Solved: ipas & appcl.exe error again

This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.


Thread Starter
Jun 18, 2004
hello again !.....iam back because this is such a great site for help!!!

i still have a problem with appcl.exe ...what is this .i am running win xp and when i boot up it says appcl.exe has encountered a problem and needs to close...i click on the close box and it wont go awayuntil i get almost violent with the mouse!!!then it says ipas has encountered...etc....and it wont go away same as the other one...what is ipas..and how can i fix it.....i ran adaware 6.0.....spybot S&D...and even pc bug doctor and it still happens...if i ran a hijack this and posted it would that help??? Thanx any and all help is greatly appreciated...

Sep 7, 2004
boogey said:
if i ran a hijack this and posted it would that help??? Thanx any and all help is greatly appreciated... BOOGEY.
Yep, as that appears to be scumware.


Thread Starter
Jun 18, 2004
Logfile of HijackThis v1.97.7
Scan saved at 11:52:31 PM, on 9/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Winad Client\Winad.exe
C:\Program Files\Winad Client\WinClt.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Documents and Settings\Gary\My Documents\fly patterns\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\guobp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://guobp.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Gary\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://guobp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Gary\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\guobp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://guobp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\guobp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;;;;;localhost;*;*;*;*;*;*;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts:
O1 - Hosts:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2DB33C9A-486B-0088-7058-260CEBB2901E} - C:\WINDOWS\system32\sdkyb.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [apikg32.exe] C:\WINDOWS\system32\apikg32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [27LN4792DT@AA4] C:\WINDOWS\System32\Qep78k1i.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Gary\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [sti] C:\WINDOWS\System32\sti.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKLM\..\RunOnce: [atlwr32.exe] C:\WINDOWS\system32\atlwr32.exe
O4 - HKLM\..\RunOnce: [mfcjn.exe] C:\WINDOWS\system32\mfcjn.exe
O4 - HKLM\..\RunOnce: [netlt.exe] C:\WINDOWS\system32\netlt.exe
O4 - HKLM\..\RunOnce: [sysoi32.exe] C:\WINDOWS\system32\sysoi32.exe
O4 - HKLM\..\RunOnce: [javals.exe] C:\WINDOWS\system32\javals.exe
O4 - HKLM\..\RunOnce: [ntbe.exe] C:\WINDOWS\ntbe.exe
O4 - HKLM\..\RunOnce: [ipml.exe] C:\WINDOWS\ipml.exe
O4 - HKLM\..\RunOnce: [mfcnj.exe] C:\WINDOWS\system32\mfcnj.exe
O4 - HKLM\..\RunOnce: [apppu.exe] C:\WINDOWS\apppu.exe
O4 - HKLM\..\RunOnce: [netas.exe] C:\WINDOWS\netas.exe
O4 - HKLM\..\RunOnce: [sdkmp32.exe] C:\WINDOWS\system32\sdkmp32.exe
O4 - HKLM\..\RunOnce: [atltv32.exe] C:\WINDOWS\atltv32.exe
O4 - HKLM\..\RunOnce: [javaux32.exe] C:\WINDOWS\javaux32.exe
O4 - HKLM\..\RunOnce: [iedy32.exe] C:\WINDOWS\iedy32.exe
O4 - HKLM\..\RunOnce: [crrw.exe] C:\WINDOWS\crrw.exe
O4 - HKLM\..\RunOnce: [iees.exe] C:\WINDOWS\iees.exe
O4 - HKLM\..\RunOnce: [ipea32.exe] C:\WINDOWS\ipea32.exe
O4 - HKLM\..\RunOnce: [addhp.exe] C:\WINDOWS\system32\addhp.exe
O4 - HKLM\..\RunOnce: [ipmv.exe] C:\WINDOWS\system32\ipmv.exe
O4 - HKLM\..\RunOnce: [ipuq32.exe] C:\WINDOWS\ipuq32.exe
O4 - HKLM\..\RunOnce: [apicl.exe] C:\WINDOWS\apicl.exe
O4 - HKLM\..\RunOnce: [ipil32.exe] C:\WINDOWS\system32\ipil32.exe
O4 - HKLM\..\RunOnce: [addnf.exe] C:\WINDOWS\addnf.exe
O4 - HKLM\..\RunOnce: [javaox.exe] C:\WINDOWS\javaox.exe
O4 - HKLM\..\RunOnce: [winmq.exe] C:\WINDOWS\system32\winmq.exe
O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
O4 - HKLM\..\RunOnce: [syszw32.exe] C:\WINDOWS\syszw32.exe
O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\system32\ntwo.exe
O4 - HKLM\..\RunOnce: [msxb.exe] C:\WINDOWS\system32\msxb.exe
O4 - HKLM\..\RunOnce: [javazh.exe] C:\WINDOWS\system32\javazh.exe
O4 - HKLM\..\RunOnce: [mfckp32.exe] C:\WINDOWS\mfckp32.exe
O4 - HKLM\..\RunOnce: [netfa.exe] C:\WINDOWS\system32\netfa.exe
O4 - HKLM\..\RunOnce: [ipas.exe] C:\WINDOWS\ipas.exe
O4 - HKLM\..\RunOnce: [mfcud.exe] C:\WINDOWS\mfcud.exe
O4 - HKLM\..\RunOnce: [addrd32.exe] C:\WINDOWS\addrd32.exe
O4 - HKLM\..\RunOnce: [atlyp.exe] C:\WINDOWS\system32\atlyp.exe
O4 - HKLM\..\RunOnce: [msne32.exe] C:\WINDOWS\msne32.exe
O4 - HKLM\..\RunOnce: [appcl.exe] C:\WINDOWS\system32\appcl.exe
O4 - HKLM\..\RunOnce: [atlvy.exe] C:\WINDOWS\system32\atlvy.exe
O4 - HKLM\..\RunOnce: [mses.exe] C:\WINDOWS\mses.exe
O4 - HKLM\..\RunOnce: [d3wa.exe] C:\WINDOWS\system32\d3wa.exe
O4 - HKLM\..\RunOnce: [d3sp.exe] C:\WINDOWS\system32\d3sp.exe
O4 - HKLM\..\RunOnce: [sysds32.exe] C:\WINDOWS\system32\sysds32.exe
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O4 - HKLM\..\RunOnce: [d3hn.exe] C:\WINDOWS\d3hn.exe
O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\Juno\qsacc\x1exec.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html
O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: GhostSurf Privacy Center (HKLM)
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center (HKLM)
O9 - Extra button: (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3E9C60-A568-4981-B5E7-82ABFBA30372}: NameServer =
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online