Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connection Stalls After About 1 Minute


  • Please log in to reply
1 reply to this topic

#1 rst21

rst21

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 07 February 2006 - 12:54 AM

My internet connection has started stalling after about 1 minute (i.e., it stops working after about a minute). Also, when I boot up the computer now, I get the following 2 error messages regarding my ZoneAlarm.


C:\Program Files\ZoneLabs\ZoneAlarm\zlclient.exe

C:\WINNT/SYSTEM32\VSINIT.DLL You probably are missing
a necessary root certificate.

My guess is that the two issues are related. I've looked into what these error messages mean - it appears that either my firewall will not allow updates to the ZoneAlarm certificate, or that I have a virus. I suspect the latter because I've tried a couple things to attempt to fix the problem if it was related to my firewall blocking the certificate, but it didn't fix it. I've included my HijackThis Log below. Thanks a ton to anyone who can help me.


Logfile of HijackThis v1.99.1
Scan saved at 6:53:32 PM, on 2/4/2026
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4mon.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\AEIWLSTA.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common
Files\Real\Update_OB\realevent.exe
C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnf.exe
C:\Program Files\Sony Corporation\Image
Transfer\SonyTray.exe
C:\Program Files\Microsoft
Office\Office\1033\OLFSNT40.EXE
C:\Palm\HOTSYNC.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchURL =
http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = pulproxy.princeton.edu :8080
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE
O4 - HKLM\..\Run: [vptray]
C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector]
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [PestPatrol Control Center]
C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck]
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol]
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program
Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program
Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: HotSync Manager.lnk =
C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk =
C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program
Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition
Port.lnk = C:\Program Files\Microsoft
Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page
- res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
Domain = princeton.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:
Domain = princeton.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters:
Domain = princeton.edu
O20 - Winlogon Notify: NavLogon -
C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: nwprovau -
C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: DefWatch - Symantec Corporation -
C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative
Service (dmadmin) - VERITAS Software Corp. -
C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown
owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Iomega App Services - Iomega
Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Symantec AntiVirus Client (Norton
AntiVirus Server) - Symantec Corporation -
C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: TSM Scheduler - IBM Corporation -
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) -
Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:11 AM

Posted 12 February 2006 - 09:06 AM

Hello rst21 and welcome to the BC HijackThis forum. There are no signs of viruses or malware showing in the HijackThis log at this time. The log is clean.

There are a couple of IE search hijacker entries so let's remove those while you are here.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

In regards to the missing root certificates, Zone Labs has information and instructions at their site for fixing that issue. Check out this link:

http://www.nohold.net/noHoldCust25/Prod_1/...ion_failed.html

Other than that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users