1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

something in XP hangs me up from logging in to my bank! HELP!

Discussion in 'Virus & Other Malware Removal' started by richsgirl, Feb 9, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. richsgirl

    richsgirl Thread Starter

    Joined:
    Feb 9, 2005
    Messages:
    24
    I've never had any problems logging in to my bank account until a few days ago. Now when I log in with my user name and password, I get a new screen that says "time is out, you must log in again or return home." I called the bank, and their tech support guy says he's heard of this with Windows XP and there is something in the settings or firewall that is hanging it up. He suggested I clear my cookies, which I did, but he didn't offer any other help with looking at my settings or firewall. I would greatly appreciate any help anyone could offer. I am a beginner with computers. I know the basics, but not real savy...so be easy on me with any instructions.
     
  2. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Try turning off your firewall, and logging in. If you can then log in successfully then you know that there is a setting in your firewall that needs changing.

    What firewall (If any) are you using ?
     
  3. richsgirl

    richsgirl Thread Starter

    Joined:
    Feb 9, 2005
    Messages:
    24
    OK, maybe after all I should have listed myself as "not even close to beginner." I have no idea what kind of firewall I'm using. I had someone set my computer up for me. How would I look to know what I have and how would I turn it off? Thanks for your patience.
     
  4. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Okay,

    Down in the bottom right next to the time, do you have any icons showing ?
    If so, hover over each one and see what it says, for example you might be running Nortons Internet Security, or Zone Alarm or Sygate etc.

    You may also just be using the firewall that comes with XP when you have installed SP2 (Service pack 2)

    It might be best to Download a program called "Hijack This" from here http://www.spywareinfo.com/~merijn/downloads.html Scroll down a bit to see it.

    Save it into a folder of it's own and do a scan with it, but dont have it fix anything.

    Click on save log and save the log, then a window in notepad should open up and you can copy and paste the entire contents of that window back into a reply here.

    This will allow me to see what you have running on your computer.
     
  5. richsgirl

    richsgirl Thread Starter

    Joined:
    Feb 9, 2005
    Messages:
    24
    I have Zone Alarm. I see the icon next to the time. Do I still need to download spyware? Thank you for taking your time to help me.
     
  6. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Ok if you right click the zone alarm icon, you should be able to switch it off. Then try getting into your site, try it and post back with the results.
     
  7. richsgirl

    richsgirl Thread Starter

    Joined:
    Feb 9, 2005
    Messages:
    24
    I shut it down, but I still cannot get past the log in stage. It shows that my log in session has timed out, but I'm only in it for a few seconds. I can't imagine what would make it do that. Very frustrating. Now should I download the spyware site?
     
  8. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Yes, Download Hijack This and copy and paste the log in here.
     
