Serious Problems getting worse

You're welcome and good luck. You may find that just editing the path text in a notepad window to remove the dupes and then copy and pasting back to the Path box will work.

 

Either way you are still going to be the one editing the path and making the changes. Just paste it into notepad, you can easily see the duplicates.

 

I'll even do you the favor since I have a few minutes right now before I sign off! The below is what you need to overwrite the current path with.

c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\opensa\apache2\bin;c:\program files\pinnacle\shared files;c:\program files\pinnacle\shared files\filter;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\;c:\perl\bin\;

If you still don't know how. Try the below.

Now Copy the bold text below to notepad. Save it as fixPath.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

 

Look in a new log from ShowNew at the Path environment variable and compare it to an older log. The path variable is around line 49.

 

If that is still showing in a new log, you did not get the path variable changed. You should edit it yourself manually.

Pinnacle may be an external harddisk or a backup drive of some sort.

 

Did you run the Registry Patch I gave you?
Did it merge in successfully?

Did you reboot after running the patch? If not, please reboot. I forgot to tell you that.

 

Apply the fixPath.reg patch again and then reboot. After reboot attach a NEW log from ShowNew.

 

By the way are you sure you don't need the Perl and Apache items. You still show and Apache service loading. Is anything for that still installed.

Also I don't think you ever remove the Freenet and GNUnet stuff either.

Just to be clear, none of the above nor the issue with your PATH is malware related.

 

While doing the below Services steps, ignore any error messages and complete all steps.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Freenet 0.7 darknet-8888
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now repeat the above to Stop and Disable the below two Services (if you do not find them or get any errors, just continue):
  • Apache2
  • GNUnet
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste freenet-darknet-8888 into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now repeat the above to delete the below two Services (if you do not find them or get any errors, just continue):
  • Apache2
  • GNUnet
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after another registry patch.

Note the path change did not work. Let's try another patch and also I will remove the other items you say you don't need from Apache and Perl.


Now Copy the bold text below to notepad. Save it as fixPath.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now reboot!

Delete the below folders if they exist:
C:\Program Files\Freenet
C:\Program Files\GNU
C:\OpenSA\Apache2

Now attach new logs from ShowNew and HJT.

 

Okay your HJT log is fine but your path is still messed up. Try doing the below.


To Fix the PATH Environment variable

1. Right-click My Computer and select Properties.
2. Select the Advanced tab.
3. Click the Environment Variables button.
4. In the System variables area (the bottom part of the form), locate the PATH variable, select PATH (by clicking on it) and click the Edit button! In the next popup window you need to edit the Variable value: so that it looks like the below (you can copy and paste the below string into it but you must backspace/delete over what is there already)
   c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\program files\pinnacle\shared files;c:\program files\pinnacle\shared files\filter;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\;
5. Then click OK.
6. Then click OK again to close the Environment Variable window
7. Then click OK to close the System Properties window
8. Now Reboot your PC for the change to take effect.

After reboot, attach a new ShowNew log and tell me if you had any problems doing the above!

 

That's better but you still have 3 duplicate items. You must make sure that you delete all aspects of what is in the path variable box first before pasting in the new path.

You now have this:
c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\program files\pinnacle\shared files;c:\program files\pinnacle\shared files\filter;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter;C:\Program Files\Common Files\Ahead\Lib\

And you should have this:
c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\program files\pinnacle\shared files;c:\program files\pinnacle\shared files\filter;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\;

The below is a duplicate set which you have added to the end somehow:
C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter;C:\Program Files\Common Files\Ahead\Lib\

You need to strip these dups off of the end.

 

You have to delete that string from the end. Don't forget it is appearing twice. You don't need the second one (I don't even know if you need the first since I'm not really sure what you use on the PC). No it should not come back unless something you are running is adding it back.

 

Yes edit and reboot.

The rest is up to you to decide. If you don't need the Pinnacle item in your path then remove it. It you find out you need it later, you can just add it back in the same way you are editing the path right now.

 

That path is fine unless you decided you want to remove anything else (like Pinnacle)

 

Depends on your definition of problem. You said you don't even know what it is for which sounds to me like you therefore should not need it unless you don't know what hardware and software you use on your PC. Even if you remove it and then find you have a problem with something, you can always add it back.

 

If you don't need Pinnacle then you don't need any of Pinnacle. Rather a simple decision.

 

Don't know. ShowNew is only giving you the info that Windows is providing from a DOS prompt. You can see this yourself by simply typing set at the command prompt.

Compressed files will show in blue.

 

I wouldn't bother wasting anymore time on it now. It is alot better than it was. If you wish to continue with it for any reason, you will have to continue in the Software Forum thread you started.

 

I cannot answer your question but it is more than likely due to something you are doing.

If you still have problems with your boot.ini file, post in the Software Forum for help. You may need to rebuild your boot.ini file.

You can also see info about your error message here: http://rselby.net/boot.htm#wxpibih