6 replies to this topic

[NYGiants81]

I need help with my computer. I'm trying to run AOL IM but it keeps on crashing on me. I have windowsXP. I did all I could do including running HijackThis, Adaware, and aboutbuster. Also ran symantec virus protection in addtition to checkdisk. When it does crash i get this information.

1. Mod: Kernel32.dll
2. Folder its located in is in
C:\doc~1\john~1\Locals~1\Temp\were7.tmp.dir00\appcompat.txt
3. When i run task manager aim.exe is using 33,632K of memory. Don't know if this is
alot for such a small program.

Any help is greatly appreciated because its driving me insane. Thanks

[CalamityJane]

appcompat.txt is the error report that Windows will generate on a application failure, indicating a compatibility error.

It is hard to tell what is causing the error - what version of AIM are you using and what is your OS? Did you just recently download AIM, or have you had it awhile? And are we talking about AIM the stand alone program for non-AOL users or the actual Instant Message feature within AOL ?

Perhaps you'd like to post your HijackThis log so we can get a better idea of what is running on your system.

[NYGiants81]

Thanks for the reply. Very timely. As for your questions;

1. I am using Aol IM version 5.5, the newest.
2. My OS is windowsXP home edition, on a dell 4500S
3. I did recently downloaded IM. I tried uninstalling and reinstalling the program but did
not solve the problem.
4. This will be the stand alone instant message program.

The following is the HijackThis Log
Logfile of HijackThis v1.97.7
Scan saved at 12:05:51 PM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Hijack This\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\John Barrios\Application Data\Mozilla\Profiles\default\yrfragbo.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\John Barrios\Application Data\Mozilla\Profiles\default\yrfragbo.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {E064B1BE-9CE1-12FD-649D-C3AF86045971} - C:\WINDOWS\system32\ntjw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab

Hope this helps. Any assistance is greatly appreciated

[CalamityJane]

Your log looks ok except for one item I can't identify (a Browser Helper Object)

Right click on this file and see if you recognize a program it belongs to under the properties and/or other tabs at the top.

O2 - BHO: (no name) - {E064B1BE-9CE1-12FD-649D-C3AF86045971} -
C:\WINDOWS\system32\ntjw.dll <--rightclick on this file to see what it belongs to

Let me know what that is please.

For your AIM problem, I never use the newest version as there are almost always bugs to be worked out. Try going back one version (or more) earlier and see if it works then

Here is a site that you can download all the older versions of AIM from

http://www.oldversio...ogram.php?n=aim

[NYGiants81]

Thank You. IM seems to be working. It seems to crash when certain people message me. I looked up that file:


O2 - BHO: (no name) - {E064B1BE-9CE1-12FD-649D-C3AF86045971} -
C:\WINDOWS\system32\ntjw.dll

This is what i got

Detailed information on item O2:

A BHO (Browser Helper Object) is a specially crafted program that integrates into IE, and has virtually unlimited access rights on your system. Though BHO's can be helpful (like the Google Toolbar), hijackers often use them for malicious purposes such as tracking you behavior, displaying popup ads etc.

Got that from Hijack. Couldn't find anything else using google.

[CalamityJane]

What I wanted you to do was navigate to the acutal file that is on your PC:

C:\WINDOWS\system32\ntjw.dll This file In the System32 folder.

Righclick (only) on it - do not left click. Then at the bottom of the menu that pops up choose *Properties* Then you will see one or more tabs at the top. Click on those tabs and see what information is listed. (You'll have to write it down)

Attached Files

•  FileProperties.gif   0bytes   4 downloads

[NYGiants81]

ok. Couldn't find the file ntjw.dll in the system32 folder because i ran HJT so i went into HJT and restored it. Couldn't find it still. I ran HJT and it appeared under netiz.dll in the WINDOWS folder.

This was the log before:

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\Felix Santiago\Application Data\Mozilla\Profiles\default\yrfragbo.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Felix Santiago\Application Data\Mozilla\Profiles\default\yrfragbo.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {E064B1BE-9CE1-12FD-649D-C3AF86045971} - C:\WINDOWS\system32\ntjw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

This is the log now after restoration of the file

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\Felix Santiago\Application Data\Mozilla\Profiles\default\yrfragbo.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Felix Santiago\Application Data\Mozilla\Profiles\default\yrfragbo.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {C8BCDBEF-C301-AF55-7F17-561668DBE389} - C:\WINDOWS\netiz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

Don't know whats up. The file doesn't have any information to it.