The system could not find the environment option that was entered

kdaughtridge

New member
Local time
2:53 PM
Messages
5
I think i have some kind of malware. I am unable to use many functions on my computer, I always get the same error message "C:\windows\system32\rstrui.exe The system could not find the environment option that was entered." I can't open system restore, because I get that same error message. I think its any .exe operations that I cannot use. My malware program won't open normally but when I tried it in safe mode, it didnt find any problems. I also tried system restore in safe mode and from the boot screen, and it told me system protection was turned off, so I tried to turn it back on and the security tab that was needed to do this was missing. I don't have the windows 7 install disc because it was a factory install. I can't install any new programs and now I keep getting error messages saying I may have counterfeit software. In the bottom right corner of the desktop it says "Windows 7 Build 7600 This copy of Windows is not genuine"
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64-bitAMD Turion II P540 Dual-Core 2.40 Ghz4.00 GB
Computer Manufacturer/Model Number
Toshiba/ Satellite L655D-S5109
OS
Windows 7 Home Premium 64-bit
CPU
AMD Turion II P540 Dual-Core 2.40 Ghz
Memory
4.00 GB
Hard Drives
500 GB internal
Hello kdaughtridge and welcome to Seven Forums.

It sounds like you have several issues going all at once. It will help us help you if you list your system specs. At the top of every Seven Forums page you'll see User CP. Click on that and in the left column you'll see Edit System Spec. From there you can provide details about your computer.

You didn't say what anti-malware you're using. Try to download and install the free Malwarebytes from here. (You may have to use safe mode or install to a thumb drive if you aren't able to instlal any new programs.) Update the data base and run the full scan. You can either post the Malwarebytes log here for review or let it delete whatever malware it might find.

Please post back with your results so we can determine the next best course of action.
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel i5 2.4 Ghz8GB DDR3Intel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Sony Vaio VPCEB47GM Laptop
OS
Win 7 Pro 64-bit
CPU
Intel i5 2.4 Ghz
Memory
8GB DDR3
Graphics Card(s)
Intel HD 3000
Sound Card
IDT High Definition
Monitor(s) Displays
15.6 WGXA Anti-Glare LED
Screen Resolution
1280x800
Hard Drives
640Gb 7200rpm
Antivirus
MSE
Browser
Opera (primary) with IE9 backup
I updated my CP information with all of the info that I knew. I actually already have malware bytes program, I have ran the complete scan twice since I've been having these problems. Each time, the scan finds about 3 Trojans, and removes them, but the problem remains. Regardless, I am running the scan once more.

Additionaly, I am not sure if this is relevent, but whenever I click on a link from Google, it redirects me to an advertisement site.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64-bitAMD Turion II P540 Dual-Core 2.40 Ghz4.00 GB
Computer Manufacturer/Model Number
Toshiba/ Satellite L655D-S5109
OS
Windows 7 Home Premium 64-bit
CPU
AMD Turion II P540 Dual-Core 2.40 Ghz
Memory
4.00 GB
Hard Drives
500 GB internal
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6538
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
5/9/2011 10:47:07 AM
mbam-log-2011-05-09 (10-47-07).txt
Scan type: Full scan (C:\|)
Objects scanned: 285473
Time elapsed: 26 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64-bitAMD Turion II P540 Dual-Core 2.40 Ghz4.00 GB
Computer Manufacturer/Model Number
Toshiba/ Satellite L655D-S5109
OS
Windows 7 Home Premium 64-bit
CPU
AMD Turion II P540 Dual-Core 2.40 Ghz
Memory
4.00 GB
Hard Drives
500 GB internal
From what I could determine, rstrui.exe is a trustworthy file from Microsoft and is part of the System Restore application. However, some malware camouflage themselves as rstrui.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. The rstrui.exe error message could be confirmation that System Restore has been compromised.

Since your browser is redirecting you at least some of the time I believe that would be another indication of "browser hijacking", usually caused by spyware or other malware. Two more tools you can try are SuperAntiSpyware (free edition) and Norton Power Eraser.

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Norton Rescue Tools

Heed the warning for Power Eraser: Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.

Unfortunately, once a machine becomes infected there's no guarantee it will ever be 100% clean. Malware can be so deeply embedded that only a clean install (either from a recovery partition on the hard drive, a known clean system image, or the installation disk) can assure the user of a malware-free system. Let us know if you are able to run the other scans and what the results were.
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel i5 2.4 Ghz8GB DDR3Intel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Sony Vaio VPCEB47GM Laptop
OS
Win 7 Pro 64-bit
CPU
Intel i5 2.4 Ghz
Memory
8GB DDR3
Graphics Card(s)
Intel HD 3000
Sound Card
IDT High Definition
Monitor(s) Displays
15.6 WGXA Anti-Glare LED
Screen Resolution
1280x800
Hard Drives
640Gb 7200rpm
Antivirus
MSE
Browser
Opera (primary) with IE9 backup
I updated my CP information with all of the info that I knew. I actually already have malware bytes program, I have ran the complete scan twice since I've been having these problems. Each time, the scan finds about 3 Trojans, and removes them, but the problem remains. Regardless, I am running the scan once more.

