Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VSTSKMGR.EXE application exception occurrec[RESOLVED]


  • This topic is locked This topic is locked

#1
printerguru

printerguru

    New Member

  • Member
  • Pip
  • 6 posts
After updates on NT Server running Netshield from Network Associates and addition of Adaware SE and Spybot encountered the following:

Application Exception occurred:
APP:.\Release\Mcshield.exe
Exception number: C0000005(access violation) at Address 0x12029f77

AND then a

Application Exception Occurred:
APP:.\vstskmgr.exe
Exception Number: c0000005(access violation) at Address 0x12029f77

Logfile of HijackThis v1.99.0
Scan saved at 10:09:01 AM, on 1/21/05
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\llssrv.exe
C:\Program Files\Tripp Lite\PowerAlert\Server\portmgr.exe
C:\Program Files\Tripp Lite\PowerAlert\Server\paserver.exe
C:\Program Files\Tripp Lite\PowerAlert\Server\PAWebSvr.exe
c:\winnt\system32\pstores.exe
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\DACONFIG.EXE
C:\WINNT\System32\loadwc.exe
C:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE
C:\WINNT\System32\HPJETDSC.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Tripp Lite\PowerAlert\Client\status.exe
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\Profiles\Administrator\Desktop\spybotsearchanddestroy\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 216.127.151.157 KITE # Ethernet I/O 1 = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DACONFIGEXE] DACONFIG.EXE R
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [FcpEXE] "C:\Program Files\Network Associates\NetShield NT\fcp.exe"
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - Startup: Logview.lnk = C:\Program Files\Tripp Lite\PowerAlert\Server\logview.exe
O4 - Startup: PowerAlert Status.lnk = C:\Program Files\Tripp Lite\PowerAlert\Client\status.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PATTCO
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PATTCO
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 216.127.136.200 216.127.136.209
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 216.127.136.200 216.127.136.209
O23 - Service: Network Associates Alert Manager - Network Associates, Inc. - C:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: Crystal Info Agent - Seagate Software Information Management Group, Inc. - D:\Crystal\winnt\ciagnt32.exe
O23 - Service: Crystal Info APS - Seagate Software Information Management Group, Inc. - D:\Crystal\winnt\aps32.exe
O23 - Service: Crystal Info Sentinel - Seagate Software Information Management Group, Inc. - D:\Crystal\winnt\sentnl32.exe
O23 - Service: DameWare Mini Remote Control - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\NetShield NT\MCSHIELD.EXE
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\PROGRA~1\NETWOR~1\NETSHI~1\VSTSKMGR.EXE
O23 - Service: PowerAlert Enterprise Server - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\mgrsvr.exe
O23 - Service: PowerAlert NAL Server - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\netalert.exe
O23 - Service: PowerAlert Port Manager - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\portmgr.exe
O23 - Service: PowerAlert Remote Shutdown - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\remotesd.exe
O23 - Service: PowerAlert Server - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\paserver.exe
O23 - Service: PowerAlert Web Server - Unknown - C:\Program Files\Tripp Lite\PowerAlert\Server\PAWebSvr.exe
O23 - Service: Provide Local CMD Redirect - Unknown - C:\WINNT\system32\RemoteNC.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

In my mind I have overlooked a step and I have either deleted or improperly executed a step after having scanned the system with newly installed Spybot or Adaware SE. both Mcshield.exe (187kb) and vstskmgr.exe (136kb)are still resident where they should be.

Killer help is required as our virus shield is down on our server.

Thanks in advance.

printerguru
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
I'm not noticing anything malicious in your log. Have your tried uninstalling, rebooting, and reinstalling Netshield?
  • 0

#3
printerguru

printerguru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your insight!!!
Unfortunately, that is a catch 22. Our network administrator is no longer with us and the Netshield disk is apparently in a really safe place as no one has been able to locate it. As it is licensed, I am sure I can contact the factory for a new set. Ifind it curious that it happened after a Spybot and Adaware scan. Clearly one of them found something and I mistakenly deleted the quarantine file. Any other thoughts?
Printerguru
  • 0

#4
printerguru

printerguru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Just another thought. Would a DRWATSON Tracelog help?
Printerguru
  • 0

#5
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Spybot and Adaware aren't designed to be run in an enterprise environment (they're for personal use). I wouldn't be terribly surprised if they removed something that maybe they shouldn't have.

Maybe someone else will have a recommendation for recovering without the install CD.
  • 0

#6
printerguru

printerguru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Clearly I have made a mistake and the beating will continue until I have corrected it. I appreciate your assistance and candor. Any light that may be shared is greatly appreciated.
  • 0

#7
printerguru

printerguru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have loaded the latest SDAT file from Mcafee and it has resolved the problem. While I find this curious, the system was returned to service. One can draw your own conclusions.
  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Thanks for the update. :tazz: Somtimes it's the simplest things...
  • 0

#9
printerguru

printerguru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Indeed.....thanks again!
  • 0

#10
Guest_thatman_*

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP