Spyware toolbar wont go away

Posted on 2004-10-23
Last Modified: 2012-05-05
I accidentally asked this question under the wrong category at first.  My apologies

I  think I have fixed some of the problems in my ie browser with hyjack this but I am still getting a spyware toolbar that wont go away It looks like this:

   Make money   Music   Casino
  Investing   Travel   Mortgage
   Dating - Singles - Personals - Escorts - Chat Rooms  Travel - Airline Tickets - Hotels - Cruises - Vacations  Careers - Job Listings - Education - Work At Home - Part Time
 Credit - Credit Cards - Cash Advance - Mortgage - Car Loans  Computers - DVD - Games - Digital Camera - Ink Cartridge  Insurance - Car Insurance - Health Ins. - Life Ins. - Renters Ins

Its properties when I right click on it look like this:

Search Now!

HyperText Transfer Protocol
HTM File

Not Encrypted

size is 7320 bytes -

It only appears when I am connected to the internet and it goes away when I click on its close box but it always comes back when i use explorer

My Hyjack this log file now looks like this

Logfile of HijackThis v1.97.7
Scan saved at 5:10:31 AM, on 10/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\O2Micro\SuperDJ\Monitor.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Stealther\stealth26.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\My Documents\Working Docs\White Papers\Computer Docs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [O2PLEmonitor] C:\Program Files\O2Micro\SuperDJ\Monitor.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Datawebbinchic] C:\Documents and Settings\All Users\Application Data\Skip Bags Data Web\Proc Name.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lcl] C:\WINNT\lcl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Dale Bend] C:\DOCUME~1\Owner\APPLIC~1\TONSNE~1\long 2.exe
O4 - Startup: Stealther Startup.lnk = C:\Program Files\Stealther\stealth26.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D99612C-19B8-48F7-8629-EE97FA51D2DC}: NameServer =

Any suggestions???
Question by:MonroeDowling
    LVL 8

    Expert Comment

    Use the analysis tool to see whats up with your log file:

    First you will see you arent using the latest version of HiJack This.
    So get the latest version first and recheck your system.

    Next download, install and update both AdAware and Spybot Search and Destroy, reboot into safe mode and run the scans in safe mode. That should help get you all cleaned up.
    LVL 49

    Expert Comment

    Not sure if you had done virus scanning and used other spyware tools before running hijacthis ..

    This is the norm

    Start --> run --> Type in "msconfig" and press "Enter"
    goto Startup tab
    Disable all the applications there except Anti-virus.Reboot the machine and check if the error occurs.
    If not, then enable one at a time in the same startup tab and find the application that might cause this
    at startup

    virus scanner:
    When you scan for virus,do all the below in both Normal mode and Safe mode.

    a) Update your virus definitions in your Anti-virus and run it.

    b) Download Stinger from here :  and run it.

    c) Use this Online virus scanner also :


    Please donot run spyware before running Anti-virus tools and making sure there is no virus in the machine.
    Run spyware both in Normal and Safe mode to be sure that the system is free of spywares,adwares and Malwares.


    Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread

    My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run

    Once running all the above tools and others given in that thread, download and run Hijackthis.
    Download Hijacthis from here
    Get the log from Hijackthis and save the log and paste it here to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.

    Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.

    Now make sure to scan your hijackthis log in the analyzer tool and remove all the unwanted/bad entries that the site says. Then post back if you still have any issue.

    Use this to remove unwanted toolbars
    Using ToolbarCop to remove the unwanted Toolbands, Toolbar icons and Browser Helper Objects

    After all these ,
    Remove temporary internet files, folders and cookies
    Also remove windows Temp files going to

    1) Start --> run --> typein:  %systemroot%/temp
    2) Start  --> run --> typein: %temp%

    Post back if you still have issues

    LVL 12

    Expert Comment


    Here's some very interesting information on:
    Take note of the removal instructions -

    Good luck!

