1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Zone Alarm Security Suite problems

Discussion in 'Virus & Other Malware Removal' started by jbandtbone, Jul 12, 2008.

Thread Status:
Not open for further replies.
  1. jbandtbone

    jbandtbone Thread Starter

    Joined:
    Jan 5, 2008
    Messages:
    15
    Last wed. I got this message on my ZA anti-virus, " anti-virus scanning is de-activated. This can occur if the system clock is set forward or the anti-virus updates are diabled." then a link is supplied ," click here to update now and re-activate scanning" When I did that my PC froze up for 20-30 min. and I get an error message that says " an error has occured" I've been in contact w/ ZA but, their help hasn't worked. They asked me to do the following:

    "Hello John,

    Thank you for contacting ZoneAlarm Technical Service.

    From what I understand, you are having issues with the ZoneAlarm software still. Please manually remove the current
    install of the ZoneAlarm software with the steps provided here.

    Also please double check your time and date on the clock.

    Please download the most current version before you start this process. Ensure that you choose the proper product from
    the chart here.

    http://www.zonealarm.com/trial

    This applies to

    All ZoneAlarm products
    Windows 2000/XP

    Summary

    I need to completely remove ZoneAlarm, or there are remnants of
    ZoneAlarm on my system

    Solution

    If possible, first try to uninstall ZoneAlarm normally from your Start ->
    Programs -> Zone Labs menu. If this fails, or you want to ensure that all
    ZoneAlarm files were removed from the system properly, continue with the
    steps below.

    01.) Restart your computer
    02.) When you see the screen go black and it starts booting back up keep
    tapping the "F8" key (at the top of your keyboard)
    03.) This should bring up a menu. Choose Safe Mode off the menu by
    using the arrow keys on the keyboard to highlight Safe Mode and press
    Enter
    04.) If you get a message asking to go to Safe Mode, choose Yes. If you
    get a help and support window, close this.
    05.) Once you are at the desktop, Click Start, My Computer
    06.) Click Tools, Folder Options, View Tab
    07.) Place a dot next to "Show Hidden Files and Folders"
    08.) Remove the check from "Hide Protected Operating System Files
    (Recommended)"
    09.) Choose Yes to the warning
    10.) Click OK
    11.) Double click C:

    Note: In the future steps if you do not see any files or folders, please click
    the "Show Files" link to view them.

    12.) Double Click the Program Files Folder
    13.) Right Click the Zone Labs Folder (if present), click Delete, and choose
    Yes

    NOTE: If you cannot delete the entire folder, please open the Zone Labs -
    > ZoneAlarm folder and delete out as many of the files listed here as
    possible.

    14.) Close this window
    15.) Click Start, My Computer
    16.) Double Click the C:
    17.) Double Click the Windows Folder (It may also be WinNT)
    18.) Right Click the Internet Logs Folder, click Delete, and choose Yes
    19.) Double Click the System32 Folder
    20.) Right Click the Zone Labs Folder (if present), click Delete, and choose
    Yes

    NOTE: If you cannot delete the entire folder, please open the Zone Labs
    folder and delete out as many of the files listed here as possible.

    21.) Locate and delete the following files in the System32 folder if they are
    present:

    - vsconfig.xml
    - vsxml.dll
    - vsregexp.dll
    - vsdata.dll
    - vsdata95.vxd
    - vsdatant.sys
    - vsmonapi.dll
    - vspubapi.dll
    - vsinit.dll
    - vsutil.dll
    - vswmi.dll
    - zlcommdb.dll
    - zlcomm.dll
    - zllictbl.dat
    - zpeng24.dll

    22.) Clear your Temp Directory per the instructions below.

    - Go to Start -> Run
    - Type %temp% and click OK
    - Select all of these files and delete them

    23.) Clear the Prefetch folder per the instructions below (Windows XP only).

    - Go to Start -> Run
    - Type Prefetch and click OK
    - Select all of these files and delete them

    24.) Remove the following registry entries by going to Start -> Run and
    typing in regedit. Use the folders on the left side of the window to navigate
    to the specified directories.

    HKEY_LOCAL_MACHINE/Software/Zone Labs
    HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/vsmon
    HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/vsdatant

    *Important Advisory: Deleting registry entries incorrectly may cause
    serious problems to your operating system, which may necessitate the
    need to reinstall it. Please make sure you are able to perform these
    deletions correctly before you decide to edit the entries. If you are not
    sure, you should seek help from someone who is familiar with editing the
    registry.

    For information about how to edit the registry in Windows, from your
    desktop, click Start >> Run >> and type regedit. Click on Help >> Help
    Topics. Under the Contents tab, click Change Keys and Values (this may
    be found under the How to... section).

    Also, you should always make a backup of the registry before editing it.
    You can find this in the same section of the Help files.

    25.) Close this window, then empty your recycle bin.
    26.) Restart the computer.
    27.) Try to install the latest version again.

    If my answer did not resolve your issue, or you would like further assistance on this issue, please reply to this email. By
    replying, and leaving the subject line intact, your response will come directly to me. If you have a separate issue you
    would like assistance with, please submit a new request using the website at http://www.zonealarm.com/tsform .

    Thank you for choosing Zone Alarm,
    Jesse
    Technical Service
    ZoneAlarm, A Division of Check Point Software"

    ----------------------------------------------------------------------------------------------------------------------------------

    Which didn't work. I just wondering if something else is going on with my pc. Here is my lastest HJT log. Any help would be greatly apprciated. Thanks JB

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:00:52 AM, on 7/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,[email protected]
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.1stpeoplesbank.com
    O15 - Trusted Zone: http://www.excite.com
    O15 - Trusted Zone: http://www.grc.com
    O15 - Trusted Zone: http://login.live.com
    O15 - Trusted Zone: http://www.msn.com
    O15 - Trusted Zone: http://www.sirius.com
    O15 - Trusted Zone: http://www.techguy.org
    O15 - Trusted Zone: http://www.virusvault.co.uk
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://fdotnfuse.dot.state.fl.us/Citrix/ICAWEB/en/ica32/wficat.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://pbells.broadjump.com/wizlet/iw60/static/controls/WebflowActiveXInstaller_4-0-0.cab
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120083437937
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121730826828
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} (eCTUploader Control) - http://www.mytpi.com/mytpi05/eval/ectuploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7550-b415h-quickenmedical/rnl/java/RntX.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.paslc.org/acgm/f2_acgm.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    --
    End of file - 9266 bytes
     
  2. jbandtbone

    jbandtbone Thread Starter

    Joined:
    Jan 5, 2008
    Messages:
    15
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/729815

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice