This forum requires Javascript to be enabled for posting content
Please consider registering
guest
Log In Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Topic RSS
System 32 Folder Appears Upon Startup
Shirl
Gallatin, TN 37066
Member
Members
September 29, 2009 - 1:23 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

Hi Jim, I got it downloaded. Figured I might as well do it now since it will be a good chance for me to learn something. I had no idea when I deleted it off before that it was something that I could use all the time. Thought it was just for that one problem whatever that was at the time. You wouldn't believe some (I should say a lot of) the silly things I do. But every once in a while I do something smart and it just blows my my mind and makes me feel so smart. LOL I can't let those smart things get around though because I have a reputation to uphold. LOL It is part of my charm. LOL

Now then since I was smart enough to get this downloaded with no problem and got the screenshot saved. How do I get it to you? Do I send it as an attachment? I can't figure out a way to copy it and send it since it doesn't give me that option. Also it saved as a Bitmap Image. So I also saved it as a JPEG. Which way should I send it to you?

Thanks a bunch,
Shirley

Jim Hillier
Admin
September 29, 2009 - 5:15 pm
Member Since: August 9, 2011
Forum Posts: 2707
Offline

Hey Shirley - Well done you!!!!!!

Bitmap or JPEG?? I'm trying to remember which format creates the larger file....it won't come to the front of my (sometimes) dim brain. Please check the file size for each and use the smallest one.

Here are the instructions for adding to a post:

1) Click on the [b:1erhuzet]Upload attachment[/b:1erhuzet] link
2) Use the [b:1erhuzet]Browse[/b:1erhuzet] button to navigate to the file, highlight the file and click [b:1erhuzet]Open[/b:1erhuzet].
3) You will now see the location of the file in the Filename window. Click on [b:1erhuzet]Add the file[/b:1erhuzet]. (this process will take a few seconds)
4) Make sure your mouse cursor is at the spot within the post where you want to position the screenshot and then click on [b:1erhuzet]Place inline[/b:1erhuzet].

and voila!!! [attachment=0:1erhuzet]blow kiss.gif[/attachment:1erhuzet]

The file will appear just as text in the initial pane where you compose your post but will display as an image once you hit the [b:1erhuzet]Submit[/b:1erhuzet] button and your message is posted.

cheers.....JIM

Shirl
Gallatin, TN 37066
Member
Members
September 29, 2009 - 8:56 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

Jim, It looks like I am doing something wrong because I have a message here that says The extension bmp is not allowed.

Also I don't see anything that says Place Inline.

Shirley

Shirl
Gallatin, TN 37066
Member
Members
September 29, 2009 - 9:01 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

[attachment=0:p68bu5h6]Registry Editor Screen Capture.JPG[/attachment:p68bu5h6]

I tried with the JPG and it looks like it's gonna go. This time I see Place inline and clicked on it.

Jim Hillier
Admin
September 30, 2009 - 7:34 am
Member Since: August 9, 2011
Forum Posts: 2707
Offline

Well done Shirely, but that is just one of two screenshots I need. I need one from this location: [b:3g0r1az7]HKEY_LOCAL_MACHINE[/b:3g0r1az7]SOFTWAREMicrosoftWindowsCurrentVersionRun
and one for this location also: [b:3g0r1az7]HKEY_CURRENT_USER[/b:3g0r1az7]SoftwareMicrosoftWindowsCurrent VersionRun

Shirley, it is apparent from what I have already seen that your computer is most likely heavily infected with malware. I see you have used or are using 'Incredimail' which is not a very nice nor reputable product. I also see that 'MyWebSearch' is mentioned, this is a known nasty.

So, I think the best place for us to start is with a darn good clean up. Uninstall Incredimail (via StartControl PanelAdd or Remove) then download and install Malwarebytes Anti-Malware from here: http://www.malwarebytes.org/mbam.php
Click on the blue button which says.."Download free version".

Richard knows how to use this one because I recommended it to him some time back to help with his machine. Open MBAM and click on the [b:3g0r1az7]Update[/b:3g0r1az7] tab, once the program is up to date, click on the [b:3g0r1az7]Scanner[/b:3g0r1az7] tab and run a full/complete scan.

Do the same thing with SuperAntiSpyware, you can get that from here: http://www.superantispyware.co.....nload.html
Click on the Download link under 'SuperAntiSpyware Free Edition'.

Delete whatever those two scanner/removers find.

Shirley, if either of those products identifies multiple malicious items, it may be best for you to seek assistance from someone in your local area. I am not trying to fob you off mate, but attempting to clean up an infected machine without hands on access is nigh on impossible....we could go back and forth for days on end and still not be certain of a result.

Let me know how you get on with the scans.

cheers now....JIM.

Chad Johnson
Mod
Members
September 30, 2009 - 8:42 am
Member Since: August 11, 2011
Forum Posts: 867
Offline

Just my 2 cents -- Weatherbug is also known to cause system stability issues.

Other than that, I have nothing to add that Jim hasn't already mentioned.

Shirl
Gallatin, TN 37066
Member
Members
September 30, 2009 - 2:02 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

[attachment=0:3qpq1nuj]Horizon33_30-9-2009_45-11-12.jpg[/attachment:3qpq1nuj]

Shirl
Gallatin, TN 37066
Member
Members
September 30, 2009 - 2:09 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

I hope this time I did the screen shot better. This morning I kept thinking about it being so small and taking a screen shot of the desktop too and figured I must have done something wrong so tried again and figured it out.

Thanks to both of you for your suggestions. Today I will work on them. I will let you know the results.

Shirley

Jim Hillier
Admin
September 30, 2009 - 6:52 pm
Member Since: August 9, 2011
Forum Posts: 2707
Offline

Hey Shirley - The images (screenshots you posted) are small but if you left click on them you will see an expanded version which is very easy to read........LOL

I think we may have identified the culprit....there is a registry entry in the second screenshot which has no value; i.e. [b:74ecrcsa]cat - Reg_SZ[/b:74ecrcsa] I'm pretty sure that is the little beggar which is causing this issue.

Can you please go back into [b:74ecrcsa]msconfig[/b:74ecrcsa], click on the [b:74ecrcsa]Startup[/b:74ecrcsa] tab and see if there is anything relating to that registry key. Actually, while you are at it...t'would be better still if you posted a screenshot of the full startup listing in msconfig for me please.

There doesn't seem to be anything malicious in the second screenshot so at least that is some better news.

cheers mate....JIM

Shirl
Gallatin, TN 37066
Member
Members
September 30, 2009 - 9:24 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

[attachment=0:2or3ilx7]Horizon33_30-9-2009_40-20-20.jpg[/attachment:2or3ilx7]

Shirl
Gallatin, TN 37066
Member
Members
September 30, 2009 - 9:38 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

[attachment=0:35bjwbde]Horizon33_30-9-2009_4-27-20.jpg[/attachment:35bjwbde]

Shirl
Gallatin, TN 37066
Member
Members
September 30, 2009 - 9:52 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

[attachment=0:1i4epmpj]Horizon33_30-9-2009_31-45-20.jpg[/attachment:1i4epmpj]

Shirl
Gallatin, TN 37066
Member
Members
September 30, 2009 - 10:31 pm
Member Since: September 26, 2009
Forum Posts: 50
Offline

The only other thing on the startup is:
OneNote2007 Scr....CPROGR~1MICR.... Startup

Sorry I had to send so many screenshots but it would not expand and I notice that it would not let you scroll to see them all. If there is a way to do that please let me know. Also, does this many things have to be enabled on here? Is all of these things running in the background?

I first uninstalled My WebSearch, then downloaded the link for Anti Malware you sent me and ran the update, then ran the scan. The Anti Malware found several things (I think around 37) and all of them was related to My WebSearch. I had it delete all of them and it said it was successful. Then I downloaded the other one, ran the update and then the scan. It had about 3 and they were also related to My WebSearch. Delete was successful. Then I had it run a scan for all running applications and after running the scan it showed a list of everything and it said there was no unsafe things running.

I did not uninstall incredimail because I purchased a lifetime version of it several years ago after using the free version for a few years and this is the second computer I have used it on and have never had any problems with it and love it. It would almost be like uninstalling Richard. LOL

I really feel bad about having you spend so much of your time on this. If we don't get this thing straightened out don't worry about it. It is not really causing any problems I don't guess. It is just aggravating for something to be happening that shouldn't be happening all the time.

I do Thank You from the bottom of my heart,

Shirley

Jim Hillier
Admin
October 1, 2009 - 2:21 am
Member Since: August 9, 2011
Forum Posts: 2707
Offline

WOW, sooooo many startup entries...LOL and YES they are all running in the background. Some have no associated background processes though and many are simple processes which check periodically for updates to installed programs. These types of things don't use too many system resources and seeing how you are not terribly computer savvy (if you'll pardon my impudence) probably best left to run at startup.

I think I have about 8 items total in my startup.

Please remove the checkmark from these items so they no longer start with Windows, they are not necessary and, I assure you Shirley, disabling them will do no harm:

atiptaxx
ISUSPM
DMXLauncher
Reader_sl
CLIStart
mbam
ISUSPM
Weather
SUPERAntiSpyware

Uncheck each item and when finished click on [b:104l2kst]Apply [/b:104l2kst]and then [b:104l2kst]Close[/b:104l2kst]. You will be asked to Restart...restart the computer.

You can get free screen capture software which includes an option for capturing scrolling windows, here is a link to the best of them:
http://picpick.wiziple.net/features

Once you have disabled those startup items and you are pretty sure there are no more nasties, please let me know and I'll step you through deleting that strange registry entry.

Oh, by the way...what anti virus software are you running? Judging by the lists you have submitted I would say Kaspersky, is that correct? How long has it been since you ran a full/thorough scan through it? Wouldn't hurt to do that also.

cheers...JIM

Chad Johnson
Mod
Members
October 1, 2009 - 10:28 am
Member Since: August 11, 2011
Forum Posts: 867
Offline

If it were me, I would click the 'Disable All' button at the bottom. Not one of those entries appears to be required for functionality.

If you expand the 'command' column, it will tell you what is actually launching and from where. Best practice is to keep this list under about 10, but I keep mine at 2. (checked, anyway). And one of those because I'm too lazy to double click the Outlook icon.

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online:
Guest(s) 22
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 673
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3218
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1951
Posts: 13555
Newest Members:
Noahmat, cdgxx, ricc88, R1OLEWINE, bernicereva
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2707, Richard Pedersen: 209, David Hartsock: 1117
Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!