Ok, so I left to go home for Christmas about a week ago and my computer was fine. I get back yesterday and turn on my computer and it says it has to run a disk check. Alot of files were unreadable and ALOT of files were deleted. Once the disk check was done, and windows booted, a BSOD occured. Then I had to do another disk check. Windows finally boots up again and to my dismay, ALOT of my personal files were deleted from my hard drive. Music, movies, etc. Everything else is intact.
I thought that I could just do a system restore and get everything back but it seems that during the disk check, all my restore points were deleted also. I dont know what's going on but I don't think a virus had anything to do with this because I haven't had internet connection for about a month up until today.
Also, my computer now randomly goes through periods of slow performance. Sometimes when I right click, it will freeze for 5+ mins. If I click on any other programs, nothing will load. Then I'll get a message that windows isn't responding. But if I wait about 10 mins, then everything I clicked will suddenly all load at once. Like it got stuck or something. But I'm not running any heavy duty programs and my hard drive is 70% free.
I tried running SFC/scannow also. It gets to about 17% in the verification phase before it says it "found corrupt files but was unable to fix some of them".
This is not a good way to start off the New Year. I have attached the dump file that occured with the BSOD. Please help! Thanks!
Hi and welcome
this one was caused by your peerblock. I would remove it.
Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\010111-31777-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82c1b000 PsLoadedModuleList = 0x82d63810
Debug session time: Sat Jan 1 05:51:37.503 2011 (GMT-5)
System Uptime: 0 days 1:19:10.017
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {8db0, 2, 1, 8302e8b3}
*** WARNING: Unable to verify timestamp for pbfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for pbfilter.sys
Probably caused by : pbfilter.sys ( pbfilter+2017 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00008db0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 8302e8b3, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82d83718
Unable to read MiSystemVaType memory at 82d63160
00008db0
CURRENT_IRQL: 2
FAULTING_IP:
hal!KeAcquireQueuedSpinLockRaiseToSynch+33
8302e8b3 8902 mov dword ptr [edx],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: peerblock.exe
TRAP_FRAME: 9db5cb58 -- (.trap 0xffffffff9db5cb58)
ErrCode = 00000002
eax=8db36570 ebx=85a0d0e8 ecx=82d84302 edx=00008db0 esi=85a0d100 edi=00000001
eip=8302e8b3 esp=9db5cbcc ebp=9db5cbd4 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
hal!KeAcquireQueuedSpinLockRaiseToSynch+0x33:
8302e8b3 8902 mov dword ptr [edx],eax ds:0023:00008db0=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 8302e8b3 to 82c6182b
STACK_TEXT:
9db5cb58 8302e8b3 badb0d00 00008db0 9db5cba8 nt!KiTrap0E+0x2cf
9db5cbcc 82cd6034 855aba70 9d5cb017 9db5cbf0 hal!KeAcquireQueuedSpinLockRaiseToSynch+0x33
9db5cbd4 9d5cb017 9db5cbf0 85a2f840 855aba70 nt!IoAcquireCancelSpinLock+0xe
WARNING: Stack unwind information not available. Following frames may be wrong.
9db5cbfc 82c574bc 85a0d030 855aba70 855aba70 pbfilter+0x2017
9db5cc14 82e58f6e 85a2f840 855aba70 855abae0 nt!IofCallDriver+0x63
9db5cc34 82e75d5f 85a0d030 85a2f840 00000000 nt!IopSynchronousServiceTail+0x1f8
9db5ccd0 82e7853a 85a0d030 855aba70 00000000 nt!IopXxxControlFile+0x6aa
9db5cd04 82c5e44a 00000150 00000168 00000000 nt!NtDeviceIoControlFile+0x2a
9db5cd04 775764f4 00000150 00000168 00000000 nt!KiFastCallEntry+0x12a
0185fdec 00000000 00000000 00000000 00000000 0x775764f4
STACK_COMMAND: kb
FOLLOWUP_IP:
pbfilter+2017
9d5cb017 ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: pbfilter+2017
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: pbfilter
IMAGE_NAME: pbfilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ac05102
FAILURE_BUCKET_ID: 0xA_pbfilter+2017
BUCKET_ID: 0xA_pbfilter+2017
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00008db0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 8302e8b3, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82d83718
Unable to read MiSystemVaType memory at 82d63160
00008db0
CURRENT_IRQL: 2
FAULTING_IP:
hal!KeAcquireQueuedSpinLockRaiseToSynch+33
8302e8b3 8902 mov dword ptr [edx],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: peerblock.exe
TRAP_FRAME: 9db5cb58 -- (.trap 0xffffffff9db5cb58)
ErrCode = 00000002
eax=8db36570 ebx=85a0d0e8 ecx=82d84302 edx=00008db0 esi=85a0d100 edi=00000001
eip=8302e8b3 esp=9db5cbcc ebp=9db5cbd4 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
hal!KeAcquireQueuedSpinLockRaiseToSynch+0x33:
8302e8b3 8902 mov dword ptr [edx],eax ds:0023:00008db0=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 8302e8b3 to 82c6182b
STACK_TEXT:
9db5cb58 8302e8b3 badb0d00 00008db0 9db5cba8 nt!KiTrap0E+0x2cf
9db5cbcc 82cd6034 855aba70 9d5cb017 9db5cbf0 hal!KeAcquireQueuedSpinLockRaiseToSynch+0x33
9db5cbd4 9d5cb017 9db5cbf0 85a2f840 855aba70 nt!IoAcquireCancelSpinLock+0xe
WARNING: Stack unwind information not available. Following frames may be wrong.
9db5cbfc 82c574bc 85a0d030 855aba70 855aba70 pbfilter+0x2017
9db5cc14 82e58f6e 85a2f840 855aba70 855abae0 nt!IofCallDriver+0x63
9db5cc34 82e75d5f 85a0d030 85a2f840 00000000 nt!IopSynchronousServiceTail+0x1f8
9db5ccd0 82e7853a 85a0d030 855aba70 00000000 nt!IopXxxControlFile+0x6aa
9db5cd04 82c5e44a 00000150 00000168 00000000 nt!NtDeviceIoControlFile+0x2a
9db5cd04 775764f4 00000150 00000168 00000000 nt!KiFastCallEntry+0x12a
0185fdec 00000000 00000000 00000000 00000000 0x775764f4
STACK_COMMAND: kb
FOLLOWUP_IP:
pbfilter+2017
9d5cb017 ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: pbfilter+2017
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: pbfilter
IMAGE_NAME: pbfilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ac05102
FAILURE_BUCKET_ID: 0xA_pbfilter+2017
BUCKET_ID: 0xA_pbfilter+2017
Followup: MachineOwner
---------