Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: contant script error messages due to virus


10 Jan 2013   #11
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download VEW by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe
and save it to your desktop

Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.
Click the check boxes next to Application and System located under Select log to query on the upper left

Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run

Once it finishes it will display a log file in notepad
Please copy and paste its entire contents into your next reply

My System SpecsSystem Spec
.

10 Jan 2013   #12
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Also, please copy and paste this lines in notepad:
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Let me know how you're doing now.
My System SpecsSystem Spec
10 Jan 2013   #13

windows 7 Professional 64 bit
 
 
VEW

Hi Jacee.

I am having trouble accessing VEW. My computer won't display the page when I click or paste the address. I can bring up the malware removal website, but I can't seem to get at VEW. I am stumped.
My System SpecsSystem Spec
.


10 Jan 2013   #14

windows 7 Professional 64 bit
 
 
Flush.bat

Hi Jacee. Thanks so much for helping.

I copied and ran the flush.bat list, and the computer rebooted -- magic!

Thanks. Still can't get at VEW. It must be in the shop or something ...
My System SpecsSystem Spec
11 Jan 2013   #15
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

When you click on my link, does this appear at the bottom of your screen? This is a direct download, so don't try to reach it through the address bar.


Attached Thumbnails
contant script error messages due to virus-vew.jpg  
My System SpecsSystem Spec
11 Jan 2013   #16

windows 7 Professional 64 bit
 
 
VEW Log

Hi Jacee. Managed to run VEW today. Here is log (in two parts as it is too long)

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/01/2013 4:58:39 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2013 1:00:21 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 11/01/2013 12:01:40 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 10/01/2013 7:10:49 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Program Files (x86)\STOPzilla!\SZScanner.exe Files (x86)\STOPzilla!\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x80042319).
Log: 'Application' Date/Time: 10/01/2013 8:45:42 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 10/01/2013 8:00:16 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 18798495
Log: 'Application' Date/Time: 10/01/2013 8:00:16 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 18798495
Log: 'Application' Date/Time: 10/01/2013 8:00:16 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second
Log: 'Application' Date/Time: 09/01/2013 6:21:11 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 09/01/2013 6:07:26 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Program Files (x86)\STOPzilla!\SZScanner.exe Files (x86)\STOPzilla!\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x80042319).
Log: 'Application' Date/Time: 09/01/2013 5:40:31 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Program Files (x86)\STOPzilla!\SZScanner.exe Files (x86)\STOPzilla!\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x80042319).
Log: 'Application' Date/Time: 08/01/2013 7:17:14 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 08/01/2013 6:48:20 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 08/01/2013 6:37:08 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 08/01/2013 1:36:42 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 08/01/2013 4:46:27 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SZOptions.exe version 6.0.3.73 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 76c Start Time: 01cded5af8ad57f8 Termination Time: 10 Application Path: C:\Program Files (x86)\STOPzilla!\SZOptions.exe Report Id: 53bce081-594e-11e2-9f05-d0df9a3f1794
Log: 'Application' Date/Time: 08/01/2013 4:45:29 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 07/01/2013 11:41:40 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 07/01/2013 11:26:28 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 07/01/2013 9:46:37 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 07/01/2013 3:48:57 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Program Files (x86)\STOPzilla!\SZScanner.exe Files (x86)\STOPzilla!\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x80042319).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2013 12:58:10 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000_Classes:
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas

Log: 'Application' Date/Time: 11/01/2013 12:58:10 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 36 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000:
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\MenuExt
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\components
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\International
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\control panel
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\layers
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservicesonce
Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservices
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\Desktop
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Styles
Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\General
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Toolbar
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\setup
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\restrictions
Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runonceex
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Extensions
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\search
Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\SearchUrl
My System SpecsSystem Spec
11 Jan 2013   #17

windows 7 Professional 64 bit
 
 
VEW Log continued -- Part 2/3

Log: 'Application' Date/Time: 11/01/2013 12:45:23 AM
Type: Warning Category: 0
Event: 36 Source: Outlook
Outlook Search has encountered an error and is temporarily disabling indexing for store C:\Users\anne\AppData\Local\Microsoft\Outlook\Outlook.pst (error=0x800706ba).
Log: 'Application' Date/Time: 10/01/2013 11:59:21 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000_Classes:
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas

Log: 'Application' Date/Time: 10/01/2013 11:59:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 36 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000:
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\MenuExt
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\components
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\International
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\control panel
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\layers
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservicesonce
Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservices
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\Desktop
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Styles
Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\General
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Toolbar
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\setup
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\restrictions
Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runonceex
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Extensions
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\search
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\SearchUrl

Log: 'Application' Date/Time: 10/01/2013 7:20:36 PM
Type: Warning Category: 0
Event: 36 Source: Outlook
Outlook Search has encountered an error and is temporarily disabling indexing for store C:\Users\anne\AppData\Local\Microsoft\Outlook\Outlook.pst (error=0x800706ba).
Log: 'Application' Date/Time: 10/01/2013 7:10:49 PM
Type: Warning Category: 0
Event: 12301 Source: VSS
Volume Shadow Copy Service error: Writer MSSearch Service Writer did not respond to a GatherWriterStatus call.
Operation:
Gather writers' status
Executing Asynchronous Operation
Context:
Current State: GatherWriterStatus
Log: 'Application' Date/Time: 10/01/2013 12:45:39 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1585631881-3667024588-2436863049-1000}/> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 10/01/2013 9:45:39 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1585631881-3667024588-2436863049-1000}/> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 10/01/2013 8:49:15 AM
Type: Warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.5466 - Executable "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.n i.dll"
Log: 'Application' Date/Time: 10/01/2013 8:47:30 AM
Type: Warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.5466 - Executable "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" AppDomain "IAStorDataMgrSvc.exe" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStor Common.ni.dll"
Log: 'Application' Date/Time: 10/01/2013 8:45:45 AM
Type: Warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.5466 - Executable "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.n i.dll"
Log: 'Application' Date/Time: 10/01/2013 8:45:41 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1585631881-3667024588-2436863049-1000}/> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 10/01/2013 8:42:50 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000_Classes:
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas
My System SpecsSystem Spec
11 Jan 2013   #18

windows 7 Professional 64 bit
 
 
VEW Log continued 2.5/3

Log: 'Application' Date/Time: 10/01/2013 8:42:49 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000:
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\MenuExt
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\components
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\International
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\control panel
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\layers
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservicesonce
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservices
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\Desktop
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Styles
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\General
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Toolbar
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\setup
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\restrictions
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runonceex
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Extensions
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\search
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\SearchUrl
Log: 'Application' Date/Time: 10/01/2013 8:30:05 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (4.0.30319.296) - Version or flavor did not match with repository: Microsoft.VisualBasic.Compatibility.Data
Log: 'Application' Date/Time: 10/01/2013 8:25:44 AM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
Log: 'Application' Date/Time: 10/01/2013 8:25:38 AM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
Log: 'Application' Date/Time: 10/01/2013 8:18:12 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Norton PC Checkup 3.0\PCCU.exe' (pid 3164) cannot be restarted - Application SID does not match Conductor SID..
Log: 'Application' Date/Time: 10/01/2013 8:18:12 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Norton PC Checkup 3.0\PCCU.exe' (pid 3164) cannot be restarted - Application SID does not match Conductor SID..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My System SpecsSystem Spec
11 Jan 2013   #19

windows 7 Professional 64 bit
 
 
VEW Log continued 3/3

'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/01/2013 6:35:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 06/01/2013 7:50:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 06/01/2013 7:21:06 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 04/01/2013 9:56:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 31/12/2012 6:40:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 31/12/2012 6:32:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 29/12/2012 5:54:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 27/12/2012 7:18:58 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 26/12/2012 5:43:21 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 22/12/2012 2:00:41 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 19/12/2012 8:53:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 18/12/2012 6:01:23 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 18/12/2012 2:35:03 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 17/12/2012 11:20:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 15/12/2012 10:52:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/09/2012 8:00:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2013 3:12:30 AM
Type: Error Category: 0
Event: 8003 Source: bowser
The master browser has received a server announcement from the computer BUCK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BA7FB304-0598-44D2-BA04-BB77413308DF}. The master browser is stopping or an election is being forced.
Log: 'System' Date/Time: 11/01/2013 1:01:36 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
Log: 'System' Date/Time: 11/01/2013 12:59:31 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: is3srv
Log: 'System' Date/Time: 11/01/2013 12:59:16 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
Log: 'System' Date/Time: 11/01/2013 12:03:04 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
Log: 'System' Date/Time: 11/01/2013 12:00:59 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: is3srv
Log: 'System' Date/Time: 11/01/2013 12:00:46 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
Log: 'System' Date/Time: 10/01/2013 11:59:16 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 10/01/2013 8:47:49 AM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BA7FB304-0598-44D2-BA04-BB77413308DF}. The backup browser is stopping.
Log: 'System' Date/Time: 10/01/2013 8:47:29 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
Log: 'System' Date/Time: 10/01/2013 8:45:26 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: is3srv
Log: 'System' Date/Time: 10/01/2013 8:45:12 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
Log: 'System' Date/Time: 10/01/2013 8:42:59 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 10/01/2013 8:02:43 AM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BA7FB304-0598-44D2-BA04-BB77413308DF}. The backup browser is stopping.
Log: 'System' Date/Time: 09/01/2013 6:22:12 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
Log: 'System' Date/Time: 09/01/2013 6:20:10 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: is3srv
Log: 'System' Date/Time: 09/01/2013 6:20:02 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
Log: 'System' Date/Time: 08/01/2013 7:18:43 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
Log: 'System' Date/Time: 08/01/2013 7:17:31 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 08/01/2013 7:16:39 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: is3srv
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2013 5:50:13 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 22 seconds since the last report.
Log: 'System' Date/Time: 11/01/2013 5:50:13 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 22 seconds since the last report.
Log: 'System' Date/Time: 11/01/2013 5:50:12 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 22 seconds since the last report.
Log: 'System' Date/Time: 11/01/2013 5:50:12 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 22 seconds since the last report.
Log: 'System' Date/Time: 11/01/2013 5:09:34 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name shasta-clt.symantec.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 4:55:19 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name spoc-pool-gtm.norton.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 4:55:18 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name client.akamai.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 4:55:13 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Belkin timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 4:55:08 PM
Type: Warning Category: 0
Event: 27 Source: e1cexpress
Intel(R) 82579LM Gigabit Network Connection Network link is disconnected.
Log: 'System' Date/Time: 11/01/2013 3:11:56 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name BUCK-PC.belkin timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 3:11:17 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name BUCK-PC.belkin timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 2:05:53 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 2:02:11 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name postnewsweekmedia.112.2o7.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 1:34:47 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll
Log: 'System' Date/Time: 11/01/2013 1:34:24 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name BOTANICALBLOOMS.belkin timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 1:06:53 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.earthlink.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 11/01/2013 12:59:17 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Log: 'System' Date/Time: 11/01/2013 12:59:07 AM
Type: Warning Category: 0
Event: 27 Source: e1cexpress
Intel(R) 82579LM Gigabit Network Connection Network link is disconnected.
Log: 'System' Date/Time: 11/01/2013 12:59:05 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5801&MI_01\7&1eb0f4e8&0&0001.
Log: 'System' Date/Time: 11/01/2013 12:58:18 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.









Thanks Jacee.
My System SpecsSystem Spec
11 Jan 2013   #20
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Uninstall StopZilla! How to Remove STOPzilla | eHow.com

Please download (free version) Malwarebytes' Anti-Malware to your desktop
http://www.malwarebytes.org/products/malwarebytes_free/
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
My System SpecsSystem Spec
Reply

 contant script error messages due to virus




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:04 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33