# [Resolved] Java Problems



## hill917top (Jun 25, 2002)

HI, HOPE YOU CAN HELP IN THIS MATTER: I FIRST GOT THE MESSAGE THAT JAVA WAS CORRUPTED AND/OR MISINSTALLED. I
WENT AND DID THE CLEAN OUT FILES, AND CACHE UNABLE TO LOAD GAMES ETC. I TRYED TO REACH AOL TECH. HELP AND I GET THIS MESSAGE: YOU WILL NEED TO ACTIVATE JAVA TECH. IN YOUR BROWSER TO USE NET AGENT-JAVA CUSTOMER CLIENT. I AM NOT VERY FAMILAR WITH THE TECH. END OF THE COMPUTER AND I DONT KNOW HOW TO RESOLVE THIS PROBLEM. PLEASE HELP ME. THANK YOU


----------



## brindle (Jun 14, 2002)

Is java enabled in internet options?


----------



## hill917top (Jun 25, 2002)

HI, IM STILL UNABLE TO LOAD POGO, AND SOME OTHER GAME SITES. I DID TRY TO ENABLE JAVA AS REGUESTED STILL NOTHING. I AM NOT FAMILAR WITH ALL THE TECH. TERMS OR WHAT SHOULD BE CHECKED OR NOT CHECKED TO ENABLE JAVA AND HAVE NO 
SITES BLOCKED, IT SEEMS THAT MAYBE SOME THINGS SHOULD BE CHECKED TO ALLOW ME ACCESS TO THE SITES AND DONT KNOW WHICH ONES.I ALSO SEE WHERE IT SAYS JAVA PLUG IN(NEEDS TO BE RESTARTED) I DO NOT KNOW WHAT THAT MEANS OR WHAT I MUST DO TO ENABLE IT. COULD SOMEONE PLEASE HELP ME WITH THIS PROBLEM. THANK YOU


----------



## pvc9 (Jul 7, 2002)

Download and install the Java VM from this link and see if that helps -

http://java.sun.com/getjava/download1.html

Btw, please type in lower case as it's easier to read that way!


----------



## hill917top (Jun 25, 2002)

Hi sorry about the caps, I thought it would be easier. I went to site Java Download and this came up: Congraulations, you have the current version of Java software for access to all the best the web has to offer. I really dont know what to do about this problem!Maybe my settings are wrong, could you help me there?I am able to get on Tothegames.com and answer email with sound. but on some sites i do not see the Java logo and takes so long on some. I am not too familiar with technology but can follow step by step instructions. Also I thank you so much for trying to help me with this matter. Ruth


----------



## pvc9 (Jul 7, 2002)

Ok! Try this -

Open Internet Explorer, click on Tools, then Internet Options, click on the Advanced tab. Scroll down till you see Java VM and select/check the 3 items -
Java console enabled, 
Java logging enabled, 
JIT compiler for virtual machine enabled, click on Apply and Ok. 

Close and re-open Internet Explorer, see if this solves the problem...if it doesn't then check these settings too -

Open Internet Explorer, click on Tools, then Internet Options, click on the Securtiy tab, select Internet and click on Custom Level. Scroll down till the setting Java...select the option Low safety, click on Ok, then Apply and Ok.

Close and re-open the browser...HTH!


----------



## hill917top (Jun 25, 2002)

Pvc9 Hi, recieved your reply i tryed all you said to do, may i ask when you say CLOSE AND REOPEN INT. EXP.or REOPEN BROWSER
do i just close window then go back on aol? i set the settings as you said i am unable to load still., also the message for AOL help I
still get the message that i must activate java tech, to use net agent. when i went to the 3 items in Java it states next to it(reqires restart) near Java con. enabled, Java logging,Jit comp...for virtual machine. what do i do? Thank you again for your help and time. Ruth


----------



## Rollin' Rog (Dec 9, 2000)

I'm not sure if this is really a Java problem, or something else.

Can you go to this site and see if it loads the Java applet there? You will see a wavy text display if it does:

http://www.bodo.com/javame.htm

By the way, if you are using IE as your browser and have downloaded Sun Java, as indicated above, you should also see a separate check box for "use Sun Java" in Internet Options > Advanced. If that is not checked you may still be trying to load a damaged or non existent Microsoft Virtual Machine (Java stuff).

