1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: ipas & appcl.exe error again

Discussion in 'Windows XP' started by boogey, Sep 10, 2004.

Thread Status:
Not open for further replies.
  1. boogey

    boogey Thread Starter

    Jun 18, 2004
    hello again !.....iam back because this is such a great site for help!!!

    i still have a problem with appcl.exe ...what is this .i am running win xp and when i boot up it says appcl.exe has encountered a problem and needs to close...i click on the close box and it wont go awayuntil i get almost violent with the mouse!!!then it says ipas has encountered...etc....and it wont go away same as the other one...what is ipas..and how can i fix it.....i ran adaware 6.0.....spybot S&D...and even pc bug doctor and it still happens...if i ran a hijack this and posted it would that help??? Thanx any and all help is greatly appreciated...

  2. MFDnNC


    Sep 7, 2004
    Yep, as that appears to be scumware.
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Mar 3, 2004
  4. boogey

    boogey Thread Starter

    Jun 18, 2004
    Logfile of HijackThis v1.97.7
    Scan saved at 11:52:31 PM, on 9/10/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\Program Files\Winad Client\Winad.exe
    C:\Program Files\Winad Client\WinClt.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\Juno\exec.exe
    C:\Program Files\Juno\exec.exe
    C:\Program Files\Juno\qsacc\x1exec.exe
    C:\Program Files\MYIE2\MyIE.exe
    C:\Documents and Settings\Gary\My Documents\fly patterns\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50171
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\guobp.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://guobp.dll/index.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Gary\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://guobp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Gary\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\guobp.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://guobp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\guobp.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;;;searchap.untd.com;;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*profiles.yahoo.com;*.pogo.com;*test-speed.com;<local>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://auto.search.msn.com/response.asp?MT=www.hotmail.com&srch=3&prov=&utf8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
    O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
    O1 - Hosts: lender-search.com
    O1 - Hosts: hot-searches.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {2DB33C9A-486B-0088-7058-260CEBB2901E} - C:\WINDOWS\system32\sdkyb.dll
    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [apikg32.exe] C:\WINDOWS\system32\apikg32.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [[email protected]] C:\WINDOWS\System32\Qep78k1i.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Gary\LOCALS~1\Temp\tb_setup.exe /dcheck
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [sti] C:\WINDOWS\System32\sti.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKLM\..\RunOnce: [atlwr32.exe] C:\WINDOWS\system32\atlwr32.exe
    O4 - HKLM\..\RunOnce: [mfcjn.exe] C:\WINDOWS\system32\mfcjn.exe
    O4 - HKLM\..\RunOnce: [netlt.exe] C:\WINDOWS\system32\netlt.exe
    O4 - HKLM\..\RunOnce: [sysoi32.exe] C:\WINDOWS\system32\sysoi32.exe
    O4 - HKLM\..\RunOnce: [javals.exe] C:\WINDOWS\system32\javals.exe
    O4 - HKLM\..\RunOnce: [ntbe.exe] C:\WINDOWS\ntbe.exe
    O4 - HKLM\..\RunOnce: [ipml.exe] C:\WINDOWS\ipml.exe
    O4 - HKLM\..\RunOnce: [mfcnj.exe] C:\WINDOWS\system32\mfcnj.exe
    O4 - HKLM\..\RunOnce: [apppu.exe] C:\WINDOWS\apppu.exe
    O4 - HKLM\..\RunOnce: [netas.exe] C:\WINDOWS\netas.exe
    O4 - HKLM\..\RunOnce: [sdkmp32.exe] C:\WINDOWS\system32\sdkmp32.exe
    O4 - HKLM\..\RunOnce: [atltv32.exe] C:\WINDOWS\atltv32.exe
    O4 - HKLM\..\RunOnce: [javaux32.exe] C:\WINDOWS\javaux32.exe
    O4 - HKLM\..\RunOnce: [iedy32.exe] C:\WINDOWS\iedy32.exe
    O4 - HKLM\..\RunOnce: [crrw.exe] C:\WINDOWS\crrw.exe
    O4 - HKLM\..\RunOnce: [iees.exe] C:\WINDOWS\iees.exe
    O4 - HKLM\..\RunOnce: [ipea32.exe] C:\WINDOWS\ipea32.exe
    O4 - HKLM\..\RunOnce: [addhp.exe] C:\WINDOWS\system32\addhp.exe
    O4 - HKLM\..\RunOnce: [ipmv.exe] C:\WINDOWS\system32\ipmv.exe
    O4 - HKLM\..\RunOnce: [ipuq32.exe] C:\WINDOWS\ipuq32.exe
    O4 - HKLM\..\RunOnce: [apicl.exe] C:\WINDOWS\apicl.exe
    O4 - HKLM\..\RunOnce: [ipil32.exe] C:\WINDOWS\system32\ipil32.exe
    O4 - HKLM\..\RunOnce: [addnf.exe] C:\WINDOWS\addnf.exe
    O4 - HKLM\..\RunOnce: [javaox.exe] C:\WINDOWS\javaox.exe
    O4 - HKLM\..\RunOnce: [winmq.exe] C:\WINDOWS\system32\winmq.exe
    O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
    O4 - HKLM\..\RunOnce: [syszw32.exe] C:\WINDOWS\syszw32.exe
    O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\system32\ntwo.exe
    O4 - HKLM\..\RunOnce: [msxb.exe] C:\WINDOWS\system32\msxb.exe
    O4 - HKLM\..\RunOnce: [javazh.exe] C:\WINDOWS\system32\javazh.exe
    O4 - HKLM\..\RunOnce: [mfckp32.exe] C:\WINDOWS\mfckp32.exe
    O4 - HKLM\..\RunOnce: [netfa.exe] C:\WINDOWS\system32\netfa.exe
    O4 - HKLM\..\RunOnce: [ipas.exe] C:\WINDOWS\ipas.exe
    O4 - HKLM\..\RunOnce: [mfcud.exe] C:\WINDOWS\mfcud.exe
    O4 - HKLM\..\RunOnce: [addrd32.exe] C:\WINDOWS\addrd32.exe
    O4 - HKLM\..\RunOnce: [atlyp.exe] C:\WINDOWS\system32\atlyp.exe
    O4 - HKLM\..\RunOnce: [msne32.exe] C:\WINDOWS\msne32.exe
    O4 - HKLM\..\RunOnce: [appcl.exe] C:\WINDOWS\system32\appcl.exe
    O4 - HKLM\..\RunOnce: [atlvy.exe] C:\WINDOWS\system32\atlvy.exe
    O4 - HKLM\..\RunOnce: [mses.exe] C:\WINDOWS\mses.exe
    O4 - HKLM\..\RunOnce: [d3wa.exe] C:\WINDOWS\system32\d3wa.exe
    O4 - HKLM\..\RunOnce: [d3sp.exe] C:\WINDOWS\system32\d3sp.exe
    O4 - HKLM\..\RunOnce: [sysds32.exe] C:\WINDOWS\system32\sysds32.exe
    O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
    O4 - HKLM\..\RunOnce: [d3hn.exe] C:\WINDOWS\d3hn.exe
    O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\Juno\qsacc\x1exec.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Event Reminder.lnk = ?
    O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html
    O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
    O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
    O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
    O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
    O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: GhostSurf Privacy Center (HKLM)
    O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...842869220dcf:31e1e886df05c54f80cdc9defbb7eddc
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38032.2208680556
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3E9C60-A568-4981-B5E7-82ABFBA30372}: NameServer =
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272608

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice