something in XP hangs me up from logging in to my bank! HELP!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

richsgirl

Thread Starter
Joined
Feb 9, 2005
Messages
24
I've never had any problems logging in to my bank account until a few days ago. Now when I log in with my user name and password, I get a new screen that says "time is out, you must log in again or return home." I called the bank, and their tech support guy says he's heard of this with Windows XP and there is something in the settings or firewall that is hanging it up. He suggested I clear my cookies, which I did, but he didn't offer any other help with looking at my settings or firewall. I would greatly appreciate any help anyone could offer. I am a beginner with computers. I know the basics, but not real savy...so be easy on me with any instructions.
 
Joined
Aug 30, 2003
Messages
1,281
Try turning off your firewall, and logging in. If you can then log in successfully then you know that there is a setting in your firewall that needs changing.

What firewall (If any) are you using ?
 

richsgirl

Thread Starter
Joined
Feb 9, 2005
Messages
24
OK, maybe after all I should have listed myself as "not even close to beginner." I have no idea what kind of firewall I'm using. I had someone set my computer up for me. How would I look to know what I have and how would I turn it off? Thanks for your patience.
 
Joined
Aug 30, 2003
Messages
1,281
Okay,

Down in the bottom right next to the time, do you have any icons showing ?
If so, hover over each one and see what it says, for example you might be running Nortons Internet Security, or Zone Alarm or Sygate etc.

You may also just be using the firewall that comes with XP when you have installed SP2 (Service pack 2)

It might be best to Download a program called "Hijack This" from here http://www.spywareinfo.com/~merijn/downloads.html Scroll down a bit to see it.

Save it into a folder of it's own and do a scan with it, but dont have it fix anything.

Click on save log and save the log, then a window in notepad should open up and you can copy and paste the entire contents of that window back into a reply here.

This will allow me to see what you have running on your computer.
 

richsgirl

Thread Starter
Joined
Feb 9, 2005
Messages
24
I have Zone Alarm. I see the icon next to the time. Do I still need to download spyware? Thank you for taking your time to help me.
 
Joined
Aug 30, 2003
Messages
1,281
Ok if you right click the zone alarm icon, you should be able to switch it off. Then try getting into your site, try it and post back with the results.
 

richsgirl

Thread Starter
Joined
Feb 9, 2005
Messages
24
I shut it down, but I still cannot get past the log in stage. It shows that my log in session has timed out, but I'm only in it for a few seconds. I can't imagine what would make it do that. Very frustrating. Now should I download the spyware site?
 

richsgirl

Thread Starter
Joined
Feb 9, 2005
Messages
24
Logfile of HijackThis v1.99.0
Scan saved at 7:06:53 AM, on 2/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mfclf.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\lsrv.exe
C:\WINDOWS\system32\msyc.exe
C:\WINDOWS\System32\cmsssr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\ws2_32s.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\svcxnv32.exe
C:\WINDOWS\System32\VRWBWZBWRMDKWLS.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Firewall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Tina Reynolds\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\SYSTEM32\wpconfigs.exe
C:\WINDOWS\SYSTEM32\wpconfigs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nnpzj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C75AEB7B-18DF-27AF-DBA3-059058EDCC2F} - C:\WINDOWS\system32\ntve.dll
O2 - BHO: (no name) - {CE678389-B1E9-4F6F-091A-C8A48544D7B4} - C:\WINDOWS\appqy32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [msyc.exe] C:\WINDOWS\system32\msyc.exe
O4 - HKLM\..\Run: [Microsoft Firewall] Firewall.exe
O4 - HKLM\..\Run: [Microsofts Updatez] cmsssr.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Winsock Wrapper] C:\WINDOWS\System32\ws2_32s.exe
O4 - HKLM\..\Run: [apifi32.exe] C:\WINDOWS\system32\apifi32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKLM\..\Run: [Microsoft Diagnostic Tool] msdiag.exe
O4 - HKLM\..\Run: [winconfigs] C:\WINDOWS\SYSTEM32\wpconfigs.exe
O4 - HKLM\..\Run: [apixo.exe] C:\WINDOWS\system32\apixo.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IPConfig] svcxnv32.exe
O4 - HKLM\..\Run: [atltw32.exe] C:\WINDOWS\system32\atltw32.exe
O4 - HKLM\..\Run: [d3hs.exe] C:\WINDOWS\system32\d3hs.exe
O4 - HKLM\..\Run: [iptp32.exe] C:\WINDOWS\system32\iptp32.exe
O4 - HKLM\..\Run: [crcy32.exe] C:\WINDOWS\system32\crcy32.exe
O4 - HKLM\..\Run: [mshv.exe] C:\WINDOWS\system32\mshv.exe
O4 - HKLM\..\Run: [sdkwo32.exe] C:\WINDOWS\system32\sdkwo32.exe
O4 - HKLM\..\Run: [Winsock2 driver] VRWBWZBWRMDKWLS.EXE
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall] Firewall.exe
O4 - HKLM\..\RunServices: [Microsofts Updatez] cmsssr.exe
O4 - HKLM\..\RunOnce: [wingz.exe] C:\WINDOWS\system32\wingz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Firewall] Firewall.exe
O4 - HKCU\..\Run: [Microsofts Updatez] cmsssr.exe
O4 - HKCU\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKCU\..\Run: [IPConfig] svcxnv32.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\RunOnce: [Winsock2 driver] VRWBWZBWRMDKWLS.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gdioqvlp.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20751e4fa54b4491c321/netzip/RdxIE601.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\mfclf.exe
 
Joined
Aug 30, 2003
Messages
1,281
Firstly, please move Hijack this into a folder of it's own, you are currently running it from a temp file.

You have several nasty Virus's and trojans in that log.

Go to this site and do a full online scan http://www.pandasoftware.com/activescan/com/activescan_principal.htm

This will take some time to do, After the scan has completed Download Adaware Se personal from here http://www.lavasoftusa.com/software/adaware/ (it is the free version) Make sure you update it and run a scan with it, and fix everything it finds.

Then go here and download Spybot search & destroy http://www.safer-networking.org/en/download/index.html (it is also free)
Update it and run a scan, fix everything it finds.

Then post back with another Log. (Remember to move your Hijack program to it's own folder)

This is a lengthy process I know, but it is the only way to clean up your system.

I will ask a Moderator to move this post to the security forum, as the folks in there have more experience with the logs.
 

richsgirl

Thread Starter
Joined
Feb 9, 2005
Messages
24
I'm running the Panda now, but I already have adaware and spybot. Adaware automatically runs when I log on and I run spybot at least once a week. Maybe I just need to check and see if I need an updated version of these 2?? Viruses may explain why I can't hold on to my homepage and why my letters are huge on all the websites I go to!!
 
Joined
Aug 30, 2003
Messages
1,281
You will need to make sure you have the latest defintions for both programs, Is your adaware the SE version ? If not download a new one, Your Spybot should also be version 1.3, if it's not then get the new one and update it.

Even though you are downloading new versions of the above program, you still need to run their updates, as they constantly add new nasties to their definitions list.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Once you put Hijackthis into it's own folder we will soon clear you up
 
Joined
Jan 28, 2004
Messages
2,187
Further to the above, you can use my links for spybot and adaware to their home sites/and updates.... Also below there are links for tutorials on their setup.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top