And yes, after checking that box you have to restart the computer.

Also, though I'm unaware of it, it is remotely possible AOL does not support Suns Java and you may need Virtual Machine.

That is available through Windows Update, or you can get it here as well:

http://www2.whidbey.com/djdenham/VM.htm


----------



## flavallee (May 12, 2002)

Hill917Top:

If it comes down to you having to remove Microsoft Virtual Machine from your computer, it can be done easily and safely.:up: The instructions for doing it are posted on my website.

I see that you're using AOL.

Frank's Windows 95/98 Tips


----------



## hill917top (Jun 25, 2002)

Thank you Flavallee and Rollin'Rog, on your help, i will try your suggestions and get back. Thank you for your knowledge and your time. Ruth


----------



## hill917top (Jun 25, 2002)

Hi, im back again,I will try and lay out the whole thing from my end. I first tryed all that i can to correctly adjust my java, when i tryed to update it this message comes on..congraulations you have the current version of java software for access to all the best the web has to offer...when i try to get help from AOL this message comes up.. you will need to activate Java Technology in your Browser to use net agent-Java customer client. when i try to load from pogo this message comes on.. java corrupted or misinstalled...I went to internet options this is listed next to the java list..Java console enabled(requires restart)
use Java 2x1.4.1-02 for (applet) requires restart. I do not know what else to do or if the settings are checked or not suppose to be or not. I got instructions from one of the game sites with instructions but it seems something is wrong that i am overlooking. what is a firewall? do i need it how do i know if i have one or not? All i want is to enjoy the games and answer emails, but i am encounting all these problems and cant get back on track! Could someone please help me??? Thank you for your time on this matter. Ruth


----------



## bandit429 (Feb 12, 2002)

Ruth did you run the Java test that Rollin Rog posted the link to above?



> Can you go to this site and see if it loads the Java applet there? You will see a wavy text display if it does:


http://www.bodo.com/javame.htm


----------



## bandit429 (Feb 12, 2002)

A pm from hill917top



> Hi Bandit, Thank you for your response, i tryed going to that site and it has a bunch of instructions and i do not understand it, could you check it out and let me know which one i should click into, i would appreciate it. Thanks, Ruth


 You can click the link below,,,,, scroll down near the bottom of the page and you should see a wavy line that is moving,,,do you see that? Sometimes it takes a minute to load.

http://www.bodo.com/javame.htm


----------



## hill917top (Jun 25, 2002)

Bandit, i did go to the site, it says if i cant read this or if i can read this, there is no wavery line and when i go to load internet it goes to a page that says its not available and to chose a subject to view. I do not see what your saying i did wait for it to load and nothing, how can i show you what i see?? can i paste and send you it?? thanks Ruth


----------



## bandit429 (Feb 12, 2002)

The link goes directly to the site where the wavy moving line is,,,all you have to do is scroll to the bottom of the page and wait for it to load, You do not have to click anywhere,,,If you did not see it at the bottom of the page then you have a java problem of some type. I will edit this post in the morning to give you time to double check. I will provide some links and more information.

Edit: go to add/remove programs and uninstall sun java,,then restart,,,,,,go to the site that Pvc9 provided above and reinstall it then give it a go.

Rollin Rog, Aol and Sun are compatible, my mother uses them both at pogo.


----------



## hill917top (Jun 25, 2002)

Bandit you are a gem, which do i remove it has these listed:

Java2Runtime sev1.4.1-01
Java2Runtime sev1.4.1-02
Java web start
which one do i remove? thanks again, Ruth


----------



## Rollin' Rog (Dec 9, 2000)

They are all associated with Sun Java so you should remove all. Everything necessary should be included in the reinstall. If you get a prompt during the reinstall to make Sun your default java program, accept it.


----------



## hill917top (Jun 25, 2002)

Good Morning again, i uninstalled and reinstalled Java nothing seems to be any different im still getting error message that Java is corrupted or misinstalled.i got a message that failed due to an internal error! where do i go now?? im really at wits end,please guide me to other problem solvers to try.how do i start from the begining to solve this problem? Thank You for your help. Ruth


----------



## Rollin' Rog (Dec 9, 2000)

I don't think we've really established whether this is a java problem or an AOL one.

You don't have to do anything on this page, just verify whether you see an animated wavy text display saying you are fully java enabled. And above that static white text saying Yes! If you can read this you are javascript enabled:

http://www.bodo.com/javame.htm

We may need to see a post of the ScanLog from HijackThis to determine if there are any software conflicts possibly causing this:

http://www.tomcoyote.org/hjt/

Finally, let's see if we can get Microsoft's Java (Virtual Machine) to work for you.

Download the msjavawu.exe file from the site below to a convenient folder on your hard drive. Run the setup and reboot.

http://www2.whidbey.com/djdenham/VM.htm

Go to Internet Options Advanced and UNcheck use Sun Java, if that is checked. Then go to Security > Custom Level and make sure Microsoft VM (Virtual Machine) Permissions is Enabled with a check of High or Medium Safety. If it doesn't work on High, try Medium


----------



## hill917top (Jun 25, 2002)

Logfile of HijackThis v1.94.0
Scan saved at 1:29:28 PM, on 5/27/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by America Online
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBHOSTIE.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBHOSTIE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBINST.EXE /Upgrade
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1269/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37754.8434490741
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net


----------



## Rollin' Rog (Dec 9, 2000)

Well you do indeed have quite a load of ad and spyware there. This is going to take time, so have patience. I don't know whether it is a factor in the java problem but we need to get it out of the picture.

Check and "fix" the following items using HijackThis:

O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBINST.EXE /Upgrade

O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs...rams/hotbar.cab

Go to the site below and download Spybot, install and update it following directions, by clicking on the Online tab, then Search for Updates and Download updates.

http://tomcoyote.org/SPYBOT/

Close out IE and run it. Have it fix all problems it finds and reboot. You may need to run it a second time.

Then post another copy of the ScanLog.

I still think you will probably need to install Microsoft VM, but let's complete the above first.

I also see you have Norton Internet Security, and we may have to look into whether that is a factor. See the link below:

http://service1.symantec.com/SUPPOR...b546aaa363ae25be85256936007de6f1?OpenDocument


----------



## hill917top (Jun 25, 2002)

StartupList report, 5/27/2003, 2:20:08 PM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBINST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOLTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\SHELLMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Nisum = C:\Program Files\Norton Internet Security\NISUM.EXE
ccPxySvc = C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 27/5/2003, 1:48:36)

[rename]
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\FONTS\LUCIDA~1.TTF
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\FONTS\
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\EXT\SUNJCE~1.JAR
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\EXT\LDAPSEC.JAR
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\EXT\DNSNS.JAR
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\EXT\
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\SUNRSA~1.JAR
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\RT.JAR
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\JSSE.JAR
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\JCE.JAR
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\JAWS.JAR
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\LIB\
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\CLIENT\JVM.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\CLIENT\
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\ZIP.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\VERIFY.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\NET.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\JPISHARE.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\JPIEXP32.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\JPICOM32.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\JAVA.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\HPI.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\FONTMA~1.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\DCPR.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\AWT.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\NPJPI1~1.DLL
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\BIN\
NUL=C:\PROGRA~1\JAVA\J2RE14~2.1_0\

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
Hotbar - C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBHOSTIE.DLL - {B195B3B3-8A05-11D3-97A4-0004ACA6948E}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Skilljam Game Player Object]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SSP.OCX
CODEBASE = http://skill.skilljam.com/ssp/SSP.cab

[Brix6ie Control]
InProcServer32 = C:\WINDOWS\BRIX6IE.OCX
CODEBASE = http://a19.g.akamai.net/7/19/7125/1269/ftp.coupons.com/v6/brix6ie.cab

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGCC.OCX
CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

[Sol Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SOL.OCX
CODEBASE = http://mirror.worldwinner.com/games/v41/sol/sol.cab

[{0335A685-ED24-4F7B-A08E-3BD15D84E668}]
CODEBASE = http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab

[dldisplay Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\GHDLCTL.DLL
CODEBASE = http://www.gamehouse.com/ghdlctl.cab

[FreeCell Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FREECELL.OCX
CODEBASE = http://mirror.worldwinner.com/games/v40/freecell/freecell.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37754.8434490741

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 8,606 bytes
Report generated in 0.264 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## christopher5 (May 17, 2003)

Just a note.........my antivirus prog from Trendcillin played havoc with Java...it used to use 70Mb of my RAM and take ages to load any downloads with Java. I uninstalled Trend and got a new antivirus prog and everything since has been hunky dory. Chris


----------



## hill917top (Jun 25, 2002)

Chris, Thanks very much for your input on my java problem. I will keep it in mind. Ruth


----------



## Rollin' Rog (Dec 9, 2000)

You still have the entries we want to get rid of. Did you install, update and run Spybot? That must be done one way or another. Post the ScanLog (not the "startuplist) once you have run Spybot, had it clean the selected entries and rebooted.

