Solved: ipas & appcl.exe error again

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

boogey

Thread Starter
Joined
Jun 18, 2004
Messages
144
hello again !.....iam back because this is such a great site for help!!!

i still have a problem with appcl.exe ...what is this .i am running win xp and when i boot up it says appcl.exe has encountered a problem and needs to close...i click on the close box and it wont go awayuntil i get almost violent with the mouse!!!then it says ipas has encountered...etc....and it wont go away same as the other one...what is ipas..and how can i fix it.....i ran adaware 6.0.....spybot S&D...and even pc bug doctor and it still happens...if i ran a hijack this and posted it would that help??? Thanx any and all help is greatly appreciated...



BOOGEY.
 
Joined
Sep 7, 2004
Messages
49,014
boogey said:
if i ran a hijack this and posted it would that help??? Thanx any and all help is greatly appreciated... BOOGEY.
Yep, as that appears to be scumware.
 

boogey

Thread Starter
Joined
Jun 18, 2004
Messages
144
Logfile of HijackThis v1.97.7
Scan saved at 11:52:31 PM, on 9/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\appgd32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\apikg32.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Winad Client\Winad.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Winad Client\WinClt.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Juno\exec.exe
C:\WINDOWS\System32\Fnjt.exe
C:\WINDOWS\System32\GoxOY.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\MYIE2\MyIE.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Gary\My Documents\fly patterns\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50171
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\guobp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://guobp.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Gary\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://guobp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Gary\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\guobp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://guobp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\guobp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*profiles.yahoo.com;*.pogo.com;*test-speed.com;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://auto.search.msn.com/response.asp?MT=www.hotmail.com&srch=3&prov=&utf8
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2DB33C9A-486B-0088-7058-260CEBB2901E} - C:\WINDOWS\system32\sdkyb.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [apikg32.exe] C:\WINDOWS\system32\apikg32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [[email protected]] C:\WINDOWS\System32\Qep78k1i.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Gary\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [sti] C:\WINDOWS\System32\sti.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKLM\..\RunOnce: [atlwr32.exe] C:\WINDOWS\system32\atlwr32.exe
O4 - HKLM\..\RunOnce: [mfcjn.exe] C:\WINDOWS\system32\mfcjn.exe
O4 - HKLM\..\RunOnce: [netlt.exe] C:\WINDOWS\system32\netlt.exe
O4 - HKLM\..\RunOnce: [sysoi32.exe] C:\WINDOWS\system32\sysoi32.exe
O4 - HKLM\..\RunOnce: [javals.exe] C:\WINDOWS\system32\javals.exe
O4 - HKLM\..\RunOnce: [ntbe.exe] C:\WINDOWS\ntbe.exe
O4 - HKLM\..\RunOnce: [ipml.exe] C:\WINDOWS\ipml.exe
O4 - HKLM\..\RunOnce: [mfcnj.exe] C:\WINDOWS\system32\mfcnj.exe
O4 - HKLM\..\RunOnce: [apppu.exe] C:\WINDOWS\apppu.exe
O4 - HKLM\..\RunOnce: [netas.exe] C:\WINDOWS\netas.exe
O4 - HKLM\..\RunOnce: [sdkmp32.exe] C:\WINDOWS\system32\sdkmp32.exe
O4 - HKLM\..\RunOnce: [atltv32.exe] C:\WINDOWS\atltv32.exe
O4 - HKLM\..\RunOnce: [javaux32.exe] C:\WINDOWS\javaux32.exe
O4 - HKLM\..\RunOnce: [iedy32.exe] C:\WINDOWS\iedy32.exe
O4 - HKLM\..\RunOnce: [crrw.exe] C:\WINDOWS\crrw.exe
O4 - HKLM\..\RunOnce: [iees.exe] C:\WINDOWS\iees.exe
O4 - HKLM\..\RunOnce: [ipea32.exe] C:\WINDOWS\ipea32.exe
O4 - HKLM\..\RunOnce: [addhp.exe] C:\WINDOWS\system32\addhp.exe
O4 - HKLM\..\RunOnce: [ipmv.exe] C:\WINDOWS\system32\ipmv.exe
O4 - HKLM\..\RunOnce: [ipuq32.exe] C:\WINDOWS\ipuq32.exe
O4 - HKLM\..\RunOnce: [apicl.exe] C:\WINDOWS\apicl.exe
O4 - HKLM\..\RunOnce: [ipil32.exe] C:\WINDOWS\system32\ipil32.exe
O4 - HKLM\..\RunOnce: [addnf.exe] C:\WINDOWS\addnf.exe
O4 - HKLM\..\RunOnce: [javaox.exe] C:\WINDOWS\javaox.exe
O4 - HKLM\..\RunOnce: [winmq.exe] C:\WINDOWS\system32\winmq.exe
O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
O4 - HKLM\..\RunOnce: [syszw32.exe] C:\WINDOWS\syszw32.exe
O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\system32\ntwo.exe
O4 - HKLM\..\RunOnce: [msxb.exe] C:\WINDOWS\system32\msxb.exe
O4 - HKLM\..\RunOnce: [javazh.exe] C:\WINDOWS\system32\javazh.exe
O4 - HKLM\..\RunOnce: [mfckp32.exe] C:\WINDOWS\mfckp32.exe
O4 - HKLM\..\RunOnce: [netfa.exe] C:\WINDOWS\system32\netfa.exe
O4 - HKLM\..\RunOnce: [ipas.exe] C:\WINDOWS\ipas.exe
O4 - HKLM\..\RunOnce: [mfcud.exe] C:\WINDOWS\mfcud.exe
O4 - HKLM\..\RunOnce: [addrd32.exe] C:\WINDOWS\addrd32.exe
O4 - HKLM\..\RunOnce: [atlyp.exe] C:\WINDOWS\system32\atlyp.exe
O4 - HKLM\..\RunOnce: [msne32.exe] C:\WINDOWS\msne32.exe
O4 - HKLM\..\RunOnce: [appcl.exe] C:\WINDOWS\system32\appcl.exe
O4 - HKLM\..\RunOnce: [atlvy.exe] C:\WINDOWS\system32\atlvy.exe
O4 - HKLM\..\RunOnce: [mses.exe] C:\WINDOWS\mses.exe
O4 - HKLM\..\RunOnce: [d3wa.exe] C:\WINDOWS\system32\d3wa.exe
O4 - HKLM\..\RunOnce: [d3sp.exe] C:\WINDOWS\system32\d3sp.exe
O4 - HKLM\..\RunOnce: [sysds32.exe] C:\WINDOWS\system32\sysds32.exe
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O4 - HKLM\..\RunOnce: [d3hn.exe] C:\WINDOWS\d3hn.exe
O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\Juno\qsacc\x1exec.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html
O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: GhostSurf Privacy Center (HKLM)
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...842869220dcf:31e1e886df05c54f80cdc9defbb7eddc
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38032.2208680556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3E9C60-A568-4981-B5E7-82ABFBA30372}: NameServer = 64.136.20.121 64.136.28.121
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top