleshoot Windows Drivers
http://support.microsoft.com/kb/244617/en-us

You may have a bad RAM try to test your RAM by running Memtest by
downloading this tool and unzip it and make a floppy or CD/DVD and run it on
Reboot.
http://www.memtest86.com/
You may need to reposition/reset the RAM sticks in their slots.
After that you could do a repair install, and then test.
http://www.michaelstevenstech.com/XPrepairinstall.htm

Use the command chkdsk /r with recovery console:
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/326215

Error Message "Stop 0x0000007A" KERNEL_DATA_INPAGE_ERROR
http://support.microsoft.com/kb/275149
Stop 0x0000007A or KERNEL_DATA_INPAGE_ERROR
http://www.microsoft.com/technet/pr...serv/reskit/prork/prhd_exe_qofl.mspx?mfr=true


Common Causes of STOP Messages 0x00000077 and 0x0000007A
http://support.microsoft.com/kb/130801

More solutions for 0x0000007A
http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q=0x0000007A

This can Indicate a BHO is corrupted or damaged and causing the Shell error,
so try to Disable the Un-verified Add-Ons on your Browser and see if that
will help.

*Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Open a Notepad, customize or minimize to the taskbar as you will need it
later for this step to copy the error message on it.
Open a run command and type in:
eventvwr.msc click [OK] you will get the Event viewer control Panel.
click on each of these:
Application
System
Security
Look in the right Pane/window for error message with red (X) or Yellow
exclamation mark /!\ , double click each one to get more info about the
causer.
On the Event error properties message you will see:
Up Arrow
Down arrow
Two pages
Click on the two pages to copy the error message then bring up the Notepad
you opened earlier and right click on the first line and select Paste from
the list, this will paste the error message on a Notepad.
Please don't duplicate the error message one of each kind will be sufficient.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Please we need just the error messages with Red (X) and don't repeat the
error, just one of each kind and post them back in your next post.

== SSFS0BB8.SYS is for webroot, do you have webroot installed?, if you do
try to uninstalll it and then run Disk clean up and reinstall it again, does
it help?.

HTH.
nass
-----
http://www.nasstec.co.uk

Dominiccoombe said:
Gerry,

The last line of the minidump says
"Probably caused by : SSFS0BB8.SYS ( SSFS0BB8+2dd1 )"

Event Viewer
Date 12/18/07
Event Save Dump
Time 5:05:31
event id 1001

The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a
(0x00000003, 0xc0000005, 0x0000005c, 0x00000000). A dump was saved in:
C:\WINDOWS\Minidump\Mini121807-01.dmp.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Does any of that help??

dominic
 
Back
Top