Also did you check out the Norton Article? I do believe that will turn out to be your Java problem.


----------



## hill917top (Jun 25, 2002)

Rollin, i got up to downloading Spybot, but in the instructions where it says setting page should appear i dont get the page,or to download updates, im stuck here what do i do now???? or do i find the ONLINE button.


----------



## bandit429 (Feb 12, 2002)

Click the button that says search for updates,,,,Then again at the top middle search for updates,,,,,Then check the boxes in the window that apply,,(Whci should be all updates) And click download updates,,,,,,look carefully because some may say that this update must be downloaded seperately.
Read the instructions carefully but don't be afraid of it. 

If you get as far as "fix selected problems" than fix only those that are prechecked.


----------



## Rollin' Rog (Dec 9, 2000)

Does yours look like the attached file in Alanons post?

http://forums.techguy.org/showthread.php?postid=884801#post884801

I don't know why people are getting that, unless they selected "easy mode" during the install process.

For now just click the Update tab and follow any logical process from there.


----------



## hill917top (Jun 25, 2002)

Hi Rollin, i got thru doing the hijack the spybot and destroy, please tell me how do i get to NIS to fix the java you said might be the problem. please guide me thru it. I thank you for your help, someday i will get puter smarts, but until then I need help from great guys like you and the rest who are taking the time to help.Thank you Ruth


----------



## Rollin' Rog (Dec 9, 2000)

Ruth, I'm not personally familiar with Norton Internet Security, so we are both going to have to work from a couple of help links on the Symantec site.

Here is one that shows you how to get to the section where you modify custom security settings:



> 1. Open your Symantec desktop Internet security or firewall product.
> 2. Click Security.
> 3. Click Custom Level. The "Customize Security Settings" window appears.


Now, once there, you must make the changes in two separate stages:

First:

>> Set ActiveX Control Security to "High:Block ActiveX Controls."
>> Set Java Applet Security to "None: Allow Java Applets."
>> Click OK. The Customize Security Settings windows closes.

Second:

>> Click Custom Level. The Customize Security Settings window opens again.
>> Set ActiveX Control Security to "None: Allow ActiveX Controls."

>> Click OK. The Customize Security Settings windows closes.

I have basically just re arranged the instructions from this page:

http://service1.symantec.com/SUPPOR...b546aaa363ae25be85256936007de6f1?OpenDocument

=======

And please give us another copy/paste of the ScanLog (not the StartupList) so we can ensure all has been removed that needs to be.


----------



## hill917top (Jun 25, 2002)

Hi Rollin, i've been busy trying to get this computer back in order. I do need a little more help from you. How do I bring up my Customized Security Settings? to adjust them, and how do I get you a copy of my scan log?these are very confusing to me and im not able to move on. I hope you can help me in this matter. Thank you Ruth


----------



## Rollin' Rog (Dec 9, 2000)

The ScanLog is the same as you posted from HijackThis on the first page of this thread. You just have to make a new one.

Do you have an icon for Norton Internet Security in the System Tray? The System Tray includes those icons you see next to the clock display on the taskbar.

Hold your mouse over the different icons for a few seconds, if in doubt -- you should see an indication of the program they are associated with it. If you find one for Norton Internet Security, either double click on it or right click on it and select Open. That should bring up a menu with the desired option

If nothing there, there should atleast be a shortcut to the program on your Start Menu Programs directory.


----------



## hill917top (Jun 25, 2002)

hi Rollin, i'm still around and with my problems. I tryed to go to systems restore but for some reason it stays on todays date and will not change to set a date in which computer ran well.i tryed to get information but nothing says anything about it.could you give me some help so maybe that will help me since nothing else has. 
Thank you, Ruth


----------



## Rollin' Rog (Dec 9, 2000)

Ruth, you really don't want to do a System Restore after running Spybot as it will likely just replace files and registry entries that were removed.

