# Site Security Certificate has Expired



## Loggieon (Mar 15, 2010)

I'm trying to use PayPal, cannot access, and this is the message I am getting, Can anyone help?


----------



## lunarlander (Sep 22, 2007)

Check your system date to see if it is correct, especially the year.


----------



## Loggieon (Mar 15, 2010)

Hi, Yes I checked the date time and year and it's all correct. L


----------



## tomdkat (May 6, 2006)

Are you running Windows? If so, Microsoft periodically releases a "Root Certificate" update with Windows updates. I don't know if these get updated automatically or not.

You can try running a custom Windows Update (go to the Windows Update site and click the "Custom" button) and see if a "Root Certificate" update is pending for your system. If it is, install it and see if that helps.

I just logged in to Paypal and I didn't get any messages about the site cert at all.

I don't know if updating the "Root Certificates" on your system will solve the problem but it's something I would look at if I were in your position.

Peace...


----------



## lunarlander (Sep 22, 2007)

Did you type paypal.com into the address bar, or did you follow a link from another web site ? Try typing in the address and going directly.


----------



## Loggieon (Mar 15, 2010)

I actually tried both, in the address bar and then directly from the site and the error message popped up automatically.


----------



## Snagglegaster (Sep 12, 2006)

I'd have to think you have some nasty on your system which is redirecting your attempts to connect to PayPal. So I'd think that a scan with Malwarebytes Antimalware or any malware removal tools installed on your computer would be in order.


----------



## Snagglegaster (Sep 12, 2006)

tomdkat said:


> Are you running Windows? If so, Microsoft periodically releases a "Root Certificate" update with Windows updates. I don't know if these get updated automatically or not.
> 
> You can try running a custom Windows Update (go to the Windows Update site and click the "Custom" button) and see if a "Root Certificate" update is pending for your system. If it is, install it and see if that helps.
> 
> ...


For whatever reason, the Root Certificate Updates are an optional update. Still, I'd think that only connecting to an SSL secured site would generate the certificate error. Connecting to the PayPal home page shouldn't generate this error. That's why I suspect a redirector. Or, loggieon, did I misunderstand your original post. Are you saying that you can't connect to PayPal at all, or just can't log in to your account?


----------



## tomdkat (May 6, 2006)

Snagglegaster said:


> For whatever reason, the Root Certificate Updates are an optional update. Still, I'd think that only connecting to an SSL secured site would generate the certificate error. Connecting to the PayPal home page shouldn't generate this error. That's why I suspect a redirector. Or, loggieon, did I misunderstand your original post. Are you saying that you can't connect to PayPal at all, or just can't log in to your account?


Yep, I hear you and I mentioned the "Root Certificate" update as simply something to try. Believe it or not, connecting to the PayPal home page DOES establish a HTTPS connection. I *just* tried it using Firefox on Linux and I've got a secure connection to the PayPal home page for me to sign in (which makes sense since you wouldn't want your PayPal login info to be sent in clear text).

Something else to try to determine if an infection is at work is to ping www.paypal.com. If the IP returned is something outside of the PayPal block of IPs we know his host file or DNS settings have been hijacked.

Peace...


----------



## Loggieon (Mar 15, 2010)

How do I ping paypal? Would it work if I used another computer to pay my ebay members? I have used 3 different browzer's and still get this error message. I have synchronized the date and time on my computer so that's been updated, turned the computer off completely then tried again to no avail. I've been in contact with Paypal customer service and tech people, they say it's my computer at fault. I have talked to our local computer guy in my town and he say's the simple fact that If used 3 different browzer's says that it's Paypal not renewing they're root certificate's. I have tried to go to the Microsoft update website and they're is an update for root certificates to be updated which is dated Nov. 2009, but try to update and I must be doing something wrong because I can't seem to get anywhere with that....I am not very computer savvy...Laurie :0)


----------



## Loggieon (Mar 15, 2010)

I can't connect to paypal through ebay to pay for items, and also if I just went into the address area and tried to bring PayPal up there...either way does not work.


----------



## Loggieon (Mar 15, 2010)

I have Stopzilla anti-virus which is automatically updated and did a full scan and it's come up clean.


----------



## Phantom010 (Mar 9, 2009)

Please click *here* to download and install *version 2.0.2* of the *HijackThis Installer.* 

Run it and select *Do a system scan and save a logfile*.

The log will be saved in Notepad. Copy and paste the log in your next post.

*Do not fix anything*


----------



## Loggieon (Mar 15, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:55 AM, on 4/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - c:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - c:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.05/57go2Ejy5T0/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DAED96-7125-4D47-ADD7-6ED14B7A9271}: NameServer = 142.161.130.154 142.161.2.154
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O24 - Desktop Component 1: (no name) - http://www.picnik.com/
--
End of file - 9310 bytes


----------



## Phantom010 (Mar 9, 2009)

Well, nothing in your HOSTS file.

You do have a DNS server in there from MTS Allstream (ISP).

You could try changing your network connection settings.

Go *HERE* for detailed instructions.

Either change your DNS server settings to:

*Obtain DNS server address automatically *or enter the *OpenDNS* servers like in the example (OpenDNS can even speed up webpage loading).

By the way, STOPzilla is not an antivirus, it's an anti-spyware. You'll need to install one.

While we're at it, it wouldn't be a bad idea to get rid of *Windows Search 4.0*. It will speed up your computer.


----------



## tomdkat (May 6, 2006)

Loggieon said:


> How do I ping paypal?


Open a command window (Click "Start", then "Run" and enter "cmd" in the box and press enter). When the command window is open, enter the command:

ping www.paypal.com

Then you would post the results.

Peace...


----------

