Vista Home Premium BSOD - x86

L

LivelyDesigns

New member
Joined
Jun 10, 2015
Posts
1
Issue here with same Laptop and Vista Home Premium SP1
Stop: 0x0000007F (0x00000008, 0x80153000, 0x00000000, 0x00000000)No new software/hardware/driver updates or installs before BSOD showed up.


I have run PC Check and all hardware tests PASS.


I did run SysnativeBSODCollectionApp and have the results.


Can I post this info somewhere for assistance please?
View attachment SysnativeFileCollectionApp.zip
Thank you,


Lynn
 
You have adware.

Code: 
0: kd> .bugcheck
Bugcheck code 1000007F
Arguments 00000008 8013a000 00000000 00000000

Code: 
0: kd> !thread
GetPointerFromAddress: unable to read from 831396dc
THREAD 85077ad0  Cid 0004.0040  Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0
Not impersonating
GetUlongFromAddress: unable to read from 83112b54
Owning Process            8502e890       Image:         System
Attached Process          N/A            Image:         N/A
ffdf0000: Unable to get shared data
Wait Start TickCount      4565         
Context Switch Count      5785           IdealProcessor: 0             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address nt!ExpWorkerThread (0x830685d1)
Stack Init 80759000 Current 80758c70 Base 80759000 Limit 80756000 Call 0
Priority 13 BasePriority 12 PriorityDecrement 0 IoPriority 2 PagePriority 5
ChildEBP RetAddr  Args to Child              
807560ac 830f31fd c02c79b4 00000001 00000000 nt!MiFlushTbAsNeeded+0xe
80756100 830f146c 00000000 00001000 00000015 nt!MiAllocatePoolPages+0x1f8
80756158 8307fdc4 00000000 00000364 20707249 nt!ExAllocatePoolWithTag+0x462
8075618c 8f8300a6 00000015 00000000 00000000 nt!IopAllocateIrpPrivate+0x12a
80756214 8ebe2ca5 b11ff168 00000016 80758aa4 afd!AfdConnectEventHandler+0x457 (FPO: [Non-Fpo])
80756450 8ebd6ca5 b1249984 00000016 80758aa4 _3e26b928_0db2_4fd1_bc29_c87d5b3a0564_t+0x2ca5
8075668c 8ebcaca5 b1249e4c 00000016 80758aa4 _9652c7a7_7363_4f0e_bf03_3b32b55ea241_t+0x2ca5
807568c8 8ebbeca5 b12482fc 00000016 80758aa4 _8be37afa_8ad9_4def_9845_a6580430c575_t+0x2ca5
80756b04 8ebb2ca5 b124877c 00000016 80758aa4 _440fcf74_387d_4c6b_83f7_b92c9cfbf61b_t+0x2ca5
80756d40 8eba6ca5 b1248bdc 00000016 80758aa4 _4c296860_54b8_44ec_8fd3_b3777283520f_t+0x2ca5
80756f7c 8eb9aca5 b1248014 00000016 80758aa4 _ac662c20_19e8_42e2_8d05_2ea92f6834f7_t+0x2ca5
80756f80 b1248014 00000016 80758aa4 00000000 _806c7faa_cecc_4ae1_a0e0_3c42cc68b8bd_t+0x2ca5
80756f84 00000000 80758aa4 00000000 00000000 0xb1248014

Classic Yontoo behavior, we can tell because it's so crappy it bug checks the machine from trying to ultimately connect an event handler to inject ads into the browser after allocating a private IRP + pool. We go off the rails on flushing the TB afterwards.

Code: 
0: kd> !reg findkcb REGISTRY\MACHINE\SOFTWARE\APPID\

Couldn't get CmpHashTableSize from 830fc5c4

As it's a small dump, we can't see the services it has created, etc... but they're there.

Anyway, to remove it just run any modern antimalware or antivirus.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top