I have run spy subtract pro and still am unable to get rid of the Zy search on my browser. Here is the hijack this log:
Logfile of HijackThis v1.98.0
Scan saved at 4:42:57 PM, on 8/20/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
.DLL
C:\WINDOWS\SYSTEM\MSGSRV32
.EXE
C:\WINDOWS\SYSTEM\MPREXE.E
XE
C:\WINDOWS\SYSTEM\mmtask.t
sk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\HPHA1MON
.EXE
C:\WINDOWS\SYSTEM\QTTASK.E
XE
C:\WINDOWS\SYSTEM\SPOOL32.
EXE
C:\PROGRAM FILES\FRONTIERNET\FRONTIER
NET DSL ATTENDANT\APP\TANGOMANAGER
.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALS
CHED.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRAC
T\SPYSUB.E
XE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\PMLDRV.E
XE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\DVZCOMMON\DVZMS
GR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
XE
C:\WINDOWS\SYSTEM\NTAPI32D
.EXE
C:\WINDOWS\SYSTEM\PSTORES.
EXE
C:\WINDOWS\SYSTEM\DDHELP.E
XE
C:\WINDOWS\SYSTEM\NTAPI32D
.EXE
C:\HIJACKTHIS\HIJACKTHIS.E
XE
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,CustomizeS
earch =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\In
ternet Explorer\SearchURL,(Defaul
t) =
http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\In
ternet Explorer\SearchURL,(Defaul
t) =
http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Local Page =
http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Local Page =
http://db105.com:81/cgi-bin/index.cgi?c=0
F1 - win.ini: run=hpfsched
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-1
4154ECE70A
C} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MY
BAR.DLL
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-0
5F83C18CBD
7} - C:\WINDOWS\SYSTEM\MSPXS32.
DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\SYSTEM\MSDXM.OC
X
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-1
4154ECE70A
C} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MY
BAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFAL
ERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAP
W32.EXE /LOADQUIET
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON
.EXE
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLau
ncher.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.E
XE
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONT
I~1\APP\TA
NGOM~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe" -osboot
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.
exe
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer
32.exe
O4 - HKCU\..\Run: [NoAdware] "C:\PROGRAM FILES\NOADWARE\NOADWARE.EX
E" /s
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer
32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtrac
t\spysub.e
xe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMs
gr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGI
NS\npqtplu
gin2.dll
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
050DA18DE7
1} (RdxIE Class) -
http://software-dl.real.com/26de604e0af321ebb700/netzip/RdxIE601.cab
O18 - Filter: text/html - (no CLSID) - (no file)