Application Exception occurred:
APP:.\Release\Mcshield.exe
Exception number: C0000005(access violation) at Address 0x12029f77
AND then a
Application Exception Occurred:
APP:.\vstskmgr.exe
Exception Number: c0000005(access violation) at Address 0x12029f77
Logfile of HijackThis v1.99.0
Scan saved at 10:09:01 AM, on 1/21/05
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\llssrv.exe
C:\Program Files\Tripp Lite\PowerAlert\Server\portmgr.exe
C:\Program Files\Tripp Lite\PowerAlert\Server\paserver.exe
C:\Program Files\Tripp Lite\PowerAlert\Server\PAWebSvr.exe
c:\winnt\system32\pstores.exe
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\DACONFIG.EXE
C:\WINNT\System32\loadwc.exe
C:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE
C:\WINNT\System32\HPJETDSC.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Tripp Lite\PowerAlert\Client\status.exe
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\Profiles\Administrator\Desktop\spybotsearchanddestroy\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 216.127.151.157 KITE # Ethernet I/O 1 = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DACONFIGEXE] DACONFIG.EXE R
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [FcpEXE] "C:\Program Files\Network Associates\NetShield NT\fcp.exe"
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - Startup: Logview.lnk = C:\Program Files\Tripp Lite\PowerAlert\Server\logview.exe
O4 - Startup: PowerAlert Status.lnk = C:\Program Files\Tripp Lite\PowerAlert\Client\status.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PATTCO
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PATTCO
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 216.127.136.200 216.127.136.209
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 216.127.136.200 216.127.136.209
O23 - Service: Network Associates Alert Manager - Network Associates, Inc. - C:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: Crystal Info Agent - Seagate Software Information Management Group, Inc. - D:\Crystal\winnt\ciagnt32.exe
O23 - Service: Crystal Info APS - Seagate Software Information Management Group, Inc. - D:\Crystal\winnt\aps32.exe
O23 - Service: Crystal Info Sentinel - Seagate Software Information Management Group, Inc. - D:\Crystal\winnt\sentnl32.exe
O23 - Service: DameWare Mini Remote Control - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\NetShield NT\MCSHIELD.EXE
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\PROGRA~1\NETWOR~1\NETSHI~1\VSTSKMGR.EXE
O23 - Service: PowerAlert Enterprise Server - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\mgrsvr.exe
O23 - Service: PowerAlert NAL Server - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\netalert.exe
O23 - Service: PowerAlert Port Manager - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\portmgr.exe
O23 - Service: PowerAlert Remote Shutdown - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\remotesd.exe
O23 - Service: PowerAlert Server - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\paserver.exe
O23 - Service: PowerAlert Web Server - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\PAWebSvr.exe
O23 - Service: Provide Local CMD Redirect - Unknown - C:\WINNT\system32\RemoteNC.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
In my mind I have overlooked a step and I have either deleted or improperly executed a step after having scanned the system with newly installed Spybot or Adaware SE. both Mcshield.exe (187kb) and vstskmgr.exe (136kb)are still resident where they should be.
Killer help is required as our virus shield is down on our server.
Thanks in advance.
printerguru