"*localhost:9100/proxy.pac" problem in IE6

Status
Not open for further replies.
T

taken

Journeyman
How do I remove this from my Internet Options settings in windows xp SP2?

*localhost:9100/proxy.pac

its in : Tool/internet option/connections/LAN Setting.

It is VERY persistent and doesn't remove itself after I delete the text and uncheck the box. i think this is some sort of spyware but just cant remove it. i have SB Search-n-Destroy,AdAware SE, Trend Micro AV

plsssssssss help
 
D

devarajan

Journeyman
emanym the link u give charge's amount dude.So here after dont provide such link b'coz all won't have an accout there...so try to help out orelse don't spam the forum like......
 
OP
T

taken

Journeyman
HI

emanym :oops: This quote seems similar coz i had searched the cure firstly in google and found it and then decided to copy and paste the same here. since both have the same Qn, it seems there is no STRANGE thing. hai na!!!!

so, as per suggestion of online gurus, i did hijeckthis run and this is the report. as such before doing it, i ran all my spywares and AV. can anyone make something out of it???

Logfile of HijackThis v1.99.1
Scan saved at 11:03:39 AM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\WINDOWS\TEMP\WUC0CB.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wz5fdd\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = *localhost:9100/proxy.pac
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KillCopy] C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [WINRUN] svchost32.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - *10.176.3.2:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - *10.176.3.2:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - *10.176.3.2:4343/officescan/console/html/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - *10.176.3.2:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7594D3-4717-41E4-9B77-620CE53FE0E9}: NameServer = 164.100.3.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

anyone??? if this is not the right place then link me up to the correct place so that i can make out something.
 
KHUBBU

KHUBBU

Journeyman
Several pages I've searched for "localhost:9100/proxy.pac" state that this is entered by something called Google Web Accelerator. Apparently, you must have installed this program. Here is a page about GWA:

*webaccelerator.google.com/support.html

And here is what it says you need to do to uninstall GWA, which presumably will removed the unwanted Internet Options settings:

4. How do I uninstall Google Web Accelerator?

If you decide you don't want to use Google Web Accelerator, here's how to uninstall it:

Click on Start > Settings > Control Panel to open the Windows Control Panel.
Click on Add or Remove Programs to open its window.
Click on Google Web Accelerator. A Remove button will appear below the Google Web Accelerator item.
Click the Remove button.
Close the Add or Remove Programs window and the Windows Control Panel.
Click to expand...


found the above on the same page
 
N

Nemesis

Wise Old Owl
@emanym: The Experts-Exchange link you provided needs a paid subscription to access.

Your HJT file looks clean. However, you could perhaps kill some of the processes to free up some memory. Also, I can't seem to get what this process is:

WUC0CB.EXE
 
D

devarajan

Journeyman
emanym said:
Nemesis said:
@emanym: The Experts-Exchange link you provided needs a paid subscription to access.
Click to expand...

nemesis, just delete all experts-exchange cookies (2 in number) :?: , you will get access, NOW PLEASE KICK MY NEMESIS :p

You have repeat that step when you try one more page.

If you still think it is for paid subscriber here under I am pasting the replies.

Accepted Answer from LeeTutor
Date: 11/23/2005 04:54PM PST
Grade: A Accepted Answer

Several pages I've searched for "localhost:9100/proxy.pac" state that this is entered by something called Google Web Accelerator. Apparently, you must have installed this program. Here is a page about GWA:

*webaccelerator.google.com/support.html

And here is what it says you need to do to uninstall GWA, which presumably will removed the unwanted Internet Options settings:

4. How do I uninstall Google Web Accelerator?

If you decide you don't want to use Google Web Accelerator, here's how to uninstall it:

Click on Start > Settings > Control Panel to open the Windows Control Panel.
Click on Add or Remove Programs to open its window.
Click on Google Web Accelerator. A Remove button will appear below the Google Web Accelerator item.
Click the Remove button.
Close the Add or Remove Programs window and the Windows Control Panel.


Comment from itcuser
Date: 11/23/2005 05:08PM PST Author Comment

excellent thank you
Click to expand...
Click to expand...

What r u trying to say???i cannot understand say in clear..........
 
Status
Not open for further replies.
Top Bottom