Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSODs; volsnap.sys identified

10 Dec 2012   #1
cwaters

Windows 7 Ultimate x64 w/SP1
 
 
Win7 BSODs; volsnap.sys identified; how diagnose and resolve?

My three-year old Dell Studio XPS desktop PC running Windows 7 x64 (with SP1) had become sluggish; so about two months ago, I formatted the HDD and then performed a new install. It had been working fine for about a month. Over the last few weeks, however, upon my unlocking the desktop I've been noticing that the system has unexpectedly rebooted. Upon the loading of my profile, Windows will inevitably display a message saying that a critical error occurred and that the system unexpectedly shutdown. Sometimes the system will lock-up right after I enter my credentials to unlock the desktop or even to log in.

The System log shows that the PC has unexpectedly rebooted about 20 times over the last three weeks. The following two error/critical events appear with each unexpected reboot:

Source: EventLog
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Description: The previous system shutdown at ... was unexpected.

Source: Microsoft-Windows-Kernel-Power
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

A surface scan of the HDD using SpinRite doesn't report any problems.

I had added memory to the system just prior to my performing the new install. I used MemTest86 utility over the past 36 hours, performing 10 passes; no errors were found.

All Windows Updates are installed.

SFC /SCANNOW reports "Windows Resource Protection did not find any integrity violations."

Full scans in MSE show the system to be clean. Various malware-detecting utilities report the system to be clean, too.

The BlueScreenView utility shows two mini-dump files: one associated with the earliest reboot listed in the System Log (it occurred about three weeks ago) and one associated with a reboot that occurred about a week ago. The PC has unexpectedly rebooted many times since then; not sure why no other dump files are present. For both mini-dump files, the Bug Check String is DRIVER_IRQL_NOT_LESS_OR_EQUAL, the Bug Check Code is 0x000000d1, and the Caused By Driver is volsnap.sys.

Upon analyzing the full memory dump file and the two mini-dump files, the "Who Crashed" utility vaguely reports: "This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time."

I only have one restore point, dated today -- even though there is over 440 GB of drive space and the system is configured to use it. Not sure why there are no other restore points. I wonder if this is somehow related to the mention of the volsnap.sys driver associated with the unexpected reboots?

Since unchecking the System failure "Automatically restart" checkbox, I've seen a few of the BSOD's; they all reference volsnap.sys.

I considered using the Verifier tool but it didn't seem relevant -- since volsnap.sys is a Microsoft file.

Suspecting volsnap.sys and learning that it corresponds to the Volume Shadow Copy service, I stopped the service. A few minutes later, however, I noticed it had been started. I stopped the service again, numerous times, but it kept starting; not sure what's causing that. I have now stopped the service and have set it to "Disabled".

I have attached the SF_Diagnostic_Tool ZIP file.

Thank you for any suggestions as to how to diagnose and resolve this problem!


My System SpecsSystem Spec
.
11 Dec 2012   #2
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

Hello cwaters.

Both the dumps are exactly the same, and they are showing a lot of this particular error ....
Code:
fffff880`02f1bd98  fffff880`010acf5c ataport!IdePortCompletionDpc
In this situation, I am suggesting you to scan the system for possible virus infection.
When done, free up the startup.
  1. Click on the Start button
  2. Type “msconfig (without quotes), click the resulting link. It will open the System Configuration window.
  3. Select the “Startup” tab.
  4. Deselect all items other than the antivirus.
  5. Apply > OK
  6. Accept the restart.
One problematic element is still remained there, but apparently it is not a startup issue but a BIOS rootkit that is causing the issues.
My System SpecsSystem Spec
11 Dec 2012   #3
cwaters

Windows 7 Ultimate x64 w/SP1
 
 

Thanks! I ran TDSSKiller when I first started encountering the problem a few weeks ago. I see that it was updated 8 days ago -- so I will download and run that version. I'm curious; TDSSKiller runs within Windows, so how effective can it be at detecting low-level malware?

I will setup Windows Defender Offline media and then scan my system. Had been wondering whether there was such a thing. Again, since MSE runs within Windows, how effective can it be at detecting low-level malware?

I'm confused about your last suggestion. How will 'freeing up the startup' help? What should I look for and/or do afterward?

BTW, since disabling the VSC service, I've not encountered any unexpected reboots. Could that indicate that my volsnap.sys file is truly corrupt (or worse, infected)?
My System SpecsSystem Spec
.

