Results 1 to 4 of 4

Thread: ZASS VSMON.EXE Slow to Close WinXP - Vsmon.exe User Profile Hive Handles refuse to close and unload

  1. #1
    eecon Guest

    Default ZASS VSMON.EXE Slow to Close WinXP - Vsmon.exe User Profile Hive Handles refuse to close and unload

    Hi folks ...... I have tried all the different Forum published variations of uninstalling and then re-installing the latest ZASS (including the 27 step clean-out method of previous installations of ZASS).
    I have never had any other security software installed on this WinXP SP3 installation other that ZASS (starting with versions way back in the 6.5 series).
    Yet still, I am now forced to install the following MS supplied Hive unloader utility to force vsmon.exe to unload in a reasonable time (about 15 seconds).

    Without the Hive unloader utility, my WinXP Pro SP3 with ZASS installed takes about 15 minutes to
    shutdown (or often never shuts down). It's always vsmon.exe that's is causing the hang-up
    and this all started with a clean installation of version
    Without any ZASS installed, my WinXP shuts down almost immediately even without the Hive Unloader utility installed.

    There hopefully will be a simpler one-step cleanup and update system for ZASS in the future that works properly at least most of the time.
    In the meantime, is using the MS provided UPHClean the best workaround for someone who has already tried every ZA Guru trick mentioned on this Forum or every suggestion provided via emails to me by Tech support?
    Thank you.__________________________________________
    UPHClean v1.6d readme.txt
    Updated April 27, 2005
    Send all feedback/comments/problems to

    UPHClean is a service that once and for all gets rid of problems with user
    profile not unloading.
    You are having profile unload problems if you experience slow logoff (with
    Saving Settings for most of the time while logging off), roaming profiles
    that do not reconcile, or the registry size limit is reached.
    My Application Events Log report from every full S/D reports the following two events:
    Event ID: 1412Source:

    UPHCleanSetup for handle remapping for process vsmon.exe (1912) failed.Reverting to closing handle.
    Event ID: 1201Source:

    UPHCleanThe following handles in user profile "user-xyz" hive have been closed because they were preventing the profile
    from unloading successfully:vsmon.exe (0x848)vsmon.exe (0x850)vsmon.exe (0x8f8)vsmon.exe (0x9a4)____________________________________
    ZoneAlarm Security Suite version security engine version version engine version 6.02.678, DAT file version 981704751Anti-spyware engine version 5.0209.0, DAT file version 01.200904.5665AntiSpam version

    Operating System:
    Windows XP Pro
    Software Version:
    Product Name:
    ZoneAlarm Internet Security Suite

    Message Edited by eecon on 04-03-2009 03:23 PM

  2. #2
    Join Date
    Nov 2004

    Default Re: ZASS VSMON.EXE Slow to Close WinXP - Vsmon.exe

    Hi!first try to boot your system only with ZA and standard XP software, this way:1.) Click Start -> Run
    2.) Type MSConfig in the run box and click OK
    3.) Once in MSConfig, click the Startup Tab
    4.) Remove the checks from everything except ZLClient
    5.) Click the Services Tab
    6.) Place a check in "Hide All Microsoft Services"
    7.) Now remove checks from everything other than TrueVector Internet
    Monitor, and click OK.
    8.) Restart your computerHow does it work?
    NOTE: You can place your computer back into a normal startup process by
    going back into msconfig and choosing the Normal Startup option on the
    General tab.
    Second check registry for faulty shutdown values: Change the following registry data:HK_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control (click on Control)In the right side of Control look for - WaitToKillServiceTimeoutifValue data should be20000. Not 200 or any other value.After doing this,your shutdown should change backto normal.Remove UPHClean, forcing vsmon shutdown can corrupt ZA settings.Cheers, Fax

    Message Edited by fax on 04-04-2009 09:57 AM

    Click here for ZA Support
    Monday-Saturday 24x6 Pacific time
    Closed Sundays and Holidays

  3. #3
    eecon Guest

    Default Re: ZASS VSMON.EXE Slow to Close WinXP - Vsmon.exe

    Thank you fax for the suggestions ..... My Registry Kill Time value was already correctly set to 20000 so that was not the problem.

    I uninstalled UPHClean and removed all the non-MS Startup Tab and Services Tab items as suggested except for ZLCient.exe and TrueVector Internet Monitoring and now I get the Warning Message (copied below) in my WinXP Management Application Events Log after still waiting about 10 or 15 minutes to shutdown.
    I repeated this type of startup and shutdown several times and it still takes just as long as before, so it sure seems that vsmon.exe may be the culprit.
    Updated ---- Program Files access by other user accounts fixed .... unrelated issue to ZASS .... I needed to tweak WinXP permissions from a safe mode boot-up into the Adminstrator account .... MS never mentioned that permissions occasionally need to be
    set in some rare cases from a safe mode boot-up.

    <strike>I also noticed that when I log-on as another user account (a backup profile created with full Administrator Account privledges)
    or just as &quot;Administrator&quot; that Vsmon.exe service is running, but ZLCient.exe will not load because my Program Files folder is not accessible to those two other user accounts.

