[Signal32]

Samething as before, I took to long typing and had to reboot to post this.

Here is the latest: My system was clean when I ran the vx2 plugin, and below is the newest log. I read up on the vsmon info, and I don't know if I should be concerend or not, but I do not have zone alarm installed on the computer, but I still have vsmon.exe in C:\windows\system32\zonelabs. Also I don't know if this means anything or not, but when I right click on vsmon.exe\properties\program\advanced... this is what it shows in windows pif settings:
autoexec filename: %SystemRoot%\SYSTEM32\AUTOEXEC.NT
config filename: %SystemRoot%\SYSTEM32\CONFIG.NT

Nonetheless, thank you for all the help, and hopefully this info may shed some light on what is wrong. Just let me know what I need to do next.


Logfile of HijackThis v1.99.1
Scan saved at 1:14:25 PM, on 3/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Energizer FileSaver\Energizer Filesaver.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - L:\Apps\Spybot\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Startup: AMF Daily Planner and PIM.lnk = L:\Program Files\PIM\amf.exe
O4 - Startup: Energizer FileSaver.lnk = C:\Program Files\Energizer FileSaver\Energizer Filesaver.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102796688875
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Advertisements]

Is dogpile your home page by choice?

[coachwife6]

Is dogpile your home page by choice?

[coachwife6]

http://www.auditmypc...cess/winrar.asp

Read this. Do you use winrar as an archival tool?

[Signal32]

Yes dogpile is by choice, I have used it for years, and also yes I do use winrar as my archiving program. Hope this helps.

[coachwife6]

I had the same problem with zone alarm and I had to manually go in and delete the registry. It took a long time and it was very troublesome.

Try this first: open task manager - control -- alt -- delete and stop the vsmon.exe process.

Then exit task manager and try to delete the 023 key. See if that works.

Then I want you to run a program called ccleaner.

http://majorgeeks.co...ad.php?det=4191

[Signal32]

Vsmon.exe never showed up in the task manager, but I was able to go into safe mode and delete the file. I was never able to delete the file through highjack this, it would just reappear. Anyway, the folder zonlabs that used to have the vsmon.exe in it no longer shows up in windows explorer, but highjack this still shows the folder and says "file missing" at the end. I ran the program you said and it found like 38mb that I deleted, but Im still having the connection loss. Again thank you for helping me with this, because I am at a loss for remedies.

[Signal32]

Here is the latest. I ran AVG antivirus and it found 12 trojan horses, 9 executables, 2 dll, and one tmp. One of them was in my windows\zonelockup folder listed as a “backdoor” by “hackarmy”. Either way, I deleted all of the files, ran AVG again and it found 2 more, which I also deleted. Problem is, that it didn’t fix anything, still losing connection. Now this may be of some interest; I decided to reinstall my ZoneAlarm, and everything installed fine, I went through the setup screens with no problem, but the program doesn’t open. It shows up in my task manager, but it doesn’t show in my sys tray, and it won’t open through the start menu. Hopefully this may make sense to someone.