System 32 Folder Appears Upon Startup | Page 2

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
System 32 Folder Appears Upon Startup
Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
16
September 29, 2009 - 1:23 pm
sp_Permalink sp_Print

Hi Jim, I got it downloaded. Figured I might as well do it now since it will be a good chance for me to learn something. I had no idea when I deleted it off before that it was something that I could use all the time. Thought it was just for that one problem whatever that was at the time. You wouldn't believe some (I should say a lot of) the silly things I do. But every once in a while I do something smart and it just blows my my mind and makes me feel so smart. LOL I can't let those smart things get around though because I have a reputation to uphold. LOL It is part of my charm. LOL

Now then since I was smart enough to get this downloaded with no problem and got the screenshot saved. How do I get it to you? Do I send it as an attachment? I can't figure out a way to copy it and send it since it doesn't give me that option. Also it saved as a Bitmap Image. So I also saved it as a JPEG. Which way should I send it to you?

Thanks a bunch,
Shirley

Avatar
Jim Hillier
Admin
Forum Posts: 2549
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
17
September 29, 2009 - 5:15 pm
sp_Permalink sp_Print

Hey Shirley - Well done you!!!!!!

Bitmap or JPEG?? I'm trying to remember which format creates the larger file....it won't come to the front of my (sometimes) dim brain. Please check the file size for each and use the smallest one.

Here are the instructions for adding to a post:

1) Click on the [b:1erhuzet]Upload attachment[/b:1erhuzet] link
2) Use the [b:1erhuzet]Browse[/b:1erhuzet] button to navigate to the file, highlight the file and click [b:1erhuzet]Open[/b:1erhuzet].
3) You will now see the location of the file in the Filename window. Click on [b:1erhuzet]Add the file[/b:1erhuzet]. (this process will take a few seconds)
4) Make sure your mouse cursor is at the spot within the post where you want to position the screenshot and then click on [b:1erhuzet]Place inline[/b:1erhuzet].

and voila!!! [attachment=0:1erhuzet]blow kiss.gif[/attachment:1erhuzet]

The file will appear just as text in the initial pane where you compose your post but will display as an image once you hit the [b:1erhuzet]Submit[/b:1erhuzet] button and your message is posted.

cheers.....JIM

Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
18
September 29, 2009 - 8:56 pm
sp_Permalink sp_Print

Jim, It looks like I am doing something wrong because I have a message here that says The extension bmp is not allowed.

Also I don't see anything that says Place Inline.

Shirley

Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
19
September 29, 2009 - 9:01 pm
sp_Permalink sp_Print

[attachment=0:p68bu5h6]Registry Editor Screen Capture.JPG[/attachment:p68bu5h6]

I tried with the JPG and it looks like it's gonna go. This time I see Place inline and clicked on it.

Avatar
Jim Hillier
Admin
Forum Posts: 2549
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
20
September 30, 2009 - 7:34 am
sp_Permalink sp_Print

Well done Shirely, but that is just one of two screenshots I need. I need one from this location: [b:3g0r1az7]HKEY_LOCAL_MACHINE[/b:3g0r1az7]SOFTWAREMicrosoftWindowsCurrentVersionRun
and one for this location also: [b:3g0r1az7]HKEY_CURRENT_USER[/b:3g0r1az7]SoftwareMicrosoftWindowsCurrent VersionRun

Shirley, it is apparent from what I have already seen that your computer is most likely heavily infected with malware. I see you have used or are using 'Incredimail' which is not a very nice nor reputable product. I also see that 'MyWebSearch' is mentioned, this is a known nasty.

So, I think the best place for us to start is with a darn good clean up. Uninstall Incredimail (via StartControl PanelAdd or Remove) then download and install Malwarebytes Anti-Malware from here: http://www.malwarebytes.org/mbam.php
Click on the blue button which says.."Download free version".

Richard knows how to use this one because I recommended it to him some time back to help with his machine. Open MBAM and click on the [b:3g0r1az7]Update[/b:3g0r1az7] tab, once the program is up to date, click on the [b:3g0r1az7]Scanner[/b:3g0r1az7] tab and run a full/complete scan.

Do the same thing with SuperAntiSpyware, you can get that from here: http://www.superantispyware.co.....nload.html
Click on the Download link under 'SuperAntiSpyware Free Edition'.

Delete whatever those two scanner/removers find.

Shirley, if either of those products identifies multiple malicious items, it may be best for you to seek assistance from someone in your local area. I am not trying to fob you off mate, but attempting to clean up an infected machine without hands on access is nigh on impossible....we could go back and forth for days on end and still not be certain of a result.

Let me know how you get on with the scans.

cheers now....JIM.

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
21
September 30, 2009 - 8:42 am
sp_Permalink sp_Print

Just my 2 cents -- Weatherbug is also known to cause system stability issues.

Other than that, I have nothing to add that Jim hasn't already mentioned.

Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
22
September 30, 2009 - 2:02 pm
sp_Permalink sp_Print

[attachment=0:3qpq1nuj]Horizon33_30-9-2009_45-11-12.jpg[/attachment:3qpq1nuj]

Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
23
September 30, 2009 - 2:09 pm
sp_Permalink sp_Print

I hope this time I did the screen shot better. This morning I kept thinking about it being so small and taking a screen shot of the desktop too and figured I must have done something wrong so tried again and figured it out.

Thanks to both of you for your suggestions. Today I will work on them. I will let you know the results.

Shirley

Avatar
Jim Hillier
Admin
Forum Posts: 2549
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
24
September 30, 2009 - 6:52 pm
sp_Permalink sp_Print

Hey Shirley - The images (screenshots you posted) are small but if you left click on them you will see an expanded version which is very easy to read........LOL

I think we may have identified the culprit....there is a registry entry in the second screenshot which has no value; i.e. [b:74ecrcsa]cat - Reg_SZ[/b:74ecrcsa] I'm pretty sure that is the little beggar which is causing this issue.

Can you please go back into [b:74ecrcsa]msconfig[/b:74ecrcsa], click on the [b:74ecrcsa]Startup[/b:74ecrcsa] tab and see if there is anything relating to that registry key. Actually, while you are at it...t'would be better still if you posted a screenshot of the full startup listing in msconfig for me please.

There doesn't seem to be anything malicious in the second screenshot so at least that is some better news.

cheers mate....JIM

Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
25
September 30, 2009 - 9:24 pm
sp_Permalink sp_Print

[attachment=0:2or3ilx7]Horizon33_30-9-2009_40-20-20.jpg[/attachment:2or3ilx7]

Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
26
September 30, 2009 - 9:38 pm
sp_Permalink sp_Print

[attachment=0:35bjwbde]Horizon33_30-9-2009_4-27-20.jpg[/attachment:35bjwbde]

Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
27
September 30, 2009 - 9:52 pm
sp_Permalink sp_Print

[attachment=0:1i4epmpj]Horizon33_30-9-2009_31-45-20.jpg[/attachment:1i4epmpj]

Avatar
Shirl
Gallatin, TN 37066
Member
Forum Posts: 50
Member Since:
September 26, 2009
sp_UserOfflineSmall Offline
28
September 30, 2009 - 10:31 pm
sp_Permalink sp_Print

The only other thing on the startup is:
OneNote2007 Scr....CPROGR~1MICR.... Startup

Sorry I had to send so many screenshots but it would not expand and I notice that it would not let you scroll to see them all. If there is a way to do that please let me know. Also, does this many things have to be enabled on here? Is all of these things running in the background?

I first uninstalled My WebSearch, then downloaded the link for Anti Malware you sent me and ran the update, then ran the scan. The Anti Malware found several things (I think around 37) and all of them was related to My WebSearch. I had it delete all of them and it said it was successful. Then I downloaded the other one, ran the update and then the scan. It had about 3 and they were also related to My WebSearch. Delete was successful. Then I had it run a scan for all running applications and after running the scan it showed a list of everything and it said there was no unsafe things running.

I did not uninstall incredimail because I purchased a lifetime version of it several years ago after using the free version for a few years and this is the second computer I have used it on and have never had any problems with it and love it. It would almost be like uninstalling Richard. LOL

I really feel bad about having you spend so much of your time on this. If we don't get this thing straightened out don't worry about it. It is not really causing any problems I don't guess. It is just aggravating for something to be happening that shouldn't be happening all the time.

I do Thank You from the bottom of my heart,

Shirley

Avatar
Jim Hillier
Admin
Forum Posts: 2549
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
29
October 1, 2009 - 2:21 am
sp_Permalink sp_Print

WOW, sooooo many startup entries...LOL and YES they are all running in the background. Some have no associated background processes though and many are simple processes which check periodically for updates to installed programs. These types of things don't use too many system resources and seeing how you are not terribly computer savvy (if you'll pardon my impudence) probably best left to run at startup.

I think I have about 8 items total in my startup.

Please remove the checkmark from these items so they no longer start with Windows, they are not necessary and, I assure you Shirley, disabling them will do no harm:

atiptaxx
ISUSPM
DMXLauncher
Reader_sl
CLIStart
mbam
ISUSPM
Weather
SUPERAntiSpyware

Uncheck each item and when finished click on [b:104l2kst]Apply [/b:104l2kst]and then [b:104l2kst]Close[/b:104l2kst]. You will be asked to Restart...restart the computer.

You can get free screen capture software which includes an option for capturing scrolling windows, here is a link to the best of them:
http://picpick.wiziple.net/features

Once you have disabled those startup items and you are pretty sure there are no more nasties, please let me know and I'll step you through deleting that strange registry entry.

Oh, by the way...what anti virus software are you running? Judging by the lists you have submitted I would say Kaspersky, is that correct? How long has it been since you ran a full/thorough scan through it? Wouldn't hurt to do that also.

cheers...JIM

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
30
October 1, 2009 - 10:28 am
sp_Permalink sp_Print

If it were me, I would click the 'Disable All' button at the bottom. Not one of those entries appears to be required for functionality.

If you expand the 'command' column, it will tell you what is actually launching and from where. Best practice is to keep this list under about 10, but I keep mine at 2. (checked, anyway). And one of those because I'm too lazy to double click the Outlook icon.

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 271

Currently Online:
21 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 2305

Moderators: 7

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1789

Posts: 12910

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Carol Bratt, dandl, Jason Shuffield, Jim Canfield, Terry Hollett, Dick Evans, Sergey Grankin