  9. richsgirl

    richsgirl Thread Starter

    Joined:
    Feb 9, 2005
    Messages:
    24
    Logfile of HijackThis v1.99.0
    Scan saved at 7:06:53 AM, on 2/9/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\mfclf.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\lsrv.exe
    C:\WINDOWS\system32\msyc.exe
    C:\WINDOWS\System32\cmsssr.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\WINDOWS\System32\ws2_32s.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\System32\svcxnv32.exe
    C:\WINDOWS\System32\VRWBWZBWRMDKWLS.EXE
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\Firewall.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Documents and Settings\Tina Reynolds\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
    C:\WINDOWS\SYSTEM32\wpconfigs.exe
    C:\WINDOWS\SYSTEM32\wpconfigs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {C75AEB7B-18DF-27AF-DBA3-059058EDCC2F} - C:\WINDOWS\system32\ntve.dll
    O2 - BHO: (no name) - {CE678389-B1E9-4F6F-091A-C8A48544D7B4} - C:\WINDOWS\appqy32.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
    O4 - HKLM\..\Run: [msyc.exe] C:\WINDOWS\system32\msyc.exe
    O4 - HKLM\..\Run: [Microsoft Firewall] Firewall.exe
    O4 - HKLM\..\Run: [Microsofts Updatez] cmsssr.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [Microsoft Winsock Wrapper] C:\WINDOWS\System32\ws2_32s.exe
    O4 - HKLM\..\Run: [apifi32.exe] C:\WINDOWS\system32\apifi32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [apvxdwin.exe] apvxdwin.exe
    O4 - HKLM\..\Run: [Microsoft Diagnostic Tool] msdiag.exe
    O4 - HKLM\..\Run: [winconfigs] C:\WINDOWS\SYSTEM32\wpconfigs.exe
    O4 - HKLM\..\Run: [apixo.exe] C:\WINDOWS\system32\apixo.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [IPConfig] svcxnv32.exe
    O4 - HKLM\..\Run: [atltw32.exe] C:\WINDOWS\system32\atltw32.exe
    O4 - HKLM\..\Run: [d3hs.exe] C:\WINDOWS\system32\d3hs.exe
    O4 - HKLM\..\Run: [iptp32.exe] C:\WINDOWS\system32\iptp32.exe
    O4 - HKLM\..\Run: [crcy32.exe] C:\WINDOWS\system32\crcy32.exe
    O4 - HKLM\..\Run: [mshv.exe] C:\WINDOWS\system32\mshv.exe
    O4 - HKLM\..\Run: [sdkwo32.exe] C:\WINDOWS\system32\sdkwo32.exe
    O4 - HKLM\..\Run: [Winsock2 driver] VRWBWZBWRMDKWLS.EXE
    O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
    O4 - HKLM\..\RunServices: [Microsoft Firewall] Firewall.exe
    O4 - HKLM\..\RunServices: [Microsofts Updatez] cmsssr.exe
    O4 - HKLM\..\RunOnce: [wingz.exe] C:\WINDOWS\system32\wingz.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
    O4 - HKCU\..\Run: [Microsoft Firewall] Firewall.exe
    O4 - HKCU\..\Run: [Microsofts Updatez] cmsssr.exe
    O4 - HKCU\..\Run: [apvxdwin.exe] apvxdwin.exe
    O4 - HKCU\..\Run: [IPConfig] svcxnv32.exe
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - HKCU\..\RunOnce: [Winsock2 driver] VRWBWZBWRMDKWLS.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gdioqvlp.exe
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20751e4fa54b4491c321/netzip/RdxIE601.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\mfclf.exe
     
  10. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Firstly, please move Hijack this into a folder of it's own, you are currently running it from a temp file.

    You have several nasty Virus's and trojans in that log.

    Go to this site and do a full online scan http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    This will take some time to do, After the scan has completed Download Adaware Se personal from here http://www.lavasoftusa.com/software/adaware/ (it is the free version) Make sure you update it and run a scan with it, and fix everything it finds.

    Then go here and download Spybot search & destroy http://www.safer-networking.org/en/download/index.html (it is also free)
    Update it and run a scan, fix everything it finds.

    Then post back with another Log. (Remember to move your Hijack program to it's own folder)

    This is a lengthy process I know, but it is the only way to clean up your system.

    I will ask a Moderator to move this post to the security forum, as the folks in there have more experience with the logs.
     
  11. richsgirl

    richsgirl Thread Starter

    Joined:
    Feb 9, 2005
    Messages:
    24
    I'm running the Panda now, but I already have adaware and spybot. Adaware automatically runs when I log on and I run spybot at least once a week. Maybe I just need to check and see if I need an updated version of these 2?? Viruses may explain why I can't hold on to my homepage and why my letters are huge on all the websites I go to!!
     
  12. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    You will need to make sure you have the latest defintions for both programs, Is your adaware the SE version ? If not download a new one, Your Spybot should also be version 1.3, if it's not then get the new one and update it.

    Even though you are downloading new versions of the above program, you still need to run their updates, as they constantly add new nasties to their definitions list.
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Once you put Hijackthis into it's own folder we will soon clear you up
     
  14. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Thanks Derek, I'll leave richsgirl in your capable hands (y)
     
  15. bobol

    bobol

    Joined:
    Jan 28, 2004
    Messages:
    2,187
    Further to the above, you can use my links for spybot and adaware to their home sites/and updates.... Also below there are links for tutorials on their setup.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328464

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice