 
        jclarkw
MemberAbout jclarkw

Profile Information
- 
											
												OS
												XP Pro x86
jclarkw's Achievements
0
Reputation
- 
	Thanks! Got it.
- 
	I feel like an id*** (apparenly the word is not permitted, but the last three letters are "iot"), but I cannot find a link to my Private Messaging folders in these forums. Sure, I can SEND private messages to any poster or member who accepts them. What I can't seem to do is find a record of my sent messages, nor of any replies that I might have received. (I've refused direct e-mail on the assumption that I can find all of this on line...) A quick pointer would certainly be appreciated. -- jclarkw
- 
	Thanks again, MagicAndre1981. I'd like to give you credit for solving my problem, but I don't immediately see how... -- jclarkw
- 
	I found two ways to do myself at least part of what you did for me. Perhaps they will help some other readers: BlueScreenView works like a champ and has the added benefit of no "install." It found both of my suspect drivers right away (after the fact, or course, since you had already pointed them out). Next time I think I can do it on my own with this tiny tool. Next I tried the free-for-home-use version of WhoCrashed from Resplendence (referenced in one of the BlueScreenView reviews that I read), which requires the Windows Debugging Tools ("http://msdl.microsoft.com/download/symbols/debuggers/dbg_x86_6.11.1.404.msi" for my version of Windows), but which gives even more specific results. Having also installed those tools, I now see Dumpchk.exe in the Debugging Tools root directory. Dumpchk output even shows up now in BlueScreenView. I even figured out how to incorporate Win XP SP3 symbols, although not those for the 3rd-party drivers, into the Debugging Tools (and into Dumpchk) by downloading them from "http://msdl.microsoft.com/download/symbols/packages/windowsxp/WindowsXP-KB936929-SP3-x86-symbols-full-ENU.exe." (WhoCrashed won't incorporate symbol stores unless you pay for the "Professional" version.) Both free progarms seem to be winners, although WhoCrashed takes a lot more overhead. Best Regards. - jclarkw
- 
	Right on the money. Thanks a lot! BlueScreenView works like a champ and has the added benefit of no "install." It found both of my suspect drivers right away (after the fact, or course, since I had already gotten help with my immediate problem). Next time I think I can do it on my own with this tiny tool. Next I tried the home-use version of WhoCrashed from Resplendence (referenced in one of the BlueScreenView reviews that I read), which requires the Windows Debugging Tools to which you pointed me, but which gives even more specific results. Having also installed those tools, I now see Dumpchk.exe in the Debugging Tools root directory. Dumpchk output even shows up now in BlueScreenView. I even figured out how to incorporate Win XP SP3 symbols, although not those for the 3rd-party drivers, into the Debugging Tools (and into Dumpchk) by downloading them from "http://msdl.microsoft.com/download/symbols/packages/windowsxp/WindowsXP-KB936929-SP3-x86-symbols-full-ENU.exe." Both free progarms seem to be winners, although WhoCrashed takes a lot more overhead. Thanks again for putting me on the right track! - jclarkw
- 
	Funny you should mentione that. I've been getting more and more fed up with ZA Extreme Security since CheckPoint took over. (I liked their original free firewall pretty well, after considerable tweaking, if only out of ignorance.) Now it's an inscrutable monster program whose most potentially valuable feature, browser virtualization, no longer works for me in the current version but crashes every time IE 8. (yYs, I'm probably benighted in the browser department as well, but I've only so much energy to devote to computer maintenance.) Anyhow, thanks for your previous comments, and perhaps you can suggest other firewall/AV/Web-security vendors that I might consider...
- 
	Dear MagicAndre1981 -- Thanks. You were dead right about klif.sys -- only your second try (details below just in case anyone else is intersted)! Question: How can I figure this out for myself next time I'm hit with the BSOD (pretty rare in XP SP3)? I'm not an IT -- these modern systems are way over my head -- but I do have a lot of experience with Window plus considerably direct programming in Forth, C, Basic, Fortran, etc. Is there a tool that I can safely use to solve these problems for myself? (I was trying to get "Dumpchk.exe" from Debugging Tools in Windows SDK for x86, but it seems not to be there and anyhow is apparently not much good. Somebody else suggested http://www.nirsoft.net/utils/blue_screen_view.html, but ZoneAlarm Extreme Security advises me that the site is "known to distribute spyware." ) Details: After uninstalling ShadowProtect 3.5 (GREAT software, but I need to update it anyhow) to get rid of stcvsm.sys (without solving the problem), I also clean-uninstalled Zone Alarm Extreme Security 9.3.037 to get rid of klif.sys. Then I uninstalled and re-installed WAIK, just in case that installation had been interrered with by ZAES. On re-installing WAIK, I found that the WinPE 2.0 build went smoothly -- no BSOD. To confirm I re-installed ZAES 9.3.037 (bringing back the old version of klif.sys, and another WinPE build immediately brought on the same BSOD. (I didn't try the newest version of ZAES, which I am told has a new version of the Kaspersky AV engine, but that's another story and is OK because I now have the PE boot CD that I wanted and no longer need WAIK.) Thanks again! -- jclarkw
- 
	ZoneAlarm tells me that the Nirsoft site is "known to distribute spyware." I guess I'll try your other suggestion... Thanks -- jclarkw
- 
	OK, this MIGHT have been installed by my current version of ZoneAlarm Extreme Security (9.3.037 -- not the latest because versions 10.x do not work properly on my system -- another investigation in progress...) OR it MIGHT have survived Ccleaner after a "clean" uninstall of ZAES 10.x. (I do remember that, after running, Ccleaner I searched for and deleted any remaining directories with names containing "ZoneAlarm" or "Checkpoint," but I forgot to check for "ZoneLabs." I do not remember whether ZA currently uses Kaspersky, or whether it was only in an earlier version. I will try to find out, but it may take a day or two. More later...
