none
最近XP系统持续蓝屏,请各位大侠指教! RRS feed

  • 问题

  • 我的笔记本是lenovo T400,系统是xp sp2(听网上说升级到sp3会涉及到与这款笔记本兼容性的问题,所以我就没升级)。
    以前机器没什么问题,就是最近才总是出现的蓝屏现象,无论干什么就是突然就蓝屏,蓝屏的信息如下:


    "A problem has been detected and windows has been shut down to prevent
    damage to your computer.

    If this is the first time you've seen this stop error screen,restart your
    computer. If this screen appears again, follow these steps:

    Check to be sure you have adequate disk space. If a driver is identified in
    the stop message, disable the driver or check with the manufacture for driver
    update.Try changing video adapters.

    Check with your hardware vendor for any bios updates. Disable BIOS memory
    options such as caching or shadowing. If you need to use safe mode to remove
    or disable components, restart your, press f8 to select advance options, and
    then select safe mode.

    Technical Information:
    *** STOP: 0x0000008e (0xc0000005, 0x804f4c26, 0x856e509c, 0x00000000).


    然后在事件查看器里面的日志是这样写的:

    Event Type: Information
    Event Source: Save Dump
    Event Category: None
    Event ID: 1001
    Date:  8/4/2009
    Time:  10:29:31 PM
    User:  N/A
    Computer: TERWU-WXP
    Description:
    The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0x804f4c26, 0x856e509c, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    按照上面的提示我也上网搜索了一下,BIOS不可能出错,因为我检查到BIOS的版本是2009/04/22的,病毒没可能,我已经用杀毒软件杀过了没有毒(分别用mcafee,AVG,pctools,nod32等等杀毒工具一一查杀),有可能是驱动的问题,但是至于哪个驱动出问题了,小弟不得而知:(

    我通过windbg工具已经把dump文件分析了,但是只抓到一些错误的代码,小弟也不太会看,请各位专家帮帮忙:)
    在这里我贴两个memory dump文件的分析结果:


    ******************************************************
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

    Copyright (c) Microsoft Corporation. All rights reserved.

     

     

    Loading Dump File [C:\WINDOWS\MEMORY.DMP]

    Kernel Summary Dump File: Only kernel address space is available

     

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

    Executable search path is:

    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible

    Product: WinNt, suite: TerminalServer SingleUserTS

    Built by: 2600.xpsp_sp2_gdr.090206-1233

    Machine Name:

    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700

    Debug session time: Tue Aug  4 03:00:14.625 2009 (GMT+8)

    System Uptime: 0 days 2:47:30.341

    Loading Kernel Symbols

    ...............................................................

    ................................................................

    ................................................................

    .......

    Loading User Symbols

     

    Loading unloaded module list

    ..........

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

     

    Use !analyze -v to get detailed debugging information.

     

    BugCheck 8E, {c0000005, 804f4c26, 8578f0b4, 0}

     

    *** ERROR: Module load completed but symbols could not be loaded for iaStor.sys

    Probably caused by : iaStor.sys ( iaStor+4b30 )

     

    Followup: MachineOwner

    ---------

     

    0: kd> !analyze -v

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

     

    KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)

    This is a very common bugcheck.  Usually the exception address pinpoints

    the driver/function that caused the problem.  Always note this address

    as well as the link date of the driver/image that contains this address.

    Some common problems are exception code 0x80000003.  This means a hard

    coded breakpoint or assertion was hit, but this system was booted

    /NODEBUG.  This is not supposed to happen as developers should never have

    hardcoded breakpoints in retail code, but ...

    If this happens, make sure a debugger gets connected, and the

    system is booted /DEBUG.  This will let us see why this breakpoint is

    happening.

    Arguments:

    Arg1: c0000005, The exception code that was not handled

    Arg2: 804f4c26, The address that the exception occurred at

    Arg3: 8578f0b4, Trap Frame

    Arg4: 00000000

     

    Debugging Details:

    ------------------

     

     

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

     

    FAULTING_IP:

    nt!IopCompleteRequest+1e6

    804f4c26 894804          mov     dword ptr [eax+4],ecx

     

    TRAP_FRAME:  8578f0b4 -- (.trap 0xffffffff8578f0b4)

    ErrCode = 00000002

    eax=00000000 ebx=843e6560 ecx=00000051 edx=00000000 esi=00000000 edi=00000000

    eip=804f4c26 esp=8578f128 ebp=8578f170 iopl=0         nv up ei pl zr na pe nc

    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246

    nt!IopCompleteRequest+0x1e6:

    804f4c26 894804          mov     dword ptr [eax+4],ecx ds:0023:00000004=????????

    Resetting default scope

     

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

     

    BUGCHECK_STR:  0x8E

     

    PROCESS_NAME:  System

     

    LAST_CONTROL_TRANSFER:  from 804fe6db to 804f9e0b

     

    STACK_TEXT: 

    8578ec7c 804fe6db 0000008e c0000005 804f4c26 nt!KeBugCheckEx+0x1b

    8578f044 805412f5 8578f060 00000000 8578f0b4 nt!KiDispatchException+0x3b1

    8578f0ac 805412a6 8578f170 804f4c26 badb0d00 nt!CommonDispatchException+0x4d

    8578f0d4 b9dfdb30 00000000 8ac4cb40 00000000 nt!Kei386EoiHelper+0x18a

    WARNING: Stack unwind information not available. Following frames may be wrong.

    8578f170 804fed89 843e65a0 8578f1bc 8578f1b0 iaStor+0x4b30

    8578f1c0 806e4ef2 00000000 00000000 8578f1d8 nt!KiDeliverApc+0xb3

    8578f1c0 85549c4d 00000000 00000000 8578f1d8 hal!HalpApcInterrupt+0xc6

    8578f248 00000000 855c4720 8554a26d 855f8179 0x85549c4d

     

     

    STACK_COMMAND:  kb

     

    FOLLOWUP_IP:

    iaStor+4b30

    b9dfdb30 83c40c          add     esp,0Ch

     

    SYMBOL_STACK_INDEX:  4

     

    SYMBOL_NAME:  iaStor+4b30

     

    FOLLOWUP_NAME:  MachineOwner

     

    MODULE_NAME: iaStor

     

    IMAGE_NAME:  iaStor.sys

     

    DEBUG_FLR_IMAGE_TIMESTAMP:  48224206

     

    FAILURE_BUCKET_ID:  0x8E_iaStor+4b30

     

    BUCKET_ID:  0x8E_iaStor+4b30

     

    Followup: MachineOwner

    ---------

    *******************************************************


    还有一个dump:

    *******************************************************
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_gdr.090206-1233
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
    Debug session time: Tue Aug  4 22:24:22.078 2009 (GMT+8)
    System Uptime: 0 days 0:24:31.853
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ................................................................
    ........
    Loading User Symbols

    Loading unloaded module list
    ...........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 8E, {c0000005, 804f4c26, 856e509c, 0}

    *** ERROR: Module load completed but symbols could not be loaded for NETw5x32.sys
    Probably caused by : NETw5x32.sys ( NETw5x32+14c98 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 804f4c26, The address that the exception occurred at
    Arg3: 856e509c, Trap Frame
    Arg4: 00000000

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    FAULTING_IP:
    nt!IopCompleteRequest+1e6
    804f4c26 894804          mov     dword ptr [eax+4],ecx

    TRAP_FRAME:  856e509c -- (.trap 0xffffffff856e509c)
    ErrCode = 00000002
    eax=00000000 ebx=84e73de0 ecx=00000053 edx=00000000 esi=00000000 edi=00000000
    eip=804f4c26 esp=856e5110 ebp=856e5158 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    nt!IopCompleteRequest+0x1e6:
    804f4c26 894804          mov     dword ptr [eax+4],ecx ds:0023:00000004=????????
    Resetting default scope

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    BUGCHECK_STR:  0x8E

    PROCESS_NAME:  System

    LAST_CONTROL_TRANSFER:  from 804fe6db to 804f9e0b

    STACK_TEXT: 
    856e4c64 804fe6db 0000008e c0000005 804f4c26 nt!KeBugCheckEx+0x1b
    856e502c 805412f5 856e5048 00000000 856e509c nt!KiDispatchException+0x3b1
    856e5094 805412a6 856e5158 804f4c26 badb0d00 nt!CommonDispatchException+0x4d
    856e5124 b905fc98 00000000 7a80000a 84e73de0 nt!Kei386EoiHelper+0x18a
    WARNING: Stack unwind information not available. Following frames may be wrong.
    856e5158 804fed89 84e73e20 856e51a4 856e5198 NETw5x32+0x14c98
    856e51a8 806e4ef2 00000000 00000000 856e51c0 nt!KiDeliverApc+0xb3
    856e51a8 854a024a 00000000 00000000 856e51c0 hal!HalpApcInterrupt+0xc6
    856e5230 00000000 854a3bf5 8554328b 0000018d 0x854a024a


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    NETw5x32+14c98
    b905fc98 5b              pop     ebx

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  NETw5x32+14c98

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETw5x32

    IMAGE_NAME:  NETw5x32.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4a1f7147

    FAILURE_BUCKET_ID:  0x8E_NETw5x32+14c98

    BUCKET_ID:  0x8E_NETw5x32+14c98

    Followup: MachineOwner
    ---------

    **********************************************

    反正每次出问题的都不是一个驱动程序的问题,比如这次是无线网卡,那次就是硬盘,在下一次就是显卡驱动等等。。。。


    Rejoicing in hope;Patient in tribulation.
    2009年8月4日 15:04

全部回复

  • 刚才机器又蓝屏了

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_gdr.090206-1233
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
    Debug session time: Wed Aug  5 01:22:22.593 2009 (GMT+8)
    System Uptime: 0 days 2:53:28.303
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ................................................................
    .......
    Loading User Symbols

    Loading unloaded module list
    ..................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 8E, {c0000005, 804f4c26, 8587c4f4, 0}

    *** ERROR: Module load completed but symbols could not be loaded for e1y5132.sys
    Probably caused by : e1y5132.sys ( e1y5132+846d )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 804f4c26, The address that the exception occurred at
    Arg3: 8587c4f4, Trap Frame
    Arg4: 00000000

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    FAULTING_IP:
    nt!IopCompleteRequest+1e6
    804f4c26 894804          mov     dword ptr [eax+4],ecx

    TRAP_FRAME:  8587c4f4 -- (.trap 0xffffffff8587c4f4)
    ErrCode = 00000002
    eax=00000000 ebx=84442268 ecx=00000051 edx=00000000 esi=00000000 edi=00000000
    eip=804f4c26 esp=8587c568 ebp=8587c5b0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    nt!IopCompleteRequest+0x1e6:
    804f4c26 894804          mov     dword ptr [eax+4],ecx ds:0023:00000004=????????
    Resetting default scope

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    BUGCHECK_STR:  0x8E

    PROCESS_NAME:  System

    LAST_CONTROL_TRANSFER:  from 804fe6db to 804f9e0b

    STACK_TEXT: 
    8587c0bc 804fe6db 0000008e c0000005 804f4c26 nt!KeBugCheckEx+0x1b
    8587c484 805412f5 8587c4a0 00000000 8587c4f4 nt!KiDispatchException+0x3b1
    8587c4ec 805412a6 8587c5b0 804f4c26 badb0d00 nt!CommonDispatchException+0x4d
    8587c578 b941646d 89eaf79c 00000000 89beeb60 nt!Kei386EoiHelper+0x18a
    WARNING: Stack unwind information not available. Following frames may be wrong.
    8587c5b0 804fed89 844422a8 8587c5fc 8587c5f0 e1y5132+0x846d
    8587c600 806e4ef2 00000000 00000000 8587c618 nt!KiDeliverApc+0xb3
    8587c600 8565adab 00000000 00000000 8587c618 hal!HalpApcInterrupt+0xc6
    8587c698 85639bc5 856e0238 0000000d 00000000 0x8565adab
    00000000 00000000 00000000 00000000 00000000 0x85639bc5


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    e1y5132+846d
    b941646d 84c0            test    al,al

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  e1y5132+846d

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: e1y5132

    IMAGE_NAME:  e1y5132.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  49cc56bf

    FAILURE_BUCKET_ID:  0x8E_e1y5132+846d

    BUCKET_ID:  0x8E_e1y5132+846d

    Followup: MachineOwner
    ---------

     


    Rejoicing in hope;Patient in tribulation.
    2009年8月4日 17:32
  • 你可以尝试以下操作:在BIOS把硬盘设置IDE模式,或者下载完整的INTEL 南桥AHCI驱动重新安装,并重新安装的网卡驱动(Intel WiFi Link 5300无线网卡内置10-100-1000M网卡),然后打开设备管理器查看设备有没有异常。
    2009年8月4日 23:41
  • "我的笔记本是lenovo T400,系统是xp sp2(听网上说升级到sp3会涉及到与这款笔记本兼容性的问题,所以我就没升级)。
    以前机器没什么问题,就是最近才总是出现的蓝屏现象,无论干什么就是突然就蓝屏,蓝屏的信息如下:
    "

    這個純屬信口胡說, 請樓主不要相信. 我朋友用的就是 Lenovo ThinkPad T400 系統就是 Windows XP SP3 運行的一直很平穩, 沒有出現過問題.
    Folding@Home
    2009年8月5日 0:47
  • "我的笔记本是lenovo T400,系统是xp sp2(听网上说升级到sp3会涉及到与这款笔记本兼容性的问题,所以我就没升级)。
    以前机器没什么问题,就是最近才总是出现的蓝屏现象,无论干什么就是突然就蓝屏,蓝屏的信息如下:
    "

    這個純屬信口胡說, 請樓主不要相信. 我朋友用的就是 Lenovo ThinkPad T400 系統就是 Windows XP SP3 運行的一直很平穩, 沒有出現過問題.
    Folding@Home

    不知道,我也是听网上的人说的
    Rejoicing in hope;Patient in tribulation.
    2009年8月5日 5:14
  • 你可以尝试以下操作:在BIOS把硬盘设置IDE模式,或者下载完整的INTEL 南桥AHCI驱动重新安装,并重新安装的网卡驱动(Intel WiFi Link 5300无线网卡内置10-100-1000M网卡),然后打开设备管理器查看设备有没有异常。

    我原来以为是AHCI和Compatibility的问题,所以把两个互换了一下,问题依旧,网卡和显卡驱动已全部重装,问题依旧。。。设备管理器正常

    现在就剩下了重新安装AHCI驱动了。。。。这个我担心如果安装失败以后会出现什么问题啊?
    Rejoicing in hope;Patient in tribulation.
    2009年8月5日 5:18
  • 友情提示: 建議你通過電子郵件或聯想專家在線的方式, 索取 ThinkPad T400/R400 驅動程序安裝順序, 因為我的機器沒有重裝過, 所以沒有去關注過.


    相關鏈接:
    http://think.lenovo.com.cn/index.html
    Folding@Home
    2009年8月5日 5:28
  • 感谢大家一直以来对小弟问题的关注,现在问题已经解决。。。是rootkit的问题,谢谢大家!!!
    Rejoicing in hope;Patient in tribulation.
    2009年8月17日 3:41