a while ago this computer was infected witha browser hijacker that changed autosearch search engine. The hijacker is long gone, but now auto search doesn't work. Even after i change the engine to google through ie when i type something into the address bar and search i get something like this:
"http:///?%20autosearch%20broken"
in the adress bar and a page cannot be displayed error. I'm guessing there is a missing registry entry, but i don't know what it is.

This page (http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=87) has information about the registry keys for autosearch.

You may have something left behind by the browser hijacker.
To check, download hijackthis (http://www.majorgeeks.com/download3155.html). Scan with hijackthis, save log and post it here.

There is a registry patch down on this page (http://www.google.com/options/defaults.html) somewhere. You download that, then double click and run it and it will set google as your default search engine...

if google wasn't what u wanted, then search on your fav search engine for "how to make [engine name goes here} my default search engine," this is how i found the google thing. :)

BUT, even if this works i think it would still be best if you posted a hijackthis log here so people can help u get every last trace of spyware off of your computer.

Thanks for the lings, but I tried the stuff at those pages and nothing worked :(
i've searched everywhere for a way to change this , but because you can normally change search settings without using the regedit it's hard to find anything pertinent.

This is my hijack this log. I would have gotten rid of gater and dap, but it's not my computer.

logfile of HijackThis v1.97.7
Scan saved at 8:34:11 AM, on 7/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\gearsec.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mqsvc.exe
C:\WINNT\Mixer.exe
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Winamp\Winamp.exe
C:\GAMES\RuneScape\RX.exe
C:\Documents and Settings\SYSTEM01\Desktop\New Folder (2)\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\mdm.exe
C:\Documents and Settings\SYSTEM01\Desktop\New Folder (2)\HijackThis.exe

R3 - URLSearchHook: (no name) - - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SYSTEM01\Application Data\Mozilla\Profiles\default\nneez92c.slt\prefs.js)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ALCOHO~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O15 - Trusted Zone: http://www.runescape.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab (http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab27571.cab)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab (http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab)
O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} - http://www.popmonster.com/control/src/iefeatures.ocx
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8004.1419097222 (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38004.1419097222)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab27571.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab)
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

I had something like this on a friends computer once, I went to google and typed in the search field <google toolbar>. then I installed the google toolbar and during the install it will prompt you if you want to make google your default search page, you click on yes and it fixed it.

There are a couple of entries to fix with hijackthis, but I&#39;m not sure it will help with the autosearch problem.

Fix with hjt:

R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)

Did you compare your registry key values with those listed at this site? (http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=87)

I&#39;d also uninstall Download Accelerator Plus. You shouldn&#39;t need it anyway, if you have GetRight.

HiJackThis > Config > Main > Default Search Page, Assistant, and Custimize

This what you were looking for? :huh:

along with the ones Jg427 mentioned, also fix these:

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} - http://www.popmonster.com/control/src/iefeatures.ocx
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

also, you seem to have 2 antivirus programs installed. this is fine, if you have one set to be the resident scanner, and the other as an on demand scanner.

hope this helps.

Have you tried resetting web settings?
In IE > tools > internet options > programs
"reset web settings"
It should reset to msn search.

Originally posted by Jg427@7 July 2004 - 16:08
There are a couple of entries to fix with hijackthis, but I&#39;m not sure it will help with the autosearch problem.

Fix with hjt:

R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)

Did you compare your registry key values with those listed at this site? (http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=87)
Fixing those 2 entries worked &#33; thanks, this has been annoying me for a while. :)

@ chewie i would, but it&#39;s not my computer. :)

@ eveyone thanks

I&#39;m glad it worked out. Here (http://www.pestpatrol.com/pestinfo/d/download_accelerator_plus.asp) is some information about dap for the computer owner.


Once installed, during every download, the personal information you provided is transferred to SpeedBit. This is true whether you use DAP or Internet Explorer for the task. Some of this information is stored in the registry, and includes your name, age, sex, e-mail, company, profession, interests, and what you are retrieving, as may be seen in the traffic capture below.

Originally posted by Jg427@8 July 2004 - 01:53
I&#39;m glad it worked out. Here (http://www.pestpatrol.com/pestinfo/d/download_accelerator_plus.asp) is some information about dap for the computer owner.


Once installed, during every download, the personal information you provided is transferred to SpeedBit. This is true whether you use DAP or Internet Explorer for the task. Some of this information is stored in the registry, and includes your name, age, sex, e-mail, company, profession, interests, and what you are retrieving, as may be seen in the traffic capture below.
he says he&#39;s getting rid of it