-
a while ago this computer was infected witha browser hijacker that changed autosearch search engine. The hijacker is long gone, but now auto search doesn't work. Even after i change the engine to google through ie when i type something into the address bar and search i get something like this:
"http:///?%20autosearch%20broken"
in the adress bar and a page cannot be displayed error. I'm guessing there is a missing registry entry, but i don't know what it is.
-
This page has information about the registry keys for autosearch.
You may have something left behind by the browser hijacker.
To check, download hijackthis. Scan with hijackthis, save log and post it here.
-
There is a registry patch down on this page somewhere. You download that, then double click and run it and it will set google as your default search engine...
if google wasn't what u wanted, then search on your fav search engine for "how to make [engine name goes here} my default search engine," this is how i found the google thing. :)
BUT, even if this works i think it would still be best if you posted a hijackthis log here so people can help u get every last trace of spyware off of your computer.
-
Thanks for the lings, but I tried the stuff at those pages and nothing worked :(
i've searched everywhere for a way to change this , but because you can normally change search settings without using the regedit it's hard to find anything pertinent.
This is my hijack this log. I would have gotten rid of gater and dap, but it's not my computer.
logfile of HijackThis v1.97.7
Scan saved at 8:34:11 AM, on 7/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\gearsec.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mqsvc.exe
C:\WINNT\Mixer.exe
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Winamp\Winamp.exe
C:\GAMES\RuneScape\RX.exe
C:\Documents and Settings\SYSTEM01\Desktop\New Folder (2)\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\mdm.exe
C:\Documents and Settings\SYSTEM01\Desktop\New Folder (2)\HijackThis.exe
R3 - URLSearchHook: (no name) - - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SYSTEM01\Application Data\Mozilla\Profiles\default\nneez92c.slt\prefs.js)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ALCOHO~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O15 - Trusted Zone: http://www.runescape.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} - http://www.popmonster.com/control/src/iefeatures.ocx
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8004.1419097222
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab27571.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
-
I had something like this on a friends computer once, I went to google and typed in the search field <google toolbar>. then I installed the google toolbar and during the install it will prompt you if you want to make google your default search page, you click on yes and it fixed it.
-
There are a couple of entries to fix with hijackthis, but I'm not sure it will help with the autosearch problem.
Fix with hjt:
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
Did you compare your registry key values with those listed at this site?
-
I'd also uninstall Download Accelerator Plus. You shouldn't need it anyway, if you have GetRight.
-
HiJackThis > Config > Main > Default Search Page, Assistant, and Custimize
This what you were looking for? :huh:
-
along with the ones Jg427 mentioned, also fix these:
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} - http://www.popmonster.com/control/src/iefeatures.ocx
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
also, you seem to have 2 antivirus programs installed. this is fine, if you have one set to be the resident scanner, and the other as an on demand scanner.
hope this helps.
-
Have you tried resetting web settings?
In IE > tools > internet options > programs
"reset web settings"
It should reset to msn search.