BSOD caused by ntoskrnl.exe and volmgr.sys


New Member

I've been trying to find out why I'm getting all these blue screens today. Lately I've been getting a lot of malware and virus from the internet and I've removed them but they keep coming back and now I started getting the blue screen and I thought it was because of it. I've run my anti virus scan and malware scan but every time I start up my computer, I get the blue screen once I get to my desktop. I can't turn on my computer at all without getting the blue screen expect in safe mode. I'm in safe mode right now and I found out that I'm getting these blue screens from ntoskrnl.exe and volmgr.sys.

I'm running on Vista x64 bit with the original OS installed. OEM and I've had my computer for about 2 years and never re-installed in the OS.

I wasn't able to run a system health report but I do have the Windows_NT6_BSOD_jcgriff2 folder.

I could really use some help. Thanks!


My Computer


Vista Guru
Gold Member
STOP 0x0000003B: SYSTEM_SERVICE_EXCEPTION Usual causes: System service, Device driver, graphics driver, ?memory

 icrosoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\richc46\AppData\Local\Temp\Temp13_Windows_NT6_BSOD_jcgriff2[1].zip\Windows_NT6_BSOD_jcgriff2\Mini012911-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*
Executable search path is: 
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Machine Name:
Kernel base = 0xfffff800`01e06000 PsLoadedModuleList = 0xfffff800`01fcadd0
Debug session time: Sat Jan 29 21:07:49.987 2011 (GMT-5)
System Uptime: 0 days 0:01:29.846
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, 200, fffffa600b081ef0, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceHandler+7c )
Followup: MachineOwner
1: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
An exception happened while executing a system service routine.
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: 0000000000000200, Address of the exception record for the exception that caused the bugcheck
Arg3: fffffa600b081ef0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
00000000`00000200 ??              ???
CONTEXT:  fffffa600b081ef0 -- (.cxr 0xfffffa600b081ef0)
rax=0000000000000000 rbx=000000010b2eabc0 rcx=2b992ddfa2320000
rdx=fffff8800b381110 rsi=fffff8800a27b4d0 rdi=0000000000000000
rip=0000000000000200 rsp=fffffa600b082750 rbp=0000000001000008
 r8=fffff8800b371290  r9=0000000000025be0 r10=0000000000000691
r11=fffffa6000b04970 r12=0000000000000008 r13=0000000000000001
r14=fffffa80068b3a40 r15=fffffa8007673601
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
00000000`00000200 ??              ???
Resetting default scope
PROCESS_NAME:  wermgr.exe
LAST_CONTROL_TRANSFER:  from 000000010b2eabc0 to 0000000000000200
fffffa60`0b081538 fffff800`01e6026e : 00000000`0000003b 00000000`c0000005 00000000`00000200 fffffa60`0b081ef0 : nt!KeBugCheckEx
fffffa60`0b081540 fffff800`01e5fc3c : fffffa60`0b082518 fffffa60`0b081ef0 fffff800`01f61548 fffff800`01e06000 : nt!KiBugCheckDispatch+0x6e
fffffa60`0b081680 fffff800`01e8bddd : 00000000`00000000 fffff800`01e06000 fffffa60`0b083000 fffff800`02009490 : nt!KiSystemServiceHandler+0x7c
fffffa60`0b0816c0 fffff800`01e8c09f : fffffa60`00000001 00000000`00000001 00000000`00000000 fffffa60`0b082c20 : nt!RtlpExecuteHandlerForException+0xd
fffffa60`0b0816f0 fffff800`01e99756 : fffffa60`0b082518 fffffa60`0b081ef0 fffffa60`00000000 fffff800`0000001c : nt!RtlDispatchException+0x22f
fffffa60`0b081de0 fffff800`01e60329 : fffffa60`0b082518 00000001`0b2eabc0 fffffa60`0b0825c0 fffff880`0a27b4d0 : nt!KiDispatchException+0xc2
fffffa60`0b0823e0 fffff800`01e5f125 : 00000000`00000008 00000000`00000000 00000000`00000000 00000001`0b2eabc0 : nt!KiExceptionDispatch+0xa9
fffffa60`0b0825c0 00000000`00000200 : 00000001`0b2eabc0 00000000`00000008 00000000`4cb3b310 0050e0c2`4f000000 : nt!KiPageFault+0x1e5
fffffa60`0b082750 00000001`0b2eabc0 : 00000000`00000008 00000000`4cb3b310 0050e0c2`4f000000 00000000`00000000 : 0x200
fffffa60`0b082758 00000000`00000008 : 00000000`4cb3b310 0050e0c2`4f000000 00000000`00000000 00000000`00010000 : 0x1`0b2eabc0
fffffa60`0b082760 00000000`4cb3b310 : 0050e0c2`4f000000 00000000`00000000 00000000`00010000 fffff880`0b2eabc0 : 0x8
fffffa60`0b082768 0050e0c2`4f000000 : 00000000`00000000 00000000`00010000 fffff880`0b2eabc0 fffffa60`0b082928 : 0x4cb3b310
fffffa60`0b082770 00000000`00000000 : 00000000`00010000 fffff880`0b2eabc0 fffffa60`0b082928 00000000`00000001 : 0x50e0c2`4f000000
fffff800`01e5fc3c b801000000      mov     eax,1
SYMBOL_NAME:  nt!KiSystemServiceHandler+7c
FOLLOWUP_NAME:  MachineOwner
IMAGE_NAME:  ntkrnlmp.exe
FAILURE_BUCKET_ID:  X64_0x3B_nt!KiSystemServiceHandler+7c
BUCKET_ID:  X64_0x3B_nt!KiSystemServiceHandler+7c
Followup: MachineOwner
Outdated Drivers
peauth.sys   Mon Oct 23 07:57:00 2006
Null.SYS     Thu Nov 02 05:37:15 2006
swenum.sys   Thu Nov 02 05:37:33 2006
The reports that you have submitted reveal clues to the cause of your problem. They do not give a definitive answer. The more reports that we receive the more clues are made available improving our chances of finding a solution to your problem. Each remedy suggested must be performed regardless of placement in this report or other variables. You may have to experience several more BSODs until the final answer is discovered.

If overclocking restore normal settings

SFC /scannow
System Files - SFC Command

Scan with your Anti Virus

Update outdated listed drivers. If I have inadvertently listed any Microsoft Drivers, they can be ignored.

How to Find Drivers
search Google for the name of the driver
- compare the Google results with what's installed on your system to figure out which device/program it belongs to
- visit the web site of the manufacturer of the hardware/program to get the latest drivers (DON'T use Windows Update or the Update driver function of Device Manager).
- if there are difficulties in locating them, post back with questions and someone - will help you search Google for the name of the driver
- compare the Google results with what's installed on your system to figure out which device/program it belongs to
- - if there are difficulties in locating them, post back with questions and someone will try and help you locate the appropriate program.
- The most common drivers are listed on this page:
- - Driver manufacturer links are on this page:
and here
To remove any left over driver remnants, especially from graphics cards, use driver sweeper
You can also locate information about your driver using this information

Download memtest86 and test RAM
Run for 8 passes
If passes try a good stick in each slot for 3 passes
If fails do the same for 8 passes.

If these steps do not rememdy the situation, post. I will give you a driver verifier test, to weed out the bad drivers.


My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Dell USB 4 button optical
    Dell USB
    Other Info
    DSL provided by ATT