微点交流论坛

标题: *******蓝屏*****请高手出招 [打印本页]

作者: C3C3H8 时间: 2009-8-4 19:46 标题: *******蓝屏*****请高手出招

我的电脑蓝屏几次了，用WinDbg[Uninstall Debugging Tools for Windows (x86)]检查了几次都提示
Probably caused by : mp110003.sys ( mp110003+9c09 )
我查后知道这文件是微点的文件，特请微点高手来帮我分析一下：

事发当时是这样的:
我是用电脑城2009新春特别版
微点主动防御软件  试用版
微点主动防御软件  试用版
程序版本： 1.2.10581.0108
特征版本： 1.6.1193.090804
更新时间： 2009-08-04 16:46:53
还装有完美卸载V2009
蓝屏时正在浏览凤凰网的图片新闻

WinDbg故障分析结果如下：
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini080409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.          *
* Use .symfix to have the debugger choose a symbol path.                *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (8 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720
Debug session time: Tue Aug  4 19:07:19.640 2009 (GMT+8)
System Uptime: 0 days 0:35:08.226
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.........
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 805bf261, a974cb78, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** WARNING: Unable to verify timestamp for mp110003.sys
*** ERROR: Module load completed but symbols could not be loaded for mp110003.sys
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Probably caused by : mp110003.sys ( mp110003+9c09 )

Followup: MachineOwner
---------

作者: Legend 时间: 2009-8-4 19:53
感谢楼主反馈
请问楼主是什么操作系统？
请楼主设置下蓝屏文件：
1）Windows XP：
      右键单击【我的电脑】->【属性】->【高级】->【启动和故障恢复】（设置）将“写入调试信息”改为“完全内存转储”，并取消勾选“系统失败”中的“自动重新启动”。
      Windows Vista：
      右键单击【我的电脑】->【属性】->【高级系统设置】->【高级】->【启动和故障恢复】（设置）将“写入调试信息”改为“完全内存转储”，并取消勾选“系统失败”中的“自动重新启动”。
2）重新启动系统，如果再出现自动重启或者蓝屏，系统则自动进入蓝屏转储内存信息的界面，请等待蓝屏文件写入完成（100%）后再手动重启系统。
3）重新进入系统后，找到并压缩文件C:\Windows\MEMORY.DMP，然后联系并将该文件发给我们分析。
      注：这里默认的C盘为系统盘，如果不是，请在系统盘的相应目录下查找。

生成后请继续和我联系，我会告诉您联系方式。

谢谢楼主对微点的支持

作者: C3C3H8 时间: 2009-8-4 20:18 标题: 为何找不到那个文件---是不是再蓝屏才能出现

我只能找到Minidump文件夹的那个文件Mini080409-01.dmp也就是最近一次蓝屏的文件

[ Last edited by C3C3H8 on 2009-8-4 at 20:37 ]

作者: 李莫愁 时间: 2009-8-5 09:35
尽量不要用那些乱七八糟的修改版的系统，不稳定，而且很多功能缺失，不是个人使用的好东东。按照管理员说的设置下吧，下次蓝屏就该有那个文件了

作者: 风中之烛 时间: 2009-8-5 10:16
最好用完美版，比较好

作者: C3C3H8 时间: 2009-8-5 13:16 标题: 今天又蓝屏-----想附上MEMORY.DMP文件

但是文件大呀【148兆】，我如何联系版主，我把文件发到哪里？？？？

作者: Legend 时间: 2009-8-5 13:21
如果楼主有QQ邮箱，建议您利用QQ邮箱的超大附件进行发送。
可以发送到微点管理员的邮箱 383154254@qq.com，邮件中请注明本帖链接。谢谢。

作者: 凡间幽灵 时间: 2009-8-5 13:25
148M的东东，楼主压缩一下就会很小了。。。。。压缩完再发邮箱吧，比较快捷方便的说:D

作者: C3C3H8 时间: 2009-8-5 13:58 标题: MEMORY.DMP文件已发过去，烦请帮忙解决！

作者: C3C3H8 时间: 2009-8-20 13:58 标题: 感谢微点---帮我解决了蓝屏的问题

我衷心感谢版主及微点技术人员帮我查出电脑的蓝屏原因。我按贵公司的解决方法：卸载掉原来的ghost版系统，安装了纯净版的xp2，重新手动安装。到现在只在开始蓝过一次屏，现在运转正常。

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn