背景:
朋友有一台联想的Z460,系统为Windows 7 Home Basic正版系统(SP1),最近经常死机,用电脑出厂时自带的系统还原工具还原重装了多次都是相同的结果--死机依然。由于朋友不是很懂这方面,所以就交给了我处理。
信息收集:
操作系统名称 Microsoft Windows 7 家庭普通版
版本 6.1.7600 版本 7600
系统制造商 LENOVO
系统类型 X86-based PC
故障描述:
Windows系统死机后蓝屏,一般是正常开机后几分钟就会死机,在安全模式下不易死机,但有一次死机。多次多种方式重新安装系统后故障依然存在。
故障分析:
Windows系统死机可能有多种原因,根据故障描述,先说说不太可能的原因。第一,病毒的可能性不大,原因是电脑处于多重内网环境(即内网的内网),出口路由器有防火墙,并且区域内不允许使用外来的不明存储设备。再者重新安装系统后依然存在问题;第二,不是驱动的原因,预安装的系统的驱动都是系统自带和集成的,不是人为的安装;第三,不是散热的问题,电脑刚清理不久,散热检查良好。可能的原因,系统硬件(不确定,可能是硬盘也可能是内存也可能是电源故障)存在严重问题。
问题解决:
第一步,观察现象,收集信息;利用微软提供的“Debugging Tools for Windows”软件分析Kernel Memory Dump文件(文件所在的目录在%SystemRoot%\Minidump),得到如下信息。
第一个dump文件(102112-30076-01.dmp)
……//此处表示省略信息
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
…………
Probably caused by : hardware
…………
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 00000000, Machine Check Exception
Arg2: 88e33024, Address of the WHEA_ERROR_RECORD structure.
Arg3: 00000000, High order 32-bits of the MCi_STATUS value.
Arg4: 00000000, Low order 32-bits of the MCi_STATUS value.
第二个dump文件(102112-30669-01.dmp)
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.x86fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0x84244000 PsLoadedModuleList = 0x8438c810
Debug session time: Sun Oct 21 21:35:36.661 2012 (UTC + 8:00)
System Uptime: 0 days 0:02:20.222
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
....
PS:极其讨厌Baidu等的恶意竞争,导致Google都无法使用。
<未完成,待续>
本文转自 urey_pp 51CTO博客,原文链接:http://blog.51cto.com/dgd2010/1033231,如需转载请自行联系原作者