[GalAdmin]

Hi all,

One of my servers(Windoes Server 2008 Standard) have been affected by the same virus as in http://www.geekstogo...amp;pid=1341988


We run Trend Office MicroScan on the network, the virus was brought onto the network by some of the users' flashdrives. And from the network it has reached my file and print server.

Below are the log files from the OTViewIt scan. I would like to proceed with the solution on the above link but dont know if my log files results allow that without different steps having to be taken?

OTViewIt.txt:

OTViewIt logfile created on: 2009/02/18 11:11:25 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Administrator.GALAXYJEWELLERS\Desktop
Windows Vista Server Standard Edition (full installation) Service Pack 1 (Version = 6.0.6001) - Type = NTServer
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 91.57% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.61 Gb Total Space | 113.84 Gb Free Space | 83.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 341.61 Gb Total Space | 175.72 Gb Free Space | 51.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GALFSP01
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2008/10/14 17:10:42 | 00,435,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
[2008/01/19 09:33:10 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
[2009/02/18 11:02:56 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.GALAXYJEWELLERS\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (AdtAgent [Disabled | Stopped])
[2008/01/05 13:25:18 | 00,045,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (CertPropSvc [Unknown | Running])
[2008/01/05 13:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/05 13:25:45 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2007/09/26 05:09:42 | 01,171,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft DPM\DPM\bin\dpmac.exe -- (DPMAC [On_Demand | Stopped])
[2007/09/26 05:10:40 | 01,889,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft DPM\DPM\bin\DPMLA.exe -- (DPMLA [On_Demand | Stopped])
[2008/06/20 09:54:54 | 03,822,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft DPM\DPM\bin\DPMRA.exe -- (DPMRA [On_Demand | Stopped])
[2008/06/20 09:54:52 | 00,518,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft DPM\DPM\bin\DpmWriter.exe -- (DpmWriter [Auto | Running])
File not found -- -- (DPS [Unknown | Running])
[2008/02/16 10:46:10 | 00,031,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\System Center Operations Manager 2007\HealthService.exe -- (HealthService [Auto | Running])
[2006/11/02 11:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Stopped])
[2008/06/20 09:54:54 | 00,722,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft DPM\DPM\bin\msdpm.exe -- (MSDPM [On_Demand | Running])
[2008/01/19 12:11:31 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Running])
[2007/03/24 02:40:50 | 38,516,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft DPM\SQL\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MS$DPM2007$ [Auto | Running])
[2005/10/14 14:38:26 | 00,064,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2008/01/19 09:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [Auto | Running])
[2008/10/14 17:10:30 | 01,250,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe -- (ntrtscan [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/19 09:33:19 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2007/03/24 02:40:48 | 00,017,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft DPM\SQL\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer$MS$DPM2007$ [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/19 09:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2007/02/10 10:03:22 | 00,423,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft DPM\SQL\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLAgent$MS$DPM2007$ [Auto | Running])
[2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2007/02/10 10:03:26 | 00,156,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2008/10/14 17:10:40 | 01,355,568 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten [Auto | Running])
[2008/10/14 17:10:38 | 00,865,032 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy [On_Demand | Stopped])
[2006/11/02 08:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Running])
[2006/11/02 08:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Running])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])

