The other day using Internet Explorer 7 (IE7) I was trying to log in to a CITI bank card site to view our account, we were routed to a web page that asked for credit card information after entering the login data. The login site is www.citicards.com. There you enter your ID and Password and then you account data is displayed. For some reason, after entering the login data, we are taken to a site asking for credit card information. That site is www.accountonline.com/Login, which is very close to the “normal” site, www.accountonline.com/Login-(site ID). CITI believes this is a spyware issue affecting IE7 (If I use Firefox, everything works OK). I have an account with McAfee though Comcast, so I ran a scan. This did not help. I downloaded some Spyware software(Cyberdefender and Spyware Doctor) and there were some threats identified (MSN Track Monitor, Try Media & BingoFunGames by Cyber, and several different ones by “doctor”). I didn’t clear because these free downloads required a subscription and I didn’t want to pay if I had no promise to fix. I then recalled Spybot and thought I would try it and make a donation if it fixed the problem. Well the donation will not be forthcoming. The threats identified by Spybot were fixed, but it did not correct this issue. I have also tried removing and reinstalling IE7, even going to IE6. No fix. Anybody have any ideas?

The links you gave above does not work anymore. As far as I know, it was disabled or "lost" (Not Found).

The CitiCard link works on Firefox 3.

I have this bad feeling that you were maybe redirectly to a "phishing" page. I visited the "accountonline" site and it was not found.

Clarify your problem. What is problem? Is it like you are redirected to another page for no reason?

Give some examples of the entries found by Spybot-SD. Are you using the latest version?

The links you gave above does not work anymore. As far as I know, it was disabled or "lost" (Not Found).

The CitiCard link works on Firefox 3.

I have this bad feeling that you were maybe redirectly to a "phishing" page. I visited the "accountonline" site and it was not found.

Clarify your problem. What is problem? Is it like you are redirected to another page for no reason?

Give some examples of the entries found by Spybot-SD. Are you using the latest version?

I've just tried all 3 in IE7 and the CitiCard one works fine but the others both show "HTTP 404 Page Not Found Errors".

I understand that it is difficult to describe a computer problem like I have, but I’ll try to clarify a little more. First, drrogostea says the links I gave “do not work anymore”. Not sure what is meant, but www.citicards.com is a good link. If it is typed into either IE7 or Firefox, both go to the log in site whose “address” is expanded to https://www.citicards.com/cards/wv/home.do. Also, for both, the internet window tab is titled Citi Credit Cards, Citibank, Travel . . . . . . Now, the next links result when you enter your ID and Password, selecting Account Summary as the log in destination. Using Firefox, it takes me to https://accountonline.com/AccountSummary and displays my account (the Firefox “tab” reads Citibank Account Summary, with a citi logo on the left). Using IE7, it takes me to https://accountonline.com/Login. The IE7 tab reads Sears Credit Card with a citi logo on the left. The “sears” site is requesting credit card number info. Now to say that the last two links do not work anymore is a bit confusing as they are resultant links from signing on, and entering these directly in the address line would not give the proper results. I gave the “second” links only to show that the resultant destination is different between IE7 and FF (I just loaded FF 3.0 today and it works fine). The Spybot version I used was as of yesterday when I downloaded the software. I believe it automatically updated to the latest data base. Not sure, but in the recovery que, I see BPSSpywareRemove, RegClean, DeepDive, InterSysInc and Microsoft.WindowsSecurityCenter.FirewallBypass headings

I've just re-tried those links and, again, the CitiCards link works fine but the other 2 now show "Site Certificate errors" which means their security certificate (http://img519.imageshack.us/my.php?image=certificatescreenshotqr9.jpg)isn't up-to-date therefore it is unwise to continue using that site.

When I add "www." to the start of the url and press "Go" I get the Message "The page you requested is currently unavailable. We apologize for any inconvenience this may have caused. Please try again later."

Of those entries you mentioned the "Microsoft.WindowsSecurityCenter.FirewallBypass headings" one is (if my memory serves me right) a sign that your firewall has been deativated and is not a malicious entry but I could be wrong.

I would post in the main Forum and ask you question there and link to this thread.

Like Terminator, we're both using Firefox 3. I've encountered the site certificate error too.

Was Spybot-SD successful in removing the entries? Some them are rogue products. InterSync looks like an entry related to a invisible keylogger or something associated with a dialer.

@Terminator, you are correct. This only occurs when the firewall monitoring is deactivated. This usually occurs when the user tells the Security Center NOT to monitor it. Fixing that registry key should bring it back.