    I installed ZASS from my main user account (which also is a full Administrator Account), but now I'm wondering if I should uninstall ZASS and reinstall it from the generic &quot;Administrator&quot; user account?</strike><strike></strike>
    <strike>I'm pretty much at a loss at this point .... I've tried everything published by Microsoft
    to gain access to or obtain ownership of the Program Files folder from the other two user accounts (backup and Administrator) with no success.</strike>
    However, the slow S/D due to vsmon.exe persists, so I still wonder if the rewards of using UPHClean may possibly outweigh
    its risks in my specific case because I can't wait 15 minutes everytime I need to S/D or go to Standby (just to let vsmon.exe be released)?
    __________________________________________________ _____Product: Windows Operating SystemID: 1517Source: UserenvVersion: 5.2Symbolic Name: EVENT_HIVE_SAVEDMessage: Windows saved user %1 registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
    Windows unloads each user's profile and user's section of the registry when the user logs off. This message indicates that Windows could not unload the user's profile because a program was referencing the user's section of the registry. This locked the profile. The registry cannot unload profiles that are locked and in use. When the program that is locking the profile is no longer referencing the registry, the profile will be unloaded.

    Message Edited by eecon on 04-04-2009 03:58 PM

    Message Edited by eecon on 04-04-2009 09:11 PM

  4. #4
    Join Date
    Nov 2004

    Default Re: ZASS VSMON.EXE Slow to Close WinXP - Vsmon.exe

    Hi!there is clearly some local settings that prevents vsmon to work correctly and this must be related to access permission.No idea on how to fix them,sorry. You could try to contact ZA technical support at: But I doubt they will be able to fix it.Have you check your system logs for errors and not working services?Go to start --&gt; Run --&gt; type eventvwr --&gt; double click on "system" and review the log.Another action that usually fix the vsmon issue is the total manual removal and reinstall.Remove ZA from add/remove programs then:01.) Restart your computer
    02.) When you see the screen go black and it starts booting back up keep
    tapping the "F8" key (at the top of your keyboard)
    03.) This should bring up a menu. Choose Safe Mode off the menu by
    using the arrow keys on the keyboard to highlight Safe Mode and press
    04.) If you get a message asking to go to Safe Mode, choose Yes. If you
    get a help and support window, close this.
    05.) Once you are at the desktop, Click Start, My Computer
    06.) Click Tools, Folder Options, View Tab
    07.) Place a dot next to "Show Hidden Files and Folders"
    08.) Remove the check from "Hide Protected Operating System Files
    09.) Choose Yes to the warning
    10.) Click OK
    11.) Double click C:

    Note: In the future steps if you do not see any files or folders, please click
    the "Show Files" link to view them.

    12.) Double Click the Program Files Folder
    13.) Right Click the Zone Labs Folder, click Delete, and choose Yes

    NOTE: If you cannot delete the entire folder, please open the Zone Labs -
    &gt; ZoneAlarm folder and delete out as many of the files listed here as

    14.) Close this window
    15.) Click Start, My Computer
    16.) Double Click the C:
    17.) Double Click the Windows Folder (It may also be WinNT)
    18.) Right Click the Internet Logs Folder, click Delete, and choose Yes
    19.) Double Click the System32 Folder
    20.) Right Click the Zone Labs Folder, click Delete, and choose Yes

    NOTE: If you cannot delete the entire folder, please open the Zone Labs
    folder and delete out as many of the files listed here as possible.

    21.) Locate and delete the following files in the System32 folder if they are

    - vsconfig.xml
    - vsxml.dll
    - vsregexp.dll
    - vsdata.dll
    - vsdata95.vxd
    - vsdatant.sys
    - vsmonapi.dll
    - vspubapi.dll
    - vsinit.dll
    - vsutil.dll
    - vswmi.dll
    - zlcommdb.dll
    - zlcomm.dll
    - z llictbl.dat
    - zpeng24.dll

    22.) Clear your Temp Directory per the instructions below.

    - Go to Start -&gt; Run
    - Type %temp% and click OK
    - Select all of these files and delete them

    23.) Clear the Prefetch folder per the instructions below.

    - Go to Start -&gt; Run
    - Type Prefetch and click OK
    - Select all of these files and delete them

    24.) Remove the following registry entries by going to Start -&gt; Run and
    typing in regedit. Use the folders on the left side of the window to navigate
    to the specified directories.

    HKEY_LOCAL_MACHINE\Software\Zone Labs
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\vsmon
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\vsdatant

    *Important Advisory: Deleting registry entries incorrectly may cause
    serious problems to your operating system, which may necessitate the
    need to reinstall it. Please make sure you are able to perform these
    deletions correctly before you decide to edit the entries. If you are not
    sure, you should seek help from someone who is familiar with editing the

    For information about how to edit the registry in Windows, from your
    desktop, click Start &gt;&gt; Run &gt;&gt; and type regedit. Click on Help &gt;&gt; Help
    Topics. Under the Contents tab, click Change Keys and Values (this may
    be found under the How to... section).

    Also, you should always make a backup of the registry before editing it.
    You can find this in the same section of the Help files.

    25.) Close this window, then empty your recycle bin.
    26.) Restart the computer.
    27.) Check the system for malware. Check with MBAM and SuperAntispyware. See links here: ZA does not play nice with many other security tools. They may block its correct functioning including updates. For example, spyware doctor, spysweeper, trojan hunter, win patrol, PCtools Threat Fire, Mcafee, Norton, Symantec, Adaware, SpybotS&amp;D, WinPatrol, AVG, NOD, Kaspersky and manyothers. If you want to troubleshoot issues with ZA please remove these tools (not enough to disable) and install back (if you really need) only after you see your ZASS is working as it should.29. Clean your system and registry with ccleaner.com Re-download the ZA 31. Install with default settings do NOT alter them. After re-boot go to ZA antivirus/antispyware and 'Update Now' and do not restore any previous ZA settings.Cheers,Fax

    Message Edited by fax on 04-05-2009 01:13 PM

    Click here for ZA Support
    Monday-Saturday 24x6 Pacific time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts