The MagicBox Forums  

Go Back   The MagicBox Forums > General Topics > PC / Games / Internets Discussion

Reply
 
Thread Tools Display Modes
Old 04-15-2006, 06:08 AM   #1
Nephlabobo
Banned
 
Nephlabobo's Avatar
 
Join Date: Nov 2004
Location: Carbombia
Posts: 2,688
*Serious* Zone Alarm issues - HELP PLEASE.

Yesterday I downloaded a copy of Microsoft Office because I need Word for my new job.

I also had to install PowerISO because Office came as a .daa file. I was trying to find a crack for the copy and apparantly got some spyware (according to Zone Alarm) installed - some kind of toolbar simply called Tool. Probably a virus.

I isolated the "tool" and deleted it.

Ever since then, Zone Alarm hasn't functioned properly. Actually, not at all.

It won't run. I can't uninstall and I can't reinstall it. Every time I try (via the ZA uninstall OR the add/remove program uninstall) I get C:/windows/system32/ZoneLabs//vsmon.exe could not be opened.

When I go into Zone Alarm on C drive, it won't delete vsmon because it says it's being used by another program.

At various times Zone Alarm will block my internet connection, saying I need to restart my computer and use Zone Alarm to clear out files. The problem is that Zone Alarm won't start.

I also now can't defrag my hard drives (I have 2). It says I need to run chkdsk before I can. Every time I restart my computer, chkdsk runs. I try and defrag - but it says I need to use chkdsk *again*.

I've tried a system restore - twice - but neither has worked.

Oh - MS Word also won't install now due to an error in C drive - I suspect due to the vsmon.exe thing.

My computer is pretty screwed and I could really use some sound advice on how to fix it.

Any help appreciated.
Nephlabobo is offline   Reply With Quote
Connect With Facebook to "Like" This Thread

Old 04-15-2006, 06:19 AM   #2
Alucard
Registered User
 
Alucard's Avatar
 
Join Date: Apr 2002
Location: Australia
Posts: 32,622
Sounds like you did something magical. Go download a copy of hijackthis and unpackit into a folder in C: drive with the same title then run it and save a log. Link it to the thread or pm me the file and I'll have a looksie.
Alucard is offline   Reply With Quote
Old 04-15-2006, 07:23 AM   #3
Nephlabobo
Banned
 
Nephlabobo's Avatar
 
Join Date: Nov 2004
Location: Carbombia
Posts: 2,688
Goddamn it - trying to PM it to you is a pain in the ass

Here it is

Here's a copy of the logfile - thanks for taking a look.

Logfile of HijackThis v1.99.1
Scan saved at 8:14:26 PM, on 15/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Alcohol 120% 1.9.5.3105 Retail\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NTTW\Flets\app\TangoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spy SweeperWebrootWebroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NTTW\Flets\app\TangoManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Woogy\LOCALS~1\Temp\Rar$EX00.203\Hijac kThis.exe

O2 - BHO: (no name) - {521C0323-9E1F-9BDD-DECD-49A806AFD7A4} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avserve.exe] C:\WINDOWS\avserve.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Woogy\LOCALS~1\Temp\2006131223733_mcin fo.exe /insfin
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] D:\Program Files\Spy SweeperWebrootWebroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://files.kornet.net/sw5/order/ca...eedNewCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...57/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23CB8FCB-3144-45EE-9DAB-26CBA3125F40}: NameServer = 220.220.248.9 220.220.248.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{23CB8FCB-3144-45EE-9DAB-26CBA3125F40}: NameServer = 220.220.248.9 220.220.248.1
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - (no file)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol 120% 1.9.5.3105 Retail\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTW\Flets\app\TangoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Nephlabobo is offline   Reply With Quote
Old 04-15-2006, 08:00 AM   #4
Alucard
Registered User
 
Alucard's Avatar
 
Join Date: Apr 2002
Location: Australia
Posts: 32,622
Actually I see a couple things there that need to be removed. Also I'm a little curious at how you have double processes of the same program running... like msn for example. We'll screw with that later. For now go download this and install it. It should fix your problem I think. Either way if it does or doesnt, after you finish scanning, reset your system for me and run hijackthis again and paste me up a new log

Unfortunately its a program that isnt free. Spyware Doctor. But considering how you got your original problem, I doubt you'll have much problems with places like torrentspy etc lolol coughcgouch.
Alucard is offline   Reply With Quote
Old 04-15-2006, 08:02 AM   #5
Dr. Bombay
ificouldjustbemorehuman
 
Dr. Bombay's Avatar
 
Join Date: Aug 2003
Location: The Nexus Between Jersey and NYC
Posts: 9,197
WTF is Tango Service?

And why isn't your spysweeper keeping your harddrive clean?
__________________
~There's a Door Here, But It Will Not Break~
~There's a Stone There, But It Won't Remain~
~Up There's a Heaven Now, But It Will Not Wait~
~And The Lies There, The Scent Of It, Just Too Much~

~So Should You~
~Sow It Once and Make It Grow, The Sweet Clematis~
~Let It Flower, and Paint it All Of The Colors Old~
Instantly Things Fall and Fade, Return to Silence~
~Why Oh Why, Why Does It All Feel So Sorrowful?~
~Dreams Of What Is Real~
Dr. Bombay is offline   Reply With Quote
Old 04-15-2006, 08:22 AM   #6
Alucard
Registered User
 
Alucard's Avatar
 
Join Date: Apr 2002
Location: Australia
Posts: 32,622
Some places say its malware, others say its Alltel DSL Service related. Either way its a nothing file.
Alucard is offline   Reply With Quote
Old 04-15-2006, 08:36 AM   #7
Nephlabobo
Banned
 
Nephlabobo's Avatar
 
Join Date: Nov 2004
Location: Carbombia
Posts: 2,688
What do I need to get rid of?
Nephlabobo is offline   Reply With Quote
Old 04-15-2006, 08:38 AM   #8
Alucard
Registered User
 
Alucard's Avatar
 
Join Date: Apr 2002
Location: Australia
Posts: 32,622
Dont worry about that one for now. Did you do the full system scan with the program yet?
Alucard is offline   Reply With Quote
Old 04-15-2006, 08:41 AM   #9
Nephlabobo
Banned
 
Nephlabobo's Avatar
 
Join Date: Nov 2004
Location: Carbombia
Posts: 2,688
Logfile of HijackThis v1.99.1
Scan saved at 9:40:32 PM, on 15/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Alcohol 120% 1.9.5.3105 Retail\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NTTW\Flets\app\TangoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spy SweeperWebrootWebroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NTTW\Flets\app\TangoManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis.exe

O2 - BHO: (no name) - {521C0323-9E1F-9BDD-DECD-49A806AFD7A4} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avserve.exe] C:\WINDOWS\avserve.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Woogy\LOCALS~1\Temp\2006131223733_mcin fo.exe /insfin
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] D:\Program Files\Spy SweeperWebrootWebroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://files.kornet.net/sw5/order/ca...eedNewCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...57/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23CB8FCB-3144-45EE-9DAB-26CBA3125F40}: NameServer = 220.220.248.9 220.220.248.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{23CB8FCB-3144-45EE-9DAB-26CBA3125F40}: NameServer = 220.220.248.9 220.220.248.1
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - (no file)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol 120% 1.9.5.3105 Retail\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTW\Flets\app\TangoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Nephlabobo is offline   Reply With Quote
Old 04-15-2006, 08:49 AM   #10
Alucard
Registered User
 
Alucard's Avatar
 
Join Date: Apr 2002
Location: Australia
Posts: 32,622
Ok check these-

O4 - HKLM\..\Run: [avserve.exe] C:\WINDOWS\avserve.exe

O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTW\Flets\app\TangoService.exe


See what your system does after that. Also uninstall norton. You dont need that on your sytsem.
Alucard is offline   Reply With Quote
Old 04-15-2006, 08:53 AM   #11
Nephlabobo
Banned
 
Nephlabobo's Avatar
 
Join Date: Nov 2004
Location: Carbombia
Posts: 2,688
Still can't uninstall ZA or defrag the HD

Everytime I try to get rid of the Tango file, it says it's still there.
Nephlabobo is offline   Reply With Quote
Old 04-15-2006, 08:59 AM   #12
Alucard
Registered User
 
Alucard's Avatar
 
Join Date: Apr 2002
Location: Australia
Posts: 32,622
hmm.. Theres a few things there I'm not too sure about and dont want to tell you to remove them just incase they're stuff your pc needs. Generally when I cant figure something out I go to this site-

http://castlecops.com/f67-Hijackthis...ans_Oh_My.html

Head over there and make a profile and stick your hijackthis log in a post asking for help and your problem. They'll give you heaps of help since they're awesome at this stuff. I only know some things.
Alucard is offline   Reply With Quote
Old 04-15-2006, 09:02 AM   #13
Nephlabobo
Banned
 
Nephlabobo's Avatar
 
Join Date: Nov 2004
Location: Carbombia
Posts: 2,688
Alright - thanks for your help dude.
Nephlabobo is offline   Reply With Quote
Old 04-15-2006, 09:04 AM   #14
Alucard
Registered User
 
Alucard's Avatar
 
Join Date: Apr 2002
Location: Australia
Posts: 32,622
Update us if you get it fixed!
Alucard is offline   Reply With Quote
Old 05-02-2006, 12:11 PM   #15
Nephlabobo
Banned
 
Nephlabobo's Avatar
 
Join Date: Nov 2004
Location: Carbombia
Posts: 2,688
Got it fixed about 3 days ago.

What a pain in the ass.
Nephlabobo is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 08:53 AM.


Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.