========== Driver Services ==========

File not found -- -- (ACPI [Boot | Running])
File not found -- -- (arcsas [Boot | Running])
File not found -- -- (atapi [Boot | Running])
[2008/01/19 15:51:36 | 00,429,568 | ---- | M] (Broadcom Corporation) -- C:\Windows\WinSxS\amd64_netbvbda.inf.driverupdate_31bf3856ad364e35_6.0.6001.18000_none_7ca0836437cf0c5c\bxvbda.sys -- (b06bdrv [On_Demand | Running])
File not found -- -- (blbdrive [On_Demand | Running])
File not found -- -- (cdrom [System | Running])
File not found -- -- (crcdisk [Boot | Running])
[2007/05/08 00:21:46 | 00,123,008 | ---- | M] (Trend Micro Inc.) -- E:\Sysmaint\TMVS\DhcpListenDriver.sys -- (DhcpListenDriver [On_Demand | Stopped])
File not found -- -- (disk [Boot | Running])
[2007/07/24 12:54:42 | 00,001,421 | ---- | M] () -- C:\Program Files\Microsoft DPM\DPM\bin\dpmfltr.inf -- (dpmfltr [Boot | Running])
File not found -- -- (HidUsb [On_Demand | Running])
File not found -- -- (intelppm [On_Demand | Running])
[2008/01/19 15:51:36 | 00,035,328 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_qd260x64.inf_31bf3856ad364e35_6.0.6001.18000_none_6760e38cc4dee312\qd260x64.sys -- (ioatdma [Disabled | Stopped])
File not found -- -- (IPMIDRV [On_Demand | Running])
File not found -- -- (iScsiPrt [On_Demand | Running])
File not found -- -- (kbdclass [System | Running])
File not found -- -- (kbdhid [System | Running])
[2008/01/19 15:51:36 | 00,064,512 | ---- | M] (Broadcom Corporation) -- C:\Windows\WinSxS\amd64_netbxnda.inf.driverupdate_31bf3856ad364e35_6.0.6001.18000_none_f3d8956876bda2ae\bxnd60a.sys -- (l2nd [On_Demand | Running])
File not found -- -- (LSI_SAS [Boot | Running])
File not found -- -- (ltotape [On_Demand | Running])
File not found -- -- (monitor [On_Demand | Running])
File not found -- -- (mouclass [System | Running])
File not found -- -- (mouhid [On_Demand | Running])
[2006/09/18 23:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found -- -- (msisadrv [Boot | Running])
File not found -- -- (mssmbios [On_Demand | Running])
File not found -- -- (pci [Boot | Running])
File not found -- -- (pciide [Boot | Running])
File not found -- -- (rdpdr [On_Demand | Running])
[2008/01/19 11:49:01 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6001.18000_none_b9cb72d175a2fd02\secdrv.sys -- (secdrv [Auto | Running])
File not found -- -- (Serenum [On_Demand | Running])
File not found -- -- (Serial [System | Running])
File not found -- -- (swenum [On_Demand | Running])
[2006/09/18 23:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
File not found -- -- (TermDD [System | Running])
[2008/08/16 03:01:34 | 00,235,536 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter [Auto | Running])
[2008/08/16 03:01:32 | 00,042,000 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter [Auto | Running])
File not found -- -- (tmtdi [System | Running])
File not found -- -- (umbus [On_Demand | Running])
File not found -- -- (usbccgp [On_Demand | Running])
File not found -- -- (usbehci [On_Demand | Running])
File not found -- -- (usbhub [On_Demand | Running])
File not found -- -- (usbuhci [On_Demand | Running])
File not found -- -- (vga [On_Demand | Running])
File not found -- -- (volmgr [Boot | Running])
File not found -- -- (volsnap [Boot | Running])
[2008/08/16 02:58:10 | 01,839,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://intranet.galaxyjewellers.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://intranet.galaxyjewellers.com
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://intranet.galaxyjewellers.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.galaxyjewellers.com;<local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3181513467-3667174707-1183156345-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://intranet.galaxyjewellers.com
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://intranet.galaxyjewellers.com

[HKEY_USERS\S-1-5-21-3181513467-3667174707-1183156345-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3181513467-3667174707-1183156345-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.galaxyjewellers.com;<local>

[HKEY_USERS\S-1-5-21-3221782736-1706730798-3783014625-1011\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3221782736-1706730798-3783014625-1011\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow (Trend Micro Inc.)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"ShowSuperHidden"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/b...lineScanner.cab -- OnlineScanner Control

========== (O17) DNS Name Servers ==========

{2A4FD1C6-C25A-46F2-AD39-D5E7E64F457D} (Servers: 192.168.115.201,192.168.115.202 | Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client))
{D2CFC323-A96B-454B-AFBE-483A2908863E} (Servers: | Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client))

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/01/19 09:33:10 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 09:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 09:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[2009/02/18 11:10:55 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator.GALAXYJEWELLERS\Desktop\OTViewIt.exe
[2009/02/11 13:29:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\EsetOnlineScanner
[2009/02/11 12:58:17 | 00,000,005 | ---- | C] () -- C:\Windows\sorted
[2009/02/09 10:13:05 | 00,000,000 | -H-D | C] -- C:\Windows\System32\41D8CD
[2009/02/09 10:13:05 | 00,000,000 | -H-D | C] -- C:\Windows\System32\204E98

========== Files - Modified Within 30 Days ==========

[2009/02/18 11:02:56 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.GALAXYJEWELLERS\Desktop\OTViewIt.exe
[2009/02/18 09:58:13 | 00,001,460 | ---- | M] () -- C:\Users\Administrator.GALAXYJEWELLERS\AppData\Local\d3d9caps64.dat
[2009/02/18 07:00:03 | 00,000,494 | ---- | M] () -- C:\Windows\tasks\ShadowCopyVolume{f74f31cd-a017-11dd-97e3-00215e26b0ee}.job
[2009/02/11 12:58:17 | 00,000,005 | ---- | M] () -- C:\Windows\sorted
[2009/01/26 11:19:21 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/01/26 11:19:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
< End of report >



Extras.txt:

OTViewIt Extras logfile created on: 2009/02/18 11:11:25 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Administrator.GALAXYJEWELLERS\Desktop
Windows Vista Server Standard Edition (full installation) Service Pack 1 (Version = 6.0.6001) - Type = NTServer
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 91.57% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.61 Gb Total Space | 113.84 Gb Free Space | 83.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 341.61 Gb Total Space | 175.72 Gb Free Space | 51.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GALFSP01
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=1
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-21-3221782736-1706730798-3783014625-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:34:59 | 03,578,368 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:34:59 | 03,578,368 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:34:59 | 03,578,368 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/09/23 04:28:18 | 00,866,304 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 13:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:34:59 | 03,578,368 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 09:34:59 | 03,578,368 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (vb script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/01/19 09:36:46 | 01,165,824 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{AC76BA86-7AD7-1033-7B44-A80000000002}"=Adobe Reader 8
"EsetOnlineScanner"=ESET Online Scanner
"OfficeScanNT"=Trend Micro OfficeScan Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008/12/14 04:25:11 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Perflib | ID = 1008
Description =

Error - 2008/12/14 04:25:11 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Perflib | ID = 1021
Description =

Error - 2008/12/14 04:25:11 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Perflib | ID = 1017
Description =

Error - 2008/12/23 09:00:35 PM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Report Server Windows Service (MS$DPM2007$) | ID = 107
Description = Report Server Windows Service (MS$DPM2007$) cannot connect to the
report server database.

Error - 2008/12/23 09:01:39 PM | Computer Name = GALFSP01.galaxyjewellers.com | Source = MSSQL$MS$DPM2007$ | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: 192.168.115.206]

Error - 2008/12/24 06:38:47 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Perflib | ID = 1021
Description =

Error - 2008/12/24 06:38:47 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Perflib | ID = 1017
Description =

Error - 2009/01/26 05:20:11 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Perflib | ID = 1008
Description =

Error - 2009/01/27 08:33:29 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Application Error | ID = 1000
Description = Faulting application mmc.exe, version 6.0.6001.18000, time stamp 0x47919524,
faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791ada5, exception
code 0xe0434f4d, fault offset 0x000000000002649d, process id 0xœ%Ö œ%Ö , application
start time 0xœ%Ö œ%Ö .

Error - 2009/02/09 08:16:54 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

[ DPM Alerts Events ]
Error - 2009/02/09 03:12:48 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 2
Description = The replica of D:\ on GALDC02.galaxyjewellers.com is inconsistent
with the protected data source. All protection activities for data source will fail
until the replica is synchronized with consistency check. (ID: 3163) GALDC02.galaxyjewellers.com
has been restarted without being properly shut down. (ID: 111) DPM ID: 2^|^GALFSP01^|^Replica
inconsistent^|^DPM^|^Backup^|^GALDC02.galaxyjewellers.com^|^e0dcba4e-e377-4e24-9ee5-53e9e55f20c0

Error - 2009/02/09 03:12:48 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 2
Description = The replica of SystemState on GALDC02.galaxyjewellers.com is inconsistent
with the protected data source. All protection activities for data source will
fail until the replica is synchronized with consistency check. (ID: 3163) Failed
to create the System State backup. If you trying to get the system state of a Windows
2008 Server Operating System, check if the Windows Server Backup is installed.
Check if there is enough free disk space on the production server to store the system
state. (ID: 30214) DPM ID: 2^|^GALFSP01^|^Replica inconsistent^|^DPM^|^Backup^|^GALDC02.galaxyjewellers.com^|^09c49837-463b-496c-a831-1cfd5f6cdb2a

Error - 2009/02/09 03:12:49 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 2
Description = The replica of SystemState on GALDC01.galaxyjewellers.com is inconsistent
with the protected data source. All protection activities for data source will
fail until the replica is synchronized with consistency check. (ID: 3163) GALDC01.galaxyjewellers.com
has been restarted without being properly shut down. (ID: 111) DPM ID: 2^|^GALFSP01^|^Replica
inconsistent^|^DPM^|^Backup^|^GALDC01.galaxyjewellers.com^|^0ef0d11a-0858-4649-9ae5-a94258fdfeed

Error - 2009/02/09 03:12:49 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 2
Description = The replica of D:\ on GALDC01.galaxyjewellers.com is inconsistent
with the protected data source. All protection activities for data source will fail
until the replica is synchronized with consistency check. (ID: 3163) GALDC01.galaxyjewellers.com
has been restarted without being properly shut down. (ID: 111) DPM ID: 2^|^GALFSP01^|^Replica
inconsistent^|^DPM^|^Backup^|^GALDC01.galaxyjewellers.com^|^8f149b9e-0e8e-4b54-83c9-897e362675c7

Error - 2009/02/09 03:18:26 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 2
Description = The replica of Second Storage Group on galex01.galaxyjewellers.com
is inconsistent with the protected data source. All protection activities for data
source will fail until the replica is synchronized with consistency check. (ID:
3163) galex01.galaxyjewellers.com has been restarted without being properly shut
down. (ID: 111) DPM ID: 2^|^GALFSP01^|^Replica inconsistent^|^DPM^|^Backup^|^galex01.galaxyjewellers.com^|^e8eb19db-79b5-4151-8680-c1299d6a4f41

Error - 2009/02/09 03:18:26 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 2
Description = The replica of SystemState on galex01.galaxyjewellers.com is inconsistent
with the protected data source. All protection activities for data source will
fail until the replica is synchronized with consistency check. (ID: 3163) galex01.galaxyjewellers.com
has been restarted without being properly shut down. (ID: 111) DPM ID: 2^|^GALFSP01^|^Replica
inconsistent^|^DPM^|^Backup^|^galex01.galaxyjewellers.com^|^112ffa1f-7b25-46f5-8952-8ef1403bb13a

Error - 2009/02/09 03:18:26 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 2
Description = The replica of First Storage Group on galex01.galaxyjewellers.com
is inconsistent with the protected data source. All protection activities for data
source will fail until the replica is synchronized with consistency check. (ID:
3163) galex01.galaxyjewellers.com has been restarted without being properly shut
down. (ID: 111) DPM ID: 2^|^GALFSP01^|^Replica inconsistent^|^DPM^|^Backup^|^galex01.galaxyjewellers.com^|^933b6d1e-19a7-43bd-830d-eb5ff1e8726d

Error - 2009/02/14 09:09:28 PM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 1
Description = The back up to tape job failed for the following reason: (ID: 3311)
Failed
to create the System State backup. If you trying to get the system state of a Windows
2008 Server Operating System, check if the Windows Server Backup is installed.
Check if there is enough free disk space on the production server to store the system
state. (ID: 30214) DPM ID: 4^|^GALFSP01^|^Backup to tape failed^|^DPM^|^Tape^|^GALDC02.galaxyjewellers.com^|^58d138a6-d823-4b91-ad8f-64762d26e2c1

Error - 2009/02/14 10:10:11 PM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 1
Description = The back up to tape job failed for the following reason: (ID: 3311)
Failed
to create the System State backup. If you trying to get the system state of a Windows
2008 Server Operating System, check if the Windows Server Backup is installed.
Check if there is enough free disk space on the production server to store the system
state. (ID: 30214) DPM ID: 4^|^GALFSP01^|^Backup to tape failed^|^DPM^|^Tape^|^GALVM01.galaxyjewellers.com^|^75b88cbc-b115-4b21-90c7-1b78f616aa7c

Error - 2009/02/14 10:10:41 PM | Computer Name = GALFSP01.galaxyjewellers.com | Source = DPM-EM | ID = 1
Description = The back up to tape job failed for the following reason: (ID: 3311)
Failed
to create the System State backup. If you trying to get the system state of a Windows
2008 Server Operating System, check if the Windows Server Backup is installed.
Check if there is enough free disk space on the production server to store the system
state. (ID: 30214) DPM ID: 4^|^GALFSP01^|^Backup to tape failed^|^DPM^|^Tape^|^GALWSS01.galaxyjewellers.com^|^8ae64370-a162-4f46-b174-6337c7a34d7b

[ Operations Manager Events ]
Error - 2009/01/26 05:20:15 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Health Service Modules | ID = 10102
Description = In PerfDataSource, could not resolve counter Fax Service, Faxes sent,
. Module will be unloaded. One or more workflows were affected by this. Workflow
name: Microsoft.Windows.Server.2008.FaxServer.FaxService.FaxesSentPerformance.Collection

Instance
name: Fax Server (GALFSP01) Instance ID: {BDC07320-4788-F292-23BE-BD82229D87E5} Management
group: GALSCUM01_MG

Error - 2009/01/26 05:20:15 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Health Service Modules | ID = 10102
Description = In PerfDataSource, could not resolve counter Fax Service, Bytes received,
. Module will be unloaded. One or more workflows were affected by this. Workflow
name: Microsoft.Windows.Server.2008.FaxServer.FaxService.BytesReceived.Performance.Collection

Instance
name: Fax Server (GALFSP01) Instance ID: {BDC07320-4788-F292-23BE-BD82229D87E5} Management
group: GALSCUM01_MG

Error - 2009/01/26 05:20:15 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Health Service Modules | ID = 10102
Description = In PerfDataSource, could not resolve counter Fax Service, Failed receptions,
. Module will be unloaded. One or more workflows were affected by this. Workflow
name: Microsoft.Windows.Server.2008.FaxServer.FaxService.FailedReception.Performance.Collection

Instance
name: Fax Server (GALFSP01) Instance ID: {BDC07320-4788-F292-23BE-BD82229D87E5} Management
group: GALSCUM01_MG

Error - 2009/01/26 05:20:15 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = Health Service Modules | ID = 10102
Description = In PerfDataSource, could not resolve counter Fax Service, Failed outgoing
connections, . Module will be unloaded. One or more workflows were affected by this.
Workflow name: Microsoft.Windows.Server.2008.FaxServer.FaxService.FailedOutgoingConnections.Performance.Collection

Instance
name: Fax Server (GALFSP01) Instance ID: {BDC07320-4788-F292-23BE-BD82229D87E5} Management
group: GALSCUM01_MG

Error - 2009/01/26 05:21:17 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = OpsMgr Connector | ID = 21016
Description = OpsMgr was unable to set up a communications channel to galscum01.galaxyjewellers.com
and there are no failover hosts. Communication will resume when galscum01.galaxyjewellers.com
is both available and allows communication from this computer.

Error - 2009/02/02 02:51:34 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = OpsMgr Connector | ID = 21006
Description = The OpsMgr Connector could not connect to galscum01.galaxyjewellers.com:5723.
The error code is 10061L(No connection could be made because the target machine
actively refused it. ). Please verify there is network connectivity, the server
is running and has registered it's listening port, and there are no firewalls blocking
traffic to the destination.

Error - 2009/02/02 02:51:40 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = OpsMgr Connector | ID = 21016
Description = OpsMgr was unable to set up a communications channel to galscum01.galaxyjewellers.com
and there are no failover hosts. Communication will resume when galscum01.galaxyjewellers.com
is both available and allows communication from this computer.

Error - 2009/02/02 03:16:34 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = OpsMgr Connector | ID = 21006
Description = The OpsMgr Connector could not connect to galscum01.galaxyjewellers.com:5723.
The error code is 10061L(No connection could be made because the target machine
actively refused it. ). Please verify there is network connectivity, the server
is running and has registered it's listening port, and there are no firewalls blocking
traffic to the destination.

Error - 2009/02/02 03:16:40 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = OpsMgr Connector | ID = 21016
Description = OpsMgr was unable to set up a communications channel to galscum01.galaxyjewellers.com
and there are no failover hosts. Communication will resume when galscum01.galaxyjewellers.com
is both available and allows communication from this computer.

Error - 2009/02/02 03:31:36 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = OpsMgr Connector | ID = 21006
Description = The OpsMgr Connector could not connect to galscum01.galaxyjewellers.com:5723.
The error code is 10061L(No connection could be made because the target machine
actively refused it. ). Please verify there is network connectivity, the server
is running and has registered it's listening port, and there are no firewalls blocking
traffic to the destination.

[ System Events ]
Error - 2009/01/16 11:40:08 PM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 01:10:08 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 02:10:08 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 03:40:07 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 04:40:07 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 05:10:07 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 08:10:08 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 09:10:08 AM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 12:40:06 PM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 2009/01/17 01:10:08 PM | Computer Name = GALFSP01.galaxyjewellers.com | Source = VDS Dynamic Provider | ID = 16908298
Description =


< End of report >


Please advise on what I need to do from here...your help will be GREATLY appreciated as I have found no other proper solution to this problem elsewhere! PLEASE

[Advertisements]

Hi there,

Welcome to Geekstogo. You are running 64bit Vista, so none of the tools that we use to remove malware will work properly, they are built for 32bit Windows. The good news is that malware finds it difficult to run on 64bit Windows too!

Now the best thing that I can recommend is that you boot the machine into Safe Mode, and then run a complete scan with your AV. In most cases this will clean the system. If you are unsure whether your AV is purpose built for 64bit Windows, then please have a look at this site to download one that is.

After that, run an online scan with Kaspersky WebScanner.
Note: You must disable your Anti Virus program during the scan. If you are unsure of how to disable these programs, please refer to this page for details.

• Click the Accept button to agree to the disclaimer.
  
  You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded and updated click on My Computer in the Scan settings
  • This will start the scan of your system.
  • The scan will take a while so be patient and let it run until it is complete.
  • Now click on the View scan report link:
• Click the Save report as button
• Under Save as type, choose Text file (*.txt)
• Save the file to your desktop as Kaspersky.txt
• Copy and paste that information in your next post.

We can then look at whether there is anything left over that can be deleted manually.

Regards,
RatHat

[RatHat]

Hi there,

Welcome to Geekstogo. You are running 64bit Vista, so none of the tools that we use to remove malware will work properly, they are built for 32bit Windows. The good news is that malware finds it difficult to run on 64bit Windows too!

Now the best thing that I can recommend is that you boot the machine into Safe Mode, and then run a complete scan with your AV. In most cases this will clean the system. If you are unsure whether your AV is purpose built for 64bit Windows, then please have a look at this site to download one that is.

After that, run an online scan with Kaspersky WebScanner.
Note: You must disable your Anti Virus program during the scan. If you are unsure of how to disable these programs, please refer to this page for details.

• Click the Accept button to agree to the disclaimer.
  
  You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded and updated click on My Computer in the Scan settings
  • This will start the scan of your system.
  • The scan will take a while so be patient and let it run until it is complete.
  • Now click on the View scan report link:
• Click the Save report as button
• Under Save as type, choose Text file (*.txt)
• Save the file to your desktop as Kaspersky.txt
• Copy and paste that information in your next post.

We can then look at whether there is anything left over that can be deleted manually.

Regards,
RatHat

[RatHat]

Along with carrying out the above, download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
• Check the box that says Scan All Users
• Check the box that says Include MD5
• For File Age, choose 60 Days
• Under Basic Scans leave all as default except:[list]
• Check the radio button under Rootkit Search for Yes
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please zip the log and attach the zipped file in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[RatHat]

Do you still require assistance with this log?

Regards,
RatHat

[RatHat]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.