re: System freezes then reboots while surfind
Sunday, September 12, 2004 at 2:38 pm
Windows 98 Annoyances Discussion Forum
Posted by Broni
(1423 messages posted)
I'll go item, by item, not by importance. It's easier for me, and it's easier for
you to find it in your log.
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Power Management is a faulty feature in Win 98, so it's not recommended to use it.
There are TWO indetical "LoadPowerProfile" entries in "msconfig/startup". Uncheck
them both.
O4 - HKLM\..\Run: [WWDS] C:\WINDOWS\SYSTEM\RAS\update.exe
I'm not sure about this one. Locate "update.exe" file on your computer, right click
on it, then go "Preferences". See, what it says. Hopefully, it's M$ update file.
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
Not needed at startup (means, should be unchecked in "msonfig/startup"). CD recording
utility that comes with a lot of CDR/CDRW drives and isn't required
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
MS Windows Critical Update Notification. I don't like things lurking through my computer,
without my knowledge. Some M$ updates are not needed, some are faulty, so you rather
go to Windows Update site, and pick by yourself what you want to install.
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
Your choice. Stimon.exe enables a USB still-image device (such as a scanner) to initiate
data transfer to a program. For example, if your scanning device has a scan button,
it may start a program and begin scanning when you press it. Create a shortcut and
start it manually when needed if your scanner otherwise fails to scan. May be required
for your USB scanner to work - including all HP scanners and some of their SCSI scanners
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq,
HP, etc) systems for their modems included on the motherboard or as a separate card.
Once you've set the modem up to the chosen country it's not required in startup.
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
You have to investigate on this one a little. Multiple choices:
These descriptions I've come across - all valid as far as I can see :-
(1) Program installed with some modems that monitors the COM ports for the modem
driver. Not required from what I've read - may need a registry edit to get rid of
it
(2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see HERE
for more info
(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't
know who they are though - Ed)
Note: If using AOL and you disable this you may lose your connection or lock up
(4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under
Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause
parallel port conflicts big time dragging system resources way down when a conflict
exists
(5) Allows audio monitoring of modem phone dialling tones and can be useful if you
have connection problems
(6) Karen Kenworthy's Snooper - "logs the start and stop time of all programs run
under Windows"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is
only needed if you have regular scheduled disk defragmenting, ScanDisk, etc.
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\WORLDWIDE
DIAL SERVICE\WWDS\INSIGHT\ARUpld32.exe"
-l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\WORLDWIDE DIAL
SERVICE\WWDS\INSIGHT\ARMon32a.exe"
and now I just found out about:
O4 - HKLM\..\Run: [WWDS] C:\WINDOWS\SYSTEM\RAS\update.exe
all belong to a same AdRoar adware. Fix them all.
The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe)
does not show up in the startup process. If you have this file, you can execute it
and remove all the monitoring activities it does. Removing all the checks in all
the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up.
You can block it from sending info if you have Zone Alarm installed. Renaming the
extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded
when launching the dial up client. Written by IP Insight and also included with Earthlink
Total Access 2003
O4 - Startup: Proxy.lnk = C:\Program Files\AnalogX\Proxy\O4 - Startup: Proxy.lnk
= C:\Program Files\AnalogX\Proxy\proxy.exe
I don't like this entry. Go to that directory, right click on "proxy.exe", then "Properties",
and see what it says.
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
A calendar/alarm program that installs with Brøderbund Printmaster. Not needed at
startup, unless you use it all the time.
O16 - DPF: Tarantella 3.x Combined Java Archive - https://tta0104.uscc.us-tx.citicorp.com/tarantella/java/ttaA-du.cab
If you know this site, it's OK, if you don't, fix it.
*********************************
=========================>>
Smartercomputing
On Sunday, September 12, 2004 at 2:29 pm, Sparky wrote:
>Finally,
>
>Logfile of HijackThis v1.98.2
>Scan saved at 4:18:48 PM, on 9/12/04
>Platform: Windows 98 SE (Win9x 4.10.2222A)
>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
>Running processes:
>C:\WINDOWS\SYSTEM\KERNEL32.DLL
>C:\WINDOWS\SYSTEM\MSGSRV32.EXE
>C:\WINDOWS\SYSTEM\SPOOL32.EXE
>C:\WINDOWS\SYSTEM\MPREXE.EXE
>C:\PROGRAM FILES\ATGUARD\IAMSERV.EXE
>C:\WINDOWS\SYSTEM\MSTASK.EXE
>C:\PROGRAM FILES\ATGUARD\IAMAPP.EXE
>C:\PROGRAM FILES\WORLDWIDE DIAL SERVICE\WWDS\INSIGHT\ARUPLD32.EXE
>C:\PROGRAM FILES\WORLDWIDE DIAL SERVICE\WWDS\INSIGHT\ARMON32A.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
>C:\WINDOWS\SYSTEM\mmtask.tsk
>C:\WINDOWS\EXPLORER.EXE
>C:\WINDOWS\TASKMON.EXE
>C:\WINDOWS\SYSTEM\SYSTRAY.EXE
>C:\WINDOWS\SYSTEM\HPZTSB03.EXE
>C:\WINDOWS\SYSTEM\RAS\UPDATE.EXE
>C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
>C:\WINDOWS\SYSTEM\STIMON.EXE
>C:\WINDOWS\ptsnoop.exe
>C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE
>C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
>C:\PROGRAM FILES\NETSCAPE7\NETSCAPE 7\NETSCP.EXE
>C:\PROGRAM FILES\ANALOGX\PROXY\PROXY.EXE
>C:\WINDOWS\SYSTEM\WMIEXE.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
>C:\WINDOWS\SYSTEM\DDHELP.EXE
>C:\PROGRAM FILES\MIRC\MIRC.EXE
>C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
>C:\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS.EXE
>
>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer
>= http=127.0.0.1:6711
>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride
>= 127.0.0.1
>N1 - Netscape 4: user_pref("browser.startup.homepage", "C:\\Program Files\\Netscape\\Users\\Tim\\bookmark.htm");
>(C:\Program Files\Netscape\Users\tim\prefs.js)
>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
>O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
>O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
>O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
>O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
>O4 - HKLM\..\Run: [WWDS] C:\WINDOWS\SYSTEM\RAS\update.exe
>O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
>O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
>O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
>O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
>O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
>O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
>O4 - HKLM\..\Run: [MBM 5] "C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE"
>O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
>O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\WORLDWIDE DIAL SERVICE\WWDS\INSIGHT\ARUpld32.exe"
>-l
>O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\WORLDWIDE DIAL
>SERVICE\WWDS\INSIGHT\ARMon32a.exe"
>O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee
>VirusScan\AVSYNMGR.EXE
>O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER
>FREE EDITION\PSFREE.EXE"
>O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape7\Netscape 7\Netscp.exe"
>-turbo
>O4 - Startup: Proxy.lnk = C:\Program Files\AnalogX\Proxy\proxy.exe
>O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
>O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
>Files\Net2Phone\Net2fone.exe
>O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F}
-
>C:\Program Files\Net2Phone\Net2fone.exe
>O16 - DPF: Tarantella 3.x Combined Java Archive - https://tta0104.uscc.us-tx.citicorp.com/tarantella/java/ttaA-du.cab
>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
>O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
>O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sbcglobal.net
>
>
>
>
>
|
All messages in this thread [show all]
 |  | | | | | |  | re: System freezes then reboots while surfind (Broni: Sun, Sep 12, 2004, 2:38 pm) |
| |
| |
| |
Return to the Windows 98 Discussion Forum
|
|