    LVL 65

    Expert Comment

    >> C:\winnt\180solutions\saap.exe

    this means u are having a 180solutions parasite on ur machine =\
    read here to remove it completely from ur system >>
    LVL 49

    Expert Comment


    I would appreciate if you can look at my comment in Experts Input question of yours about Hijackthis Log
    LVL 65

    Expert Comment

    im sorry ross, didn't refresh the page before posting =\

    Author Comment

    I am almost ready to give up.  It seems my only solution thus far to keep from getting the malicious spyware toolbar I mentioned above when I invoke internet explorer is to use another web browser.  When I use mozilla firefox I have no problems whatsoever, but when I use ie I still get numerous popups and that strange spyware toolbar that only appears when I am connected to the internet.  I have been working on this problem for months.  I have used adaware, spybot search and destroy and I have tried some of your suggestions including toolbar cop, hyjack this, and I also tried the tedious 180solutions removal suggested by SheharyaarSaahil.  This was a nice article about going into the registry and everywhere else to remove the problem.  Unfortunately, it did not solve the problem.  Perhaps the host program software is still on my machine.  I have no idea what it is.  Looks like this is one of those questions that won't get resolved.
    LVL 65

    Expert Comment

    Monroe,,,, u have WinXP system,,,, are u sure u disable system restore before doing the cleanup process ??
    and after running the removal tools, do u manually check for the exe files and their registry entries to make sure they are all gone ??

    Author Comment

    I have been dealing with this long enough.  None of the responses I have received have helped me resolve this problem.  In fact I remember getting one message from someone somewhere along asking me not to print a hyjack this log.  Fine.  I think what I need to do is cancel my membership here.  Thanks to everyone who has earnestly tried to help.  Goodbye.

    LVL 49

    Expert Comment

    It is sad to see that your issue is still not resolved..

    So you have tried all the above suggestions and you still have the same issue or do you see some improvement.

    Have you tried using this tool
    to see if you can remove any toolbar using it .

    Regarding Hijackthis log, this website is taking lot of changes as to how to make questions and thread more user-friendly.
    Apart from experts , users or questioners are lead in a direction so that they can do some work on their own and come back if they need further help . It is NOT that you cannot post the logs but it is like use the analyzer website to search for bad ones in your log and see if the issue is solved and if not , post the log.

    Hang on and post back and see if we can resolve your issue

    LVL 3

    Expert Comment

    Have you tried running a simple Ad-aware SE or Spybot ?
    Often these programs are a very good help!
    LVL 13

    Expert Comment

    Here is one I downloaded and used. It found spyware etc that the others do not. It is a fully functional 15 day trial program called 'Great Antispyware'

    It gave me some interesting results. I ran it in the normal mode. You might run it in the safe mode also. I normall have not run these spyware programs in the safe mode. I just posted a question why is it recommended to run these program in the safe mode.

    Try it before you give up.

    LVL 13

    Expert Comment

    This program is uded for web browser hijacks
    Web websearch remover

    Author Comment

    While I almost gave up I finally was able to resolve this issue myself.  I must admit I did not try disabling the system restore utility because a restore point had saved my computer during a previous problem.  I did try most of the software tools recommended above along with half a dozen others.  The link to the 180solutions spyware removal did help some but did not resolve the main issue which was the recurring spyware toolbar in internet explorer.

    I have been working for months on this problem.  The recommendation for trying hyjack this software did not help because many of the entries were unknown.  Even some of the experts gave incorrect info on some things to remove.  Fortunately, serendipity smiled on me tonight in the form of a piece of software called Security Task Manager.  It can be downloaded from and originates from  This software analyzes all the active and inactive processes in the task manager and provides detailed information on all the ones that it recognizes.  For those that it does not recognize, it provides a link to google search where they can be found.  With this software, I isolated the problem to 2 malicious programs.  One called long2.exe and the other called bin kind.exe.  (Yes, there is a space after bin.)  I was able to quarantine and delete these programs and other spyware on my computer with a few key strokes.  The software is a free trial version for 30 days and $29 for a registered version.  I will probably buy it .  Thanks to all who helped and my question is finally resolved.


    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
    By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now