what is vassg141.ocsp.omniroot

Friend's computer started slowing down and having DNS timeouts, etc.  Saw this vassg141.ocsp.omniroot and no idea what this is.

Ran full scan using McAfee Total Protection with updated definition files, found nothing.  Also true for Windows Defender.

Thanks for your help.

Asta
LVL 27
Asta CuTechnical consultant & graphic designAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I do not know other than I do not have such a thing.

In addition to your own scan, download Malwarebytes and scan with that. Then get TDSKiller and scan for root kit viruses.
Zephyr ICTCloud ArchitectCommented:
I think it's something from Verizon's certificate services for Akamai... OCSP stands for "Online Certificate Status Protocol"
Info can be found here
dbruntonQuid, Me Anxius Sum?  Illegitimi non carborundum.Commented:
I think you mean vassg141.ocsp.omniroot.com which appears to be a Verizon Akamai site.

However this doesn't seem to explain your problem.  You need to supply more information.  It is possible that your DNS provider is temporarily having problems.
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

Asta CuTechnical consultant & graphic designAuthor Commented:
Thank you for the information.  The Event Log has tons of entries warnings and some errors with DNS timeouts for this system.  Having scanned with tools noted above, also just purchased MalwareBytes to isolate problems.  Will return with more information when this has completed.  The system is a W7 Ultimate 32 bit, with windowsupdate, etc. all current.  The first few items found by the malwarebytes run point to PUPs being deleted.

The connection is for AT&T, if that helps.
JohnBusiness Consultant (Owner)Commented:
Keep going with your virus scan as MBAM is finding problems. Please keep us updated.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Asta CuTechnical consultant & graphic designAuthor Commented:
2 PUPs found and quarantined - one was Babylon another freeze or the like.  Saved to log.  These are the recent event log items just now.  The first a warning, and many others of links that time out.

Name resolution for the name zchan2-a.akamaihd.net timed out after none of the configured DNS servers responded.

Also these

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-484763869-1500820517-839522115-1004:
Process 648 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-484763869-1500820517-839522115-1004
The following fatal alert was generated: 40. The internal error state is 252. ****never saw this one before****
The following fatal alert was generated: 40. The internal error state is 252.
Name resolution for the name search.yahoo.com timed out after none of the configured DNS servers responded.
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 2 user registry handles leaked from \Registry\User\S-1-5-21-484763869-1500820517-839522115-1004:
Process 688 (\Device\HarddiskVolume1\Windows\System32\services.exe) has opened key \REGISTRY\USER\S-1-5-21-484763869-1500820517-839522115-1004
Process 636 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-484763869-1500820517-839522115-1004
The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register with DCOM within the required timeout.
Name resolution for the name zchan2-a.akamaihd.net timed out after none of the configured DNS servers responded.
JohnBusiness Consultant (Owner)Commented:
Try to let MBAM to delete what it can, close out, restart and test.
Asta CuTechnical consultant & graphic designAuthor Commented:
That was done before my last posting, and multiple reboots.  Those event log entries are subsequent entries.
dbruntonQuid, Me Anxius Sum?  Illegitimi non carborundum.Commented:
Also look at http://www.malwareremovalguides.info/pup-optional-babylon-a-removal-guide/ for more advice and tools to use.

I suspect you've got a proxy redirection going on in your system.  Somewhere in your Network Settings you need to check and see if Proxy Service has been enabled.  If so remove it.
Asta CuTechnical consultant & graphic designAuthor Commented:
Lan conection tab set to automatically connect, Proxy is unchecked, there is a checkmark for bypass proxy server for local addresses.

Is this ok?  I'll return to this system tomorrow and listen further; and hopefully close/award.

Thank you for all the help; if the morning shows ongoing events as errors, I'll try rerunning the malwarebytes with updates.
dbruntonQuid, Me Anxius Sum?  Illegitimi non carborundum.Commented:
That should be OK.

Have you run the other software at the link I gave, AdwCleaner and HitmanPro?  Both are free.
Asta CuTechnical consultant & graphic designAuthor Commented:
Yes and no problems found.
I am thankful for the help
Will close this since the original subject identified and additional help provided

Will open a new Q when system completes the additional scans.
Asta CuTechnical consultant & graphic designAuthor Commented:
The questions continue, as shown here

errors March 15 2015
Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xa34
Faulting application start time: 0x01d05f53b465032c
Faulting application path: C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1eba7980-cb47-11e4-bdb8-0017318bbf87
The McAfee Anti-Malware Core service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xa34
Faulting application start time: 0x01d05f53b465032c
Faulting application path: C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1eba7980-cb47-11e4-bdb8-0017318bbf87
The maximum file size for session "McAfee.{E4367DA7-2B80-47f3-86D2-7626A18FC6F4}" has been reached. As a result, events might be lost (not logged) to file "C:\ProgramData\McAfee\MCLOGS\ETW\mclogs.etl". The maximum files size is currently set to 16777216 bytes.
Asta CuTechnical consultant & graphic designAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 200 points for dbrunton's comment #a40665305
Assisted answer: 100 points for John Hurst's comment #a40665280
Assisted answer: 100 points for spravtek's comment #a40665292
Assisted answer: 100 points for dbrunton's comment #a40665425
Assisted answer: 0 points for Asta Cu's comment #a40666726

for the following reason:

Sorry if I erred in finalizing this, it became more than I first found at the onset but want to ensure helpful information is awarded.  Clearly, this needs much more attention.

Thanks a lot.

The more complex things become, the more digging is needed to resolve the influx of problems from those who are out to ...  well you know.
JohnBusiness Consultant (Owner)Commented:
Thank you.  You may need to back up this machine, format, and reinstall Windows as probably the fastest way to resolve the multiple problems.
Asta CuTechnical consultant & graphic designAuthor Commented:
John, I'd love to have done this.... that would have been my choice at the get-go.  Not an option; too many old and important apps required and would be lost.  Not an option.
JohnBusiness Consultant (Owner)Commented:
Your friend needs to learn to keep software and make backups. After all, hard drives fail as well. Good luck with the computer.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/A_17346-Practical-solutions-are-not-an-option.html
Asta CuTechnical consultant & graphic designAuthor Commented:
True, indeed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.