# Windows 7 freezes randomly



## icee (May 14, 2010)

Hello,

I am having problems with my new computer that I just built. My computer will randomly lock up and freeze and upon restart have these errors in the event viewer.

Audit events have been dropped by the transport. 0
Source: Eventlog
Event ID: 1101
Task Category: Event processing

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Source: Kernel-Power
Event ID: 41
Task Category: (63)

The previous system shutdown at 10:49:15 PM on &#8206;5/&#8206;13/&#8206;2010 was unexpected.
Source: Eventlog
Event ID: 6008
Task Category: None

This will happen randomly, sometimes when I am playing a game, watching a video or browsing the web. I have done memory tests and virus scans and they came out fine. I have searched google and have seen a variety of potential problems ranging from the power supply to driver errors. If anybody could help me narrow it down and find the problem it would be much appreciated.

Here is my computer build:
Gigabyte GA-P55A-UD3
Intel i5 750
4 GB Corsair XMS3 DDR3
NVIDIA GeForce GTS 250
APEVIA ATX-JV650W 650W
Windows 7 Ultimate 64 bit


----------



## antech (Feb 23, 2010)

Run a* Quick Scan* with *SAS and MalwareBytes.*
*(Download link in my sign.)*


----------



## antech (Feb 23, 2010)

*Follow the below* *Instructions Carefully*:

*1. Download* *Hijack this* *from the* *link.*

*(Choose the installer of HJT-Hijack This)*

2. *Run a* *Scan*.

*DO NOT FIX ANYTHING BY YOURSELF.*

*(Doing so when NOT Instructed Might cause Unwanted* *System Instability, BSOD's and Even Render your System Unusable*)

*3. Save* a *Log file* *(On your Desktop)*

*4. Copy* *and* *Paste all the contents.*

*5.* *Paste them* *in the* *Reply Window.*

*I am NOT an Authorized Malware Remover.*

*The Log is requested by me only for Optimization Purposes, troubleshooting and removing applications that are causing various problems such as Crashing, BSOD's and Freezing and helping the poster remove any incompatible application/program and driver.*

*I will therefore NOT help if anything related to Malware is found in your log.*

*The thread will then be moved to the Malware Removal Forums for expert assistance.*


----------



## shizukuxii (May 14, 2010)

try to upgrade your bios. It work for me. I got an exactly same problem with you since 2 months ago(my pc reboot randomly 1-5times per day) but after I upgrade my bios, I run pc for 3 days and it work fine now. I'm so happy

hope it work for you


----------



## icee (May 14, 2010)

Here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:34:02 PM, on 5/14/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6188 bytes

I will try upgrading my bios later tonight. I have not done it before and I want to make sure that I have plenty of time and do it correctly.

Thanks for the help!


----------



## icee (May 14, 2010)

I updated my BIOS with the Gigabyte's @BIOS program, but my computer froze again this afternoon. The same error messages appeared in the event viewer. Every time the computer just completely locks up with no BSOD. It is hard to duplicate the event also as this time I was just browsing web pages and it suddenly froze.


----------



## icee (May 14, 2010)

Here are the logs from SAS and MalwareBytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/15/2010 at 04:09 PM

Application Version : 4.37.1000

Core Rules Database Version : 4940
Trace Rules Database Version: 2752

Scan type : Quick Scan
Total Scan Time : 00:29:28

Memory items scanned : 303
Memory threats detected : 0
Registry items scanned : 357
Registry threats detected : 0
File items scanned : 33006
File threats detected : 33

Adware.Tracking Cookie
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][2].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][2].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][2].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][2].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][3].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected]anager[1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][2].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][2].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][3].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][2].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][2].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][3].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt
C:\Windows.old\Documents and Settings\jon\Cookies\[email protected][1].txt

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4104

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/15/2010 4:16:27 PM
mbam-log-2010-05-15 (16-16-27).txt

Scan type: Quick scan
Objects scanned: 114673
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## lunarlander (Sep 22, 2007)

Did you overclock your system ? If you did, you need to run Prime95 and let it run for 6 hrs at least to ensure your system is stable.

There is a very good memory tester called Memtest. You need to run this program overnight to detect problems, as memory problems are flaky, and does not show up on 1 or 2 passes.


----------



## Frank4d (Sep 10, 2006)

Also check your CPU and GPU temperatures.


----------



## icee (May 14, 2010)

I did not overclock my system. I will run the memory test overnight tonight to see if anything comes up.

As for my CPU/GPU temperatures, they usually are around the 40-60 range depending on load. I am getting a new CPU cooler on the way, but I do not believe it to be a problem with the temperatures because the freezes occur when I am browsing the web sometimes, not always when I am playing intensive games.

Since I partitioned my hard drive into two parts, I will try and load Windows XP on the other part to see if it is stable on a different OS. I did an upgrade from Windows XP and even though I did not do much testing on Windows XP, I did not experience any freezes on that OS.


----------



## icee (May 14, 2010)

Froze again... this time with some new error messages.

The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
Source: Service Control Manager
Event ID: 7026

\??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Source: Application Popup
Event ID: 1060

\??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Source: Application Popup
Event ID: 1060

The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
Source: Service Control Driver
Event ID: 7016

I assume the first 3 deal with the SAS I installed and shouldn't cause much problems is the last error any cause for concern? Should I just uninstall the NVIDIA Steroscopic 3D Driver since I don't plan on doing any 3D gaming?


----------



## antech (Feb 23, 2010)

Some confliction are been seen with SAS on your system.Consider removing SAS now.Try updating the graphic card drivers


----------



## icee (May 14, 2010)

I already have the latest driver for my video card. I uninstalled the Steroscopic 3D driver and will see how that work. I've been having some problems with some programs, where my Ventrilo would freeze up and some games would also experience massive delays and unresponsiveness. I generally have to restart my computer to fix those problems. I'll try Windows XP 32-bit to see if it is more stable on that system as I am starting to believe it is a software/driver/OS problem instead of a hardware problem.


----------



## icee (May 14, 2010)

Here are some new warnings and error messages I found in event viewer.

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 5/17/2010 1:48:57 AM
Event ID: 11
Task Category: None
Level: Warning
Keywords: 
User: SYSTEM
Computer: Jon-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T08:48:57.683240600Z" />
<EventRecordID>5436</EventRecordID>
<Correlation />
<Execution ProcessID="480" ThreadID="524" />
<Channel>System</Channel>
<Computer>Jon-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
1
avgrssta.dll
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 5/17/2010 1:39:18 AM
Event ID: 1530
Task Category: None
Level: Warning
Keywords: 
User: SYSTEM
Computer: Jon-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL - 
1 user registry handles leaked from \Registry\User\S-1-5-21-2630584970-1289227207-2075662706-1001:
Process 2664 (\Device\HarddiskVolume1\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe) has opened key \REGISTRY\USER\S-1-5-21-2630584970-1289227207-2075662706-1001

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T08:39:18.341853500Z" />
<EventRecordID>1259</EventRecordID>
<Correlation />
<Execution ProcessID="1268" ThreadID="3036" />
<Channel>Application</Channel>
<Computer>Jon-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
1 user registry handles leaked from \Registry\User\S-1-5-21-2630584970-1289227207-2075662706-1001:
Process 2664 (\Device\HarddiskVolume1\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe) has opened key \REGISTRY\USER\S-1-5-21-2630584970-1289227207-2075662706-1001

</EventData>
</Event>

Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 5/16/2010 11:18:42 PM
Event ID: 3
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: Jon-PC
Description:
Session "Circular Kernel Context Logger" stopped due to the following error: 0xC0000188
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>14</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2010-05-17T06:18:42.484149400Z" />
<EventRecordID>5</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="188" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>Jon-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Circular Kernel Context Logger
C:\Windows\system32\WDI\LogFiles\BootCKCL.etl
3221225864
128
</EventData>
</Event>

Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 5/16/2010 11:18:42 PM
Event ID: 4
Task Category: Logging
Level: Warning
Keywords: Session
User: SYSTEM
Computer: Jon-PC
Description:
The maximum file size for session "Circular Kernel Context Logger" has been reached. As a result, events might be lost (not logged) to file "C:\Windows\system32\WDI\LogFiles\BootCKCL.etl". The maximum files size is currently set to 104857600 bytes.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>4</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1</Task>
<Opcode>10</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2010-05-17T06:18:42.484149400Z" />
<EventRecordID>4</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="188" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>Jon-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Circular Kernel Context Logger
C:\Windows\system32\WDI\LogFiles\BootCKCL.etl
3221225864
128
104857600
</EventData>
</Event>


----------