11 Dec 2012   #4
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

My System SpecsSystem Spec
11 Dec 2012   #5
cwaters

Windows 7 Ultimate x64 w/SP1
 
 

Quote   Quote: Originally Posted by Kaktussoft View Post
did you do: chkdsk/r c:
??
I just now performed this. A reboot was required. Through the first four steps, no errors were detected. The fifth/final step ('checking free space') ran for at least an hour, slowly progressing, but I missed the end results. BTW, is there a way to make the results remain on the screen ... so as to prevent the Windows GUI from loading?
My System SpecsSystem Spec
12 Dec 2012   #6
cwaters

Windows 7 Ultimate x64 w/SP1
 
 

Quote   Quote: Originally Posted by cwaters View Post
Thanks! I ran TDSSKiller when I first started encountering the problem a few weeks ago. I see that it was updated 8 days ago -- so I will download and run that version. I'm curious; TDSSKiller runs within Windows, so how effective can it be at detecting low-level malware?
The updated version of TDSSKiller, using the default parameters, did not find any threats. I did not select the "Loaded modules" option since it says it requires a reboot so as to install a driver.
My System SpecsSystem Spec
12 Dec 2012   #7
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by cwaters View Post
Quote   Quote: Originally Posted by Kaktussoft View Post
did you do: chkdsk/r c:
??
I just now performed this. A reboot was required. Through the first four steps, no errors were detected. The fifth/final step ('checking free space') ran for at least an hour, slowly progressing, but I missed the end results. BTW, is there a way to make the results remain on the screen ... so as to prevent the Windows GUI from loading?
Check Disk (chkdsk) - Read Event Viewer Log
My System SpecsSystem Spec
12 Dec 2012   #8
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Did you do #4 already?
My System SpecsSystem Spec
12 Dec 2012   #9
cwaters

Windows 7 Ultimate x64 w/SP1
 
 

Quote   Quote: Originally Posted by Kaktussoft View Post
Did you do #4 already?
Yes, I did. Please #5....and your reply (#7). Or did I misunderstand the question?
My System SpecsSystem Spec
12 Dec 2012   #10
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

If you are asking ....
Quote   Quote: Originally Posted by cwaters View Post
Thanks! I ran TDSSKiller when I first started encountering the problem a few weeks ago. I see that it was updated 8 days ago -- so I will download and run that version. I'm curious; TDSSKiller runs within Windows, so how effective can it be at detecting low-level malware?
It works almost all the times, I have never seen it failing.

Quote   Quote: Originally Posted by cwaters View Post
I will setup Windows Defender Offline media and then scan my system. Had been wondering whether there was such a thing. Again, since MSE runs within Windows, how effective can it be at detecting low-level malware?
MSE gives you the real time protection. For scanning, you should use WDO.
Quote   Quote: Originally Posted by cwaters View Post
I'm confused about your last suggestion. How will 'freeing up the startup' help? What should I look for and/or do afterward?
It will help you to determine if any startup entries are causing any issue there.

Quote   Quote: Originally Posted by cwaters View Post
BTW, since disabling the VSC service, I've not encountered any unexpected reboots. Could that indicate that my volsnap.sys file is truly corrupt (or worse, infected)?
Probably the worse ... as rootkits are there.
My System SpecsSystem Spec
Reply

 BSODs; volsnap.sys identified




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD from volsnap.sys
Hi I've searched the web for solving BSOD related to volsnap.sys. It happens sporadically while the machine is on but I'm not doing something. Attached is output of the SF Diagnostic Tool. I searched the web on this, and I don't have TrendMicro installed. I've tried doing a sfc /scannow as well...
BSOD Help and Support
No HDD has been identified in your system.
Hey sevenforums, ive been having loads of problems with my PC.. And i got the error A disk error has occurred Press Ctrl+Alt+Del to restart and i get an infinite loop. So i googled around and saw someone said use HDD diagnostic, i used Ultimate Boot CD followed his steps and it says: No Hard...
Hardware & Devices
volsnap.inf
I recently did a sfc /scannow, and I found out that the only file with multiple accounts of corruption had to deal with volsnap.inf. How do I fix this? Other than probably re-formatting my entire harddrive, or at least the first partition where the OS is installed.
BSOD Help and Support
Help identified BSOD
Hi im New here.. i was searching google and found this site.. i think you folks could help me solved the BSOD im getting.. Recently i did Reformat on my OS and had a little run down with my Formating (having trouble installing) my SSD and in the end i Solved it. but after i did all the installing...
BSOD Help and Support
BSOD from volsnap
Hi, Just today I started getting BSOD with reference to volsnap.sys system: i920 core i7 Gigabyte X58 Extreme 12 GB RAM Windows 7 Ultimate x64 Reinstalled about a month ago
BSOD Help and Support
volsnap.sys BSOD
Hi everyone, i just purchased a MSI U200 not too long ago that came with a free Win 7 preinstalled. However i'm experiencing random BSOD after few days of purchase. Initially it was the IRQL Driver not less or qual BSOD. I reformated back to factory defaults. However today i experienced...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:57.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App