New
#1
Windows 7 crashed with BSOD
Is Windows 7 . . .
- 64bit original and only OS installed on system
- an OEM version
- I build the system no more than one month ago
- I installed the OS around the same time.
Is Windows 7 . . .
- 64bit original and only OS installed on system
- an OEM version
- I build the system no more than one month ago
- I installed the OS around the same time.
These may have been caused by cng.sys (part of the OS). The same file name has also been used by a few virus variants. You should do a complete virus scan with an updated AV program.
You should also run system file check to verify and repair your system files.
SFC /SCANNOW Command - System File Checker
Let us know if you need assistance
Ken J
Code:Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\100210-15818-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\symbols;*http://msdl.microsoft.com/download/symbols/;srv*e:\symbols *http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`02c49000 PsLoadedModuleList = 0xfffff800`02e86e50 Debug session time: Sat Oct 2 02:54:54.896 2010 (GMT-4) System Uptime: 0 days 0:18:10.004 Loading Kernel Symbols ............................................................... ................................................................ .......... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff80402e34760, 0, fffff80002c67b6c, 5} Could not read faulting driver name Probably caused by : cng.sys ( cng!GatherRandomKey+294 ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff80402e34760, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff80002c67b6c, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000005, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ef10e0 fffff80402e34760 FAULTING_IP: nt!ExpGetLookasideInformation+8c fffff800`02c67b6c 0fb742c0 movzx eax,word ptr [rdx-40h] MM_INTERNAL_CODE: 5 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: System CURRENT_IRQL: 0 TRAP_FRAME: fffff880031af080 -- (.trap 0xfffff880031af080) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000010 rbx=0000000000000000 rcx=fffff8800e1511b0 rdx=fffff80402e347a0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002c67b6c rsp=fffff880031af210 rbp=0000000000000002 r8=fffff80002e5e720 r9=0000000000000000 r10=0000000000000000 r11=0000fffffffff000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc nt!ExpGetLookasideInformation+0x8c: fffff800`02c67b6c 0fb742c0 movzx eax,word ptr [rdx-40h] ds:8010:fffff804`02e34760=???? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002d388c1 to fffff80002cb9740 STACK_TEXT: fffff880`031aef18 fffff800`02d388c1 : 00000000`00000050 fffff804`02e34760 00000000`00000000 fffff880`031af080 : nt!KeBugCheckEx fffff880`031aef20 fffff800`02cb782e : 00000000`00000000 00000000`00000ff4 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40e8b fffff880`031af080 fffff800`02c67b6c : 00000000`00000ff4 00000000`00000000 fffff8a0`0248b170 fffff880`031af2e0 : nt!KiPageFault+0x16e fffff880`031af210 fffff800`02fb77bb : 00000000`00000000 fffff800`00000ff4 fffff880`031af2e0 00000000`00000000 : nt!ExpGetLookasideInformation+0x8c fffff880`031af2a0 fffff800`02fb81e5 : fffff8a0`0248b170 00000000`00000000 00000000`00000004 00000000`00000000 : nt!ExpQuerySystemInformation+0x15bc fffff880`031af640 fffff800`02cb8993 : fffff8a0`024a0000 fffff800`02cb793d 00000000`00000041 fffffa80`07818920 : nt!NtQuerySystemInformation+0x4d fffff880`031af680 fffff800`02cb4f30 : fffff880`0113cb04 00000000`00020000 fffff880`031af844 fffff8a0`0248b148 : nt!KiSystemServiceCopyEnd+0x13 fffff880`031af818 fffff880`0113cb04 : 00000000`00020000 fffff880`031af844 fffff8a0`0248b148 fffffa80`08e34380 : nt!KiServiceLinkage fffff880`031af820 fffff880`0113c56d : fffffa80`07818920 00000000`00000286 fffff880`20206f49 00000000`00000018 : cng!GatherRandomKey+0x294 fffff880`031afbe0 fffff800`02fb5c5d : 00000000`00000000 fffff800`02ebeee0 00000000`00000000 fffffa80`06a1d680 : cng!scavengingWorkItemRoutine+0x3d fffff880`031afc80 fffff800`02cc6961 : fffff800`02fac800 fffff800`02fac8dc fffffa80`06a1d680 00000000`00000000 : nt!IopProcessWorkItem+0x3d fffff880`031afcb0 fffff800`02f5dc06 : ffb80d89`1b4d060b fffffa80`06a1d680 00000000`00000080 fffffa80`069a79e0 : nt!ExpWorkerThread+0x111 fffff880`031afd40 fffff800`02c97c26 : fffff880`02f64180 fffffa80`06a1d680 fffff880`02f6efc0 12323300`34352622 : nt!PspSystemThreadStartup+0x5a fffff880`031afd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: cng!GatherRandomKey+294 fffff880`0113cb04 85c0 test eax,eax SYMBOL_STACK_INDEX: 8 SYMBOL_NAME: cng!GatherRandomKey+294 FOLLOWUP_NAME: MachineOwner MODULE_NAME: cng IMAGE_NAME: cng.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc814 FAILURE_BUCKET_ID: X64_0x50_cng!GatherRandomKey+294 BUCKET_ID: X64_0x50_cng!GatherRandomKey+294 Followup: MachineOwner ---------