Welcome to the forums Tchilleh,
Code:
BugCheck 1000007E, {ffffffffc0000005, fffff80002c129bc, fffff88003da2808, fffff88003da2060}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 )
Code:
Usual causes: Insufficient disk space, Device driver, Video card, BIOS, Breakpoint with no debugger attached, Hardware incompatibility, Faulty system service, Memory, 3rd party remote control
Code:
0: kd>0: kd> !pool fffff800`02c129bc
Pool page fffff80002c129bc region is Nonpaged pool
GetUlongFromAddress: unable to read from fffff80002c83a38
fffff80002c12000 is not a valid small pool allocation, checking large pool...
unable to get pool big page table - either wrong symbols or pool tagging is disabled
fffff80002c12000 is freed (or corrupt) pool
Bad previous allocation size @fffff80002c12000, last size was 0
***
*** An error (or corruption) in the pool was detected;
*** Attempting to diagnose the problem.
***
*** Use !poolval fffff80002c12000 for more details.
Pool page [ fffff80002c12000 ] is __inVALID.
Analyzing linked list...
[ fffff80002c12000 ]: invalid previous size [ 0x48 ] should be [ 0x0 ]
[ fffff80002c12000 --> fffff80002c12400 (size = 0x400 bytes)]: Corrupt region
Scanning for single bit errors...
None found
There seems to be some definite pool corruption here, I believe a driver has most likely overwritten another pool allocation.
Code:
CONTEXT: fffff88003da2060 -- (.cxr 0xfffff88003da2060)
rax=fffff8a000d89ce0 rbx=000000000000003f rcx=fffffa8006994290
rdx=01fffff880019034 rsi=fffff8a00244d000 rdi=fffff8a002284090
rip=fffff80002c129bc rsp=fffff88003da2a40 rbp=0000000000000001
r8=01fffff880019034 r9=fffff8a0023da181 r10=0000000000000000
r11=0000000000000000 r12=fffffa8006994140 r13=0000000000000000
r14=0000000000000016 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!ExDeferredFreePool+0x100:
fffff800`02c129bc 4c8b02 mov r8,qword ptr [rdx] ds:002b:01fffff8`80019034=????????????????
Code:
0: kd> .formats 01fffff880019034; .formats fffffa8006994290
Evaluate expression:
Hex: 01fffff8`80019034
Decimal: 144115155863703604
Octal: 0007777777420000310064
Binary: 00000001 11111111 11111111 11111000 10000000 00000001 10010000 00110100
Chars: .......4
Time: Thu Sep 6 23:46:26.370 2057 (UTC + 1:00)
Float: low -1.43566e-040 high 9.40395e-038
Double: 4.77829e-299
Evaluate expression:
Hex: fffffa80`06994290
Decimal: -6047203245424
Octal: 1777777650000646241220
Binary: 11111111 11111111 11111010 10000000 00000110 10011001 01000010 10010000
Chars: ......B.
Time: ***** Invalid FILETIME
Float: low 5.765e-035 high -1.#QNAN
Double: -1.#QNAN
In my opinion, it also looks like a device driver has overwritten the beginning address of the rdx register too. The data seems to have been passed from the r8 register.
-------------------------------------------------------
Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:
Remove:
Code:
Start Menu\Programs\AVG
AVG is known to cause BSODs with Windows 7, please remove this program completely using the AVG Removal Tool, and then install these free alternatives listed below.
Install and perform full scans with:
Information
Remember to install the free version of Malwarebytes not the free trail; untick the free trial box during installation. MSE is the most lightweight and compatible with the Windows 7 operating system
You can also view this thread for a complete free and lightweight security protection combination: