my system vars are something is baddy clobbered?

January 8, 2014 at 17:52:09
Specs: Windows 7, i5
os: win7 pro

best way to explain this is to point out a few issues.

1) programs can not use some vars like windir.
2) right click on my computer manage gives an "unspecified error"
3) right click my computer properties then click advanced I get cant file such and such file.

Now I can get to these files on my own, its just the system, has troubles getting there. All my system vars look ok, and testing vars from my command prompt seem ok. I checked a few virus tools but nothing finds a virus.

If feels very virus like, looking for suggestions.

Just wanted to add this...

C:\Windows>%windir%\system32\services.msc
The system cannot find the path specified.

C:\Windows>echo %windir%\system32\services.msc
%SystemRoot%\system32\services.msc

C:\Users\Administrator>cd %windir%
The system cannot find the path specified.

C:\Users\Administrator>echo %windir%
%SystemRoot%

C:\Users\Administrator>echo %SystemRoot%
C:\Windows

C:\Users\Administrator>

C:\Users\Administrator>cd %SystemRoot%

C:\Windows>

this does work.
C:\Windows> %SystemRoot%\system32\services.msc


message edited by ulaoulao


See More: my system vars are something is baddy clobbered?

Report •

#1
January 8, 2014 at 18:38:59
so I changed the windir to c:\windows instead and its fixed all my issue. I check another system from a friend and I guess it should be c:\windows I wonder how that ever got changed?

message edited by ulaoulao


Report •

#2
January 8, 2014 at 19:32:37
"I wonder how that ever got changed?"
Exactly, lets do some checking.

Download OTL from any of the following links and save to your Desktop.
http://oldtimer.geekstogo.com/OTL.exe
http://itxassociates.com/OT-Tools/O...
http://www.itxassociates.com/OT-Too...
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Upload the logs using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/AT6bjjD.gif
http://i.imgur.com/txFkgpT.gif


Report •

#3
January 8, 2014 at 20:01:41

Report •

Related Solutions

#4
January 8, 2014 at 20:14:23
"Here are my logs"
Thanks, I am going to start by removing your problems with these.

1: AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#5
January 9, 2014 at 13:31:30
JRT did its thing
AdwCleaner log here http://spawnlinux.dyndns.org/DoCz/d...
though all items that if found most certainly were not of my liking so I let it remove them.

Report •

#6
January 9, 2014 at 13:34:51
3: Update & run Malwarebytes Quick Scan again. Copy & Post the contents of the log in your next reply.

message edited by Johnw


Report •

#7
January 9, 2014 at 14:09:50
I already have that one and it did find one thing.

http://spawnlinux.dyndns.org/DoCz/d...

sorry about all the spaces.


Report •

#8
January 9, 2014 at 15:09:34
"I already have that one"
Yes, I knew from your OTL logs.

"C:\Windows\Installer\7f6bf379.msi (PUP.Optional.SweetIM) -> No action taken"
You haven't taken any action, do so, scan again & new log please.


Report •

#9
January 9, 2014 at 15:11:55
No I posted the log before I removed. Then told it to remove.

Report •

#10
January 9, 2014 at 15:13:54
Ok, scan again & new log please.

Report •

#11
January 9, 2014 at 15:33:21
new log is in the same location as before. Also would you kindly spare a few moments and explain why a new log is needed, for understanding purposes?

Report •

#12
January 9, 2014 at 15:44:56
Absolute basic of removing nasties, is to run multi scans, to make sure what has been removed, stays removed.

Report •

#13
January 9, 2014 at 15:50:56
Oh, so our exercises is complete?

Report •

#14
January 9, 2014 at 15:59:02
4: Download & run Unhide
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
To run Unhide, simply download it to your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...

5: Reboot

6: Download Security Check by screen317 from one of the following links and save it to your Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

message edited by Johnw


Report •

Ask Question