1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Security Warning

Discussion in 'Web & Email' started by dante56, Nov 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. dante56

    dante56 Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    114
    Hi again another problem (or Problems)
    When I sign in to hotmail and go on other secure sites i get this warning
    [​IMG]
    I nver used to get it I have also noticed when i search in google starware is always the first option e.g if i search for holidays in france it comes up as the first option search for holidays in france with starware.
    And finally i noticed that most of my programs in my start menu are marked as newly installed even though I have used them hundreds of times (i cleared the list for the frequently used programs on the start menu would this cause them all to be displaeyed as newly installed
     
  2. Sponsor

  3. dante56

    dante56 Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    114
    anyone? This problem is really starting to annoy me
    please reply
    Ryan
     
  4. dante56

    dante56 Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    114
    Please someone reply its annoying even if you say you dont know or it is normal its just started happening a few days ago
     
  5. bearone2

    bearone2 Banned

    Joined:
    Jun 4, 2004
    Messages:
    5,809
    have you changed your security settings from default to custom and changed any of the boxes?

    ie open: tools/internet options/security.
     
  6. dugq

    dugq

    Joined:
    Jul 16, 2004
    Messages:
    2,653
    You could try running windows update to install any new certificates. Also, In Internet Options (in the control panel) under general clear history, temp files and cookies, then security, higthlight Internet and click on defauly.
    Otherwise if you go to Internet Options in control panel, then Advanced and untick warn about invalid site certificates, that should fix the problem, although it will lower the security.
     
  7. dante56

    dante56 Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    114
    Hi I have tried that seems to have solved it however if click the history button on the toolbat and right click today then delete close the history section then open it again the history is still there
     
  8. dugq

    dugq

    Joined:
    Jul 16, 2004
    Messages:
    2,653
    Hmm, so you have other problems with IE, may be a good idea to check for spyware

    SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
    AdAware SE http://www.majorgeeks.com/download506.html
    SpyBot S&D http://www.safer-networking.org/en/download/

    DL them (they are free), install them, check each for their definition

    updates and then run AdAware and Spybot, fixing anything they say.

    THen run HiJack This http://www.majorgeeks.com/download3155.html and post a log - DO NOT FIX anything
     
  9. dante56

    dante56 Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    114
    I use Spybot and Adaware but never used spyblaster also I have used all the suggestions even turned off warn about invalid certificates and it is still happening I will download spyblaster and do scans on it and sbybot and adaware and i will post a hijack this log Soon
     
  10. dante56

    dante56 Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    114
    heres my log

    Logfile of HijackThis v1.98.2
    Scan saved at 20:55:57, on 24/11/2002
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\dslagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Logitech\Video\LowLight.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\WISPTIS.EXE
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Ryan Morrin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
    O2 - BHO: objtype - {EF8B9606-A96C-37C2-0AAB-70596597ED57} - C:\PROGRA~1\BURNST~1\manager pure.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Lite global - {89CEAD45-2370-EFC2-B918-BAC639C94D59} - C:\PROGRA~1\BURNST~1\manager pure.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} (Calendar Control 11.0) - http://paccess.pattinson.co.uk/components/mscal.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4393/mcfscan.cab
     
  11. dugq

    dugq

    Joined:
    Jul 16, 2004
    Messages:
    2,653
    Rescan with Hijack This, close all browser windows except Hijack This, put a check mark beside these entries and click “fix checked”.

    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL

    O2 - BHO: objtype - {EF8B9606-A96C-37C2-0AAB-70596597ED57} - C:\PROGRA~1\BURNST~1\manager pure.dll (file missing)

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab



    Then boot to safe mode (see how below), locate and delete these files and/or folders:

    C:\Program Files\MyWay

    C:\PROGRA~1\BURNST~1




    How to restart to safe mode:
    http://service1.symantec.com/SUPPOR...src=sec_doc_nam

    Because XP will not always show you hidden files and folders by default, Go to Start - Search and under "More advanced search options". Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders"
    Click "Apply" then "OK"

    Then reboot and post another log please.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/299045

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice