contant script error messages due to virus

Page 2 of 5 FirstFirst 1234 ... LastLast

  1. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #11

    Please download VEW by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe
    and save it to your desktop

    Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.
    Click the check boxes next to Application and System located under Select log to query on the upper left

    Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
    Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run

    Once it finishes it will display a log file in notepad
    Please copy and paste its entire contents into your next reply
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #12

    Also, please copy and paste this lines in notepad:
    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


    Save as flush.bat to your desktop.
    Right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

    Let me know how you're doing now.
      My Computer


  3. Posts : 24
    windows 7 Professional 64 bit
       #13

    VEW


    Hi Jacee.

    I am having trouble accessing VEW. My computer won't display the page when I click or paste the address. I can bring up the malware removal website, but I can't seem to get at VEW. I am stumped.
      My Computer


  4. Posts : 24
    windows 7 Professional 64 bit
       #14

    Flush.bat


    Hi Jacee. Thanks so much for helping.

    I copied and ran the flush.bat list, and the computer rebooted -- magic!

    Thanks. Still can't get at VEW. It must be in the shop or something ...
      My Computer


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #15

    When you click on my link, does this appear at the bottom of your screen? This is a direct download, so don't try to reach it through the address bar. :)
    Attached Thumbnails Attached Thumbnails contant script error messages due to virus-vew.jpg  
      My Computer


  6. Posts : 24
    windows 7 Professional 64 bit
       #16

    VEW Log


    Hi Jacee. Managed to run VEW today. Here is log (in two parts as it is too long)

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 11/01/2013 4:58:39 PM
    Note: All dates below are in the format dd/mm/yyyy
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 11/01/2013 1:00:21 AM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 11/01/2013 12:01:40 AM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 10/01/2013 7:10:49 PM
    Type: Error Category: 0
    Event: 8193 Source: System Restore
    Failed to create restore point (Process = C:\Program Files (x86)\STOPzilla!\SZScanner.exe Files (x86)\STOPzilla!\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x80042319).
    Log: 'Application' Date/Time: 10/01/2013 8:45:42 AM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 10/01/2013 8:00:16 AM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 18798495
    Log: 'Application' Date/Time: 10/01/2013 8:00:16 AM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 18798495
    Log: 'Application' Date/Time: 10/01/2013 8:00:16 AM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second
    Log: 'Application' Date/Time: 09/01/2013 6:21:11 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 09/01/2013 6:07:26 PM
    Type: Error Category: 0
    Event: 8193 Source: System Restore
    Failed to create restore point (Process = C:\Program Files (x86)\STOPzilla!\SZScanner.exe Files (x86)\STOPzilla!\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x80042319).
    Log: 'Application' Date/Time: 09/01/2013 5:40:31 PM
    Type: Error Category: 0
    Event: 8193 Source: System Restore
    Failed to create restore point (Process = C:\Program Files (x86)\STOPzilla!\SZScanner.exe Files (x86)\STOPzilla!\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x80042319).
    Log: 'Application' Date/Time: 08/01/2013 7:17:14 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 08/01/2013 6:48:20 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 08/01/2013 6:37:08 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 08/01/2013 1:36:42 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 08/01/2013 4:46:27 AM
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program SZOptions.exe version 6.0.3.73 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 76c Start Time: 01cded5af8ad57f8 Termination Time: 10 Application Path: C:\Program Files (x86)\STOPzilla!\SZOptions.exe Report Id: 53bce081-594e-11e2-9f05-d0df9a3f1794
    Log: 'Application' Date/Time: 08/01/2013 4:45:29 AM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 07/01/2013 11:41:40 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 07/01/2013 11:26:28 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 07/01/2013 9:46:37 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Log: 'Application' Date/Time: 07/01/2013 3:48:57 PM
    Type: Error Category: 0
    Event: 8193 Source: System Restore
    Failed to create restore point (Process = C:\Program Files (x86)\STOPzilla!\SZScanner.exe Files (x86)\STOPzilla!\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x80042319).
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 11/01/2013 12:58:10 AM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000_Classes:
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas

    Log: 'Application' Date/Time: 11/01/2013 12:58:10 AM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 36 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000:
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\MenuExt
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Run
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
    Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\components
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\International
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\control panel
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\layers
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservicesonce
    Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservices
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\Desktop
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Styles
    Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\General
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Toolbar
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\setup
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\restrictions
    Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runonceex
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Extensions
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\search
    Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 1236 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\SearchUrl
      My Computer


  7. Posts : 24
    windows 7 Professional 64 bit
       #17

    VEW Log continued -- Part 2/3


    Log: 'Application' Date/Time: 11/01/2013 12:45:23 AM
    Type: Warning Category: 0
    Event: 36 Source: Outlook
    Outlook Search has encountered an error and is temporarily disabling indexing for store C:\Users\anne\AppData\Local\Microsoft\Outlook\Outlook.pst (error=0x800706ba).
    Log: 'Application' Date/Time: 10/01/2013 11:59:21 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000_Classes:
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas

    Log: 'Application' Date/Time: 10/01/2013 11:59:20 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 36 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000:
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\MenuExt
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Run
    Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\components
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\International
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\control panel
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\layers
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservicesonce
    Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservices
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\Desktop
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Styles
    Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\General
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Toolbar
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\setup
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\restrictions
    Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runonceex
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Extensions
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\search
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 1352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 116 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\SearchUrl

    Log: 'Application' Date/Time: 10/01/2013 7:20:36 PM
    Type: Warning Category: 0
    Event: 36 Source: Outlook
    Outlook Search has encountered an error and is temporarily disabling indexing for store C:\Users\anne\AppData\Local\Microsoft\Outlook\Outlook.pst (error=0x800706ba).
    Log: 'Application' Date/Time: 10/01/2013 7:10:49 PM
    Type: Warning Category: 0
    Event: 12301 Source: VSS
    Volume Shadow Copy Service error: Writer MSSearch Service Writer did not respond to a GatherWriterStatus call.
    Operation:
    Gather writers' status
    Executing Asynchronous Operation
    Context:
    Current State: GatherWriterStatus
    Log: 'Application' Date/Time: 10/01/2013 12:45:39 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <csc://{S-1-5-21-1585631881-3667024588-2436863049-1000}/> cannot be accessed.
    Context: Application, SystemIndex Catalog
    Details:
    (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 10/01/2013 9:45:39 AM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <csc://{S-1-5-21-1585631881-3667024588-2436863049-1000}/> cannot be accessed.
    Context: Application, SystemIndex Catalog
    Details:
    (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 10/01/2013 8:49:15 AM
    Type: Warning Category: 0
    Event: 1021 Source: .NET Runtime
    .NET Runtime version 2.0.50727.5466 - Executable "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.n i.dll"
    Log: 'Application' Date/Time: 10/01/2013 8:47:30 AM
    Type: Warning Category: 0
    Event: 1021 Source: .NET Runtime
    .NET Runtime version 2.0.50727.5466 - Executable "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" AppDomain "IAStorDataMgrSvc.exe" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStor Common.ni.dll"
    Log: 'Application' Date/Time: 10/01/2013 8:45:45 AM
    Type: Warning Category: 0
    Event: 1021 Source: .NET Runtime
    .NET Runtime version 2.0.50727.5466 - Executable "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.n i.dll"
    Log: 'Application' Date/Time: 10/01/2013 8:45:41 AM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <csc://{S-1-5-21-1585631881-3667024588-2436863049-1000}/> cannot be accessed.
    Context: Application, SystemIndex Catalog
    Details:
    (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 10/01/2013 8:42:50 AM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000_Classes:
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\internet settings
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\open
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\exefile\shell\open
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000_CLASSES\.exe\shell\runas
      My Computer


  8. Posts : 24
    windows 7 Professional 64 bit
       #18

    VEW Log continued 2.5/3


    Log: 'Application' Date/Time: 10/01/2013 8:42:49 AM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-1585631881-3667024588-2436863049-1000:
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\MenuExt
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Run
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Main
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\components
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\International
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\control panel
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\layers
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservicesonce
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runservices
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Control Panel\Desktop
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Styles
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Desktop\General
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Toolbar
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\setup
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Policies\Microsoft\internet explorer\restrictions
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\runonceex
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\Extensions
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\search
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 324 (\Device\HarddiskVolume3\Program Files (x86)\STOPzilla!\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-1585631881-3667024588-2436863049-1000\Software\Microsoft\Internet Explorer\SearchUrl
    Log: 'Application' Date/Time: 10/01/2013 8:30:05 AM
    Type: Warning Category: 0
    Event: 1130 Source: .NET Runtime Optimization Service
    .NET Runtime Optimization Service (4.0.30319.296) - Version or flavor did not match with repository: Microsoft.VisualBasic.Compatibility.Data
    Log: 'Application' Date/Time: 10/01/2013 8:25:44 AM
    Type: Warning Category: 1
    Event: 1020 Source: ASP.NET 4.0.30319.0
    Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
    Log: 'Application' Date/Time: 10/01/2013 8:25:38 AM
    Type: Warning Category: 1
    Event: 1020 Source: ASP.NET 4.0.30319.0
    Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
    Log: 'Application' Date/Time: 10/01/2013 8:18:12 AM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files (x86)\Norton PC Checkup 3.0\PCCU.exe' (pid 3164) cannot be restarted - Application SID does not match Conductor SID..
    Log: 'Application' Date/Time: 10/01/2013 8:18:12 AM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files (x86)\Norton PC Checkup 3.0\PCCU.exe' (pid 3164) cannot be restarted - Application SID does not match Conductor SID..
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      My Computer


  9. Posts : 24
    windows 7 Professional 64 bit
       #19

    VEW Log continued 3/3


    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 08/01/2013 6:35:29 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 06/01/2013 7:50:53 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 06/01/2013 7:21:06 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 04/01/2013 9:56:00 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 31/12/2012 6:40:28 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 31/12/2012 6:32:13 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 29/12/2012 5:54:10 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 27/12/2012 7:18:58 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 26/12/2012 5:43:21 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 22/12/2012 2:00:41 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 19/12/2012 8:53:15 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 18/12/2012 6:01:23 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 18/12/2012 2:35:03 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 17/12/2012 11:20:37 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 15/12/2012 10:52:46 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Log: 'System' Date/Time: 28/09/2012 8:00:22 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 11/01/2013 3:12:30 AM
    Type: Error Category: 0
    Event: 8003 Source: bowser
    The master browser has received a server announcement from the computer BUCK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BA7FB304-0598-44D2-BA04-BB77413308DF}. The master browser is stopping or an election is being forced.
    Log: 'System' Date/Time: 11/01/2013 1:01:36 AM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
    Log: 'System' Date/Time: 11/01/2013 12:59:31 AM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load: is3srv
    Log: 'System' Date/Time: 11/01/2013 12:59:16 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    Log: 'System' Date/Time: 11/01/2013 12:03:04 AM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
    Log: 'System' Date/Time: 11/01/2013 12:00:59 AM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load: is3srv
    Log: 'System' Date/Time: 11/01/2013 12:00:46 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    Log: 'System' Date/Time: 10/01/2013 11:59:16 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register with DCOM within the required timeout.
    Log: 'System' Date/Time: 10/01/2013 8:47:49 AM
    Type: Error Category: 0
    Event: 8032 Source: BROWSER
    The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BA7FB304-0598-44D2-BA04-BB77413308DF}. The backup browser is stopping.
    Log: 'System' Date/Time: 10/01/2013 8:47:29 AM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
    Log: 'System' Date/Time: 10/01/2013 8:45:26 AM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load: is3srv
    Log: 'System' Date/Time: 10/01/2013 8:45:12 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    Log: 'System' Date/Time: 10/01/2013 8:42:59 AM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register with DCOM within the required timeout.
    Log: 'System' Date/Time: 10/01/2013 8:02:43 AM
    Type: Error Category: 0
    Event: 8032 Source: BROWSER
    The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BA7FB304-0598-44D2-BA04-BB77413308DF}. The backup browser is stopping.
    Log: 'System' Date/Time: 09/01/2013 6:22:12 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
    Log: 'System' Date/Time: 09/01/2013 6:20:10 PM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load: is3srv
    Log: 'System' Date/Time: 09/01/2013 6:20:02 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    Log: 'System' Date/Time: 08/01/2013 7:18:43 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
    Log: 'System' Date/Time: 08/01/2013 7:17:31 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.
    Log: 'System' Date/Time: 08/01/2013 7:16:39 PM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load: is3srv
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 11/01/2013 5:50:13 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 22 seconds since the last report.
    Log: 'System' Date/Time: 11/01/2013 5:50:13 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 22 seconds since the last report.
    Log: 'System' Date/Time: 11/01/2013 5:50:12 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 22 seconds since the last report.
    Log: 'System' Date/Time: 11/01/2013 5:50:12 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 22 seconds since the last report.
    Log: 'System' Date/Time: 11/01/2013 5:09:34 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name shasta-clt.symantec.com timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 4:55:19 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name spoc-pool-gtm.norton.com timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 4:55:18 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name client.akamai.com timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 4:55:13 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.Belkin timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 4:55:08 PM
    Type: Warning Category: 0
    Event: 27 Source: e1cexpress
    Intel(R) 82579LM Gigabit Network Connection Network link is disconnected.
    Log: 'System' Date/Time: 11/01/2013 3:11:56 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name BUCK-PC.belkin timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 3:11:17 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name BUCK-PC.belkin timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 2:05:53 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 2:02:11 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name postnewsweekmedia.112.2o7.net timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 1:34:47 AM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll
    Log: 'System' Date/Time: 11/01/2013 1:34:24 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name BOTANICALBLOOMS.belkin timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 1:06:53 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name www.earthlink.net timed out after none of the configured DNS servers responded.
    Log: 'System' Date/Time: 11/01/2013 12:59:17 AM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
    Log: 'System' Date/Time: 11/01/2013 12:59:07 AM
    Type: Warning Category: 0
    Event: 27 Source: e1cexpress
    Intel(R) 82579LM Gigabit Network Connection Network link is disconnected.
    Log: 'System' Date/Time: 11/01/2013 12:59:05 AM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5801&MI_01\7&1eb0f4e8&0&0001.
    Log: 'System' Date/Time: 11/01/2013 12:58:18 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.









    Thanks Jacee.
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #20

    Uninstall StopZilla! How to Remove STOPzilla | eHow.com

    Please download (free version) Malwarebytes' Anti-Malware to your desktop
    http://www.malwarebytes.org/products/malwarebytes_free/
    * Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
      My Computer


 
Page 2 of 5 FirstFirst 1234 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:00.
Find Us