- 
	Well, I uninstalled ShadowProtect Desktop and ran Ccleaner for good measure. stcvsm.sys no longer exists anywhere on the system. Nevertheless, I still get the same BSOD (described in detail earlier in this thread). Attached is the current minidump, in hopes that it will help. . Just ouf of curiosity, ince the BSOD mentions NTFS.sys, I checked its version: 5.1.2600.5512 (xpsp.080413-2111). Note that there is a discussion of Stop x24 that may occur during a Windows Vista install at http://support.microsoft.com/kb/935806; but none of its conditions seem to really apply to my case, especially since WinPE manifestly CAN access other NTFS directories without trouble. (In fact, I also get the BSOD if I try to examine the winpe\mount directory with Windows Explorer just after the imagex command the presumably populates it -- that would be while the WinPE command window is still open. After the BSOD restart the directory still exists but is empty.) Mini120211-02.zip
- 
	THANKS; this looks like really useful information! I will try it... One more ignorant follow-up question, if I may: Is there a way to get a list of currently installed drivers? I can see that a couple of ShadowProtect services are running in the background (even though I didn't intend that), but I don't know how to tell if the driver, stcvsm.sys, is currently active. (Perhaps I can just temporarily disable it?) At least I can (probably) determine the driver version number and see if an update makes any difference...
- 
	Thanks for your suggestion. What I actually downloaded was the ISO version of Windows SDK for x86, "GRMSDK_EN_DVD.iso," which appears identical in function to the Web installer. I installed only the debugging tools; but I didn't find an up-to-date version of dumpchk in there, so I gave up. (The installer complained that I had only the client version of .NET 4 so that some features would not be available. I also noticed that and the SDK command prompt started up with a lot of warnings, perhaps becuase I limited too severely the features installed, Note that I'm not an IT person, just an experienced Windows user. Is there some minimum install for the debugging tools to operate properly?) Is there another tool that's useful to determine the cause of a BSOD? -- jclarkw
- 
	In an effort to lay away some recovery tools for a rainy day, my interest here is in 'Dumpchk.exe' for exposing the conditions of (if not the reasons for) a BSOD. According to MS documents (e.g., Article ID 315271 and its references), one can install Windows debugging tools that will work under XP either from the Windows SDK (specifically "GRMSDK_EN_DVD.iso") or from the XP SP3 insallation disk. In neither case have I had success. Nowhere in SDK can I find Dumpchk. And the version of that executable that I do get from my XP SP3 installation disk offers no self-documentation (using the /? option) and does not behave at all as described in the abovementioned article. In fact it seems to completely ignore the command-line options that I enter. Can anyone shed light on this issue? Best Regards. -- jcalrkw
- 
	Dear MagicAndre1981 -- I have finally straightened out my CrashControl settings (they were set to "Complete memory dump"), produced a 'minidump,' and attempted to attach a PKZipped version hereto. The details of the crash are the same as before, running from an 'administrator' account on Windows XP SP3 without loading antivirus: Start/Programs/Windows AIK[original Vista version from 7/13/07]/PE Tools Command Prompt/"copype x86 c:\winpe"<enter>; "imagex /mountrw c:\winpe\winpe.wim 1 c:\winpe\mount"<enter>; "cd mount"<enter>; BSOD, "STOP: 0x00000024... ntfs.sys..." There's no problem with a "dir" from the \winpe directroy that lists the 'mount' directory, but almost anything directly involving the \mount directory itself (e.g., "peimg /list /image=c:\winpe\mount"<enter>) will cause the same crash. Thanks for any help! -- jclarkw Mini113011-01.zip
- 
	"Error You aren't permitted to upload this kind of file" How am I supposed to upload "Mini113011-01.dmp?" -- jclarkw