We need to take up where we left off and make sure your system is clean of bad programs. Are you having problems following my last directions?

Please give me a post of the HijackThis Scanlog again, following directions here:

http://www.tomcoyote.org/hjt/

And were you able to open the Norton Internet Security program by finding and double clicking an icon on the taskbar, or by opening from the Start Menu, and make the changes indicated?

Please be specific about any problem in folowing directions.


----------



## hill917top (Jun 25, 2002)

Logfile of HijackThis v1.94.0
Scan saved at 1:15:53 PM, on 5/27/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by America Online
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBHOSTIE.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBHOSTIE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBINST.EXE /Upgrade
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1269/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37754.8434490741
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

rollin i hope i got it right, Ruth


----------



## Rollin' Rog (Dec 9, 2000)

Yes, that's what I wanted to see. But gosh, Ruth, you still have all the old culprits there.

Has anyone else been using the computer? You have even more bad files there than before!

I'm not sure if you are following through on directions properly. Please check the following entries in the Scanlog after you run it, don't miss any. After checking them, click "Fix Selected". Then Reboot and run Spybot again. Click the "check for problems" tab. Once Spybot completes its scan, click "fix selected problems". Then reboot again and provide another copy of a fresh Scanlog.

If you have not previously updated Spybot before running it, please do so: click the Online tab, then 'search for updates', and 'download updates'.

Here are the entries to check and fix with the Scanlog:

*O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBHOSTIE.DLL

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBHOSTIE.DLL

O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.2.11.0\HBINST.EXE /Upgrade

O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs...rams/hotbar.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab

O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/...IL/PhPSetup.cab

O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab

O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games...ll/freecell.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net*

Also please let me know how you did on opening Norton Internet Security and following the directions given for that.


----------



## hill917top (Jun 25, 2002)

StartupList report, 5/30/2003, 5:11:15 PM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\TD_0013.DIR\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\TD_0013.DIR\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Nisum = C:\Program Files\Norton Internet Security\NISUM.EXE
ccPxySvc = C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 29/5/2003, 16:57:28)

[Rename]
C:\WINDOWS\powerpnt.ini=C:\_RESTORE\EXTRACT\powerpnt.ini
C:\WINDOWS\wavemix.ini=C:\_RESTORE\EXTRACT\wavemix.ini
C:\WINDOWS\tasks\desktop.ini=C:\_RESTORE\EXTRACT\desktop.ini
C:\WINDOWS\win.ini=C:\_RESTORE\EXTRACT\win.ini
C:\WINDOWS\system.ini=C:\_RESTORE\EXTRACT\system.ini
C:\WINDOWS\Profiles\hill917top\USER.DAT=C:\_RESTORE\EXTRACT\hill917top
C:\WINDOWS\USER.DAT=C:\_RESTORE\EXTRACT\USER.DAT
C:\WINDOWS\SYSTEM.DAT=C:\_RESTORE\EXTRACT\SYSTEM.DAT
C:\WINDOWS\CLASSES.DAT=C:\_RESTORE\EXTRACT\CLASSES.DAT

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Skilljam Game Player Object]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SSP.OCX
CODEBASE = http://skill.skilljam.com/ssp/SSP.cab

[Brix6ie Control]
InProcServer32 = C:\WINDOWS\BRIX6IE.OCX
CODEBASE = http://a19.g.akamai.net/7/19/7125/1269/ftp.coupons.com/v6/brix6ie.cab

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGCC.OCX
CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37754.8434490741

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 6,742 bytes
Report generated in 0.083 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## hill917top (Jun 25, 2002)

Rollin, i have tryed everything to bring up CUSTOMIZE SECURITY SETTINGS,when i go to NIS i click security all that comes up is 2
headings, 1- says Turn Off 1-says Check Security no C.S.S. I LOOKED IN ALL nothing brings up C.S.S.:Thanks Ruth


----------



## Rollin' Rog (Dec 9, 2000)

Ok, we're making progress on the Spyware at least; nothing came back.

Maybe you have a different version of NIS than the one covered in the article. Could you click the 'check Security' tab and see what is there? If there are options to configure how it deals with Java applets and ActiveX controls, set them to the minimum possible -- that is, "none: allow" or the equivalent. You may have to do it in the order described in the previous post.

If you can't find anything like that, just Turn off NIS and see if you continue to have the problem.

One more thing: would you do a File Search for *SHELLMON.EXE*

It should be in C:\PROGRAM FILES\AMERICA ONLINE 8.0A

Right click on it and select "Properties". Click the "version" tab.

Does it say this file is copyright by AOL?

I cannot find anything on it, and that is very strange!

By the way, you should save your copy of HijackThis.exe to a convenient folder where you can find and run it in the future. right now it is in a temporary directory. You will lose it there.


----------



## hill917top (Jun 25, 2002)

hi rollin, i went to NIS i could only shut it off, however upon testing the sites i could not get on, i still cant.also it still says java corrupted or misinstalled. rollin,on SHELLMON.EXE this is what i found: size 33kb motified 3/27/03 nor could i find if its copyright by AOL but it did say aol in its discripition. do you still think i should not restore computer to an earlier date? Thank you Ruth


----------



## Rollin' Rog (Dec 9, 2000)

No don't try doing a system restore, I think you managed to do that before and it just restored all those files we removed. The system is clean now, except possibly for shellmon.exe

I'm really not convinced that is an AOL file, what did it say exactly in the description?

Here's what I want you to do, since you currently have installed Sun Java, let's try doing an install of Microsoft Virtual machine.

Go to the site below and download the install file, msjavwau.exe there to a convenient folder. Run the setup and reboot.

http://www2.whidbey.com/djdenham/VM.htm

Then go to Internet Options > Advanced. Sun Java should be checked there. UNcheck it.

Go to Security > Custom Level. Make sure Microsoft VM is enabled at Medium Safety.

Once again, go to this site and tell me if you see an animated wavy line that says Java applets are fully enabled:

http://www.bodo.com/javame.htm


----------



## hill917top (Jun 25, 2002)

hi rollin, im not sure if i have the right SHELLMON.EXE file information. i really had a hard time getting the information you requested, i really got so confused that i lost track of what i was doing LOL sorry i really tryed, also i did get the waverly line.
thank you Ruth


----------



## Rollin' Rog (Dec 9, 2000)

If you got the wavy line then your java is installed and running properly!

Did you install the Microsoft VM and make sure it was enabled before you went there? I need to know which version of Java you were using, Suns, or Microsofts? Microsofts is enabled through Internet Options > Security > Custom Level > Microsoft VM (Virtual Machine).

It should be set to "medium safety"

If Microsofts, and you are still having trouble on the other site, try this:

Go to Internet Options > Advanced and UNcheck *JIT Compiler for Virtual Machine*. You will need to reboot afterwards.

I am following the MS suggestion here, for situations where you cannot view Java on just one site:

http://support.microsoft.com/defaul...port/kb/articles/Q168/8/06.ASP&NoWebContent=1

=========

To get the Shellmon.exe info, just do a File Search for it. When you find it, right click on it and select "Properties". There will be various tabs, one should have the reference to AOL. I'd like to know exactly what it says. If there is no reference, then I think we want to keep that file from starting up. Although If you have been in touch with AOL Tech Support, you might want to ask them if they have any knowledge of the file.


----------



## hill917top (Jun 25, 2002)

Rollin, I dont know if you got my PM, but I want to make sure you know how much I appreciate all you did to get my computer back in running order.You were patient as well as knowledgeable in helping a computer idiot. I am able to load pogo, get the AOL tech help on line again, it took a while but I am so grateful to you, I am going to make a donation on your behalf in helping keeping something positive to continue. Thank You again Rollin, a Friend forever Ruth.

PS I hope I have no other trouble, but I know I will be back,till then.......


----------



## Rollin' Rog (Dec 9, 2000)

I must have missed the PM (I'll look now).

But I couldn't be more pleased. I was just afraid I was going to wear out your patience in attacking the problem systematically 

You are most welcome.

By the way, it occurs to me that at one point I suggested you turn off Norton Internet Security for test purposes. If it is still turned off, you shoud re-enable it and make sure that the problem does not return after doing so.


----------



## hill917top (Jun 25, 2002)

Hi Rollin, Thank you for answering,I was only afraid that I would get so aggravated that I would click ANYTHING (right or wrong) so I could fix the problems. and then give myself more headaches.The
question about the SHELLMON.EXE FILE i will find out and let you know ok? Again i thank you, Ruth


----------