Additionaly, I am not sure if this is relevent, but whenever I click on a link from Google, it redirects me to an advertisement site.

That sounds like you have a rootkit and Malwarebytes may not remove it. Download and run this tool. Let us know if it finds anything:

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
 

My Computer My Computer

At a glance

Windows 7 Ultimate RTM (Technet)3.00 gigahertz Intel Core2 Duo E84004GBATI Radeon X1950 Pro
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Ultimate RTM (Technet)
CPU
3.00 gigahertz Intel Core2 Duo E8400
Motherboard
ASUSTeK Computer INC. P5K/EPU Rev 1.xx
Memory
4GB
Graphics Card(s)
ATI Radeon X1950 Pro
Sound Card
Built in HD Audio
Monitor(s) Displays
22" Gateway LCD
Screen Resolution
1920 x 1200
Hard Drives
ST3160023A [Hard drive] (160.04 GB) -- drive 0, rev 8.01, ST3500630AS [Hard drive] (500.11 GB) -- drive 2, rev 3.AAK
ST3500630AS [Hard drive] (500.11 GB) -- drive 1, rev 3.AAK
Keyboard
Logitech G11
Mouse
Microsoft Wireless Laser Mouse 5000
Internet Speed
13.44 Mbps
marsmimar-
I tried both programs to no avail. The superantispyware gave me the error message "error reading setup data". I tried the NPE and when I tried to use the rootkit scan, it gave me the message "An error has occured Element not found Error code: 0x80070490, n44, n65". I then tried using it without the rootkit scan, and after scanning it came up with an infected file, and I restarted as prompted for removal, only to have nothing change when I log back in. The same file even came up when I tried the PSE w/o rootkit again. Keep in mind this is all in safemode. I normal mode i wouldnt have even been ableto download any of these programs.

MacGyvr- I tried the rootkit program and the scan came up clean. In addition, i tried sfc /scannow in the cmd, and also came up clean.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64-bitAMD Turion II P540 Dual-Core 2.40 Ghz4.00 GB
Computer Manufacturer/Model Number
Toshiba/ Satellite L655D-S5109
OS
Windows 7 Home Premium 64-bit
CPU
AMD Turion II P540 Dual-Core 2.40 Ghz
Memory
4.00 GB
Hard Drives
500 GB internal
Okay, I don't normally advise this, but I think you should run ComboFix. If it can't fix this, nothing can, and the next step is wipe and reinstall. Download ComboFix, follow all the promps, post the results here.

Bleeping Computer Downloads: ComboFix Download
 

My Computer My Computer

At a glance

Windows 7 Ultimate RTM (Technet)3.00 gigahertz Intel Core2 Duo E84004GBATI Radeon X1950 Pro
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Ultimate RTM (Technet)
CPU
3.00 gigahertz Intel Core2 Duo E8400
Motherboard
ASUSTeK Computer INC. P5K/EPU Rev 1.xx
Memory
4GB
Graphics Card(s)
ATI Radeon X1950 Pro
Sound Card
Built in HD Audio
Monitor(s) Displays
22" Gateway LCD
Screen Resolution
1920 x 1200
Hard Drives
ST3160023A [Hard drive] (160.04 GB) -- drive 0, rev 8.01, ST3500630AS [Hard drive] (500.11 GB) -- drive 2, rev 3.AAK
ST3500630AS [Hard drive] (500.11 GB) -- drive 1, rev 3.AAK
Keyboard
Logitech G11
Mouse
Microsoft Wireless Laser Mouse 5000
Internet Speed
13.44 Mbps
marsmimar-
I tried both programs to no avail. The superantispyware gave me the error message "error reading setup data". I tried the NPE and when I tried to use the rootkit scan, it gave me the message "An error has occured Element not found Error code: 0x80070490, n44, n65". I then tried using it without the rootkit scan, and after scanning it came up with an infected file, and I restarted as prompted for removal, only to have nothing change when I log back in. The same file even came up when I tried the PSE w/o rootkit again. Keep in mind this is all in safemode. I normal mode i wouldnt have even been ableto download any of these programs.

MacGyvr- I tried the rootkit program and the scan came up clean. In addition, i tried sfc /scannow in the cmd, and also came up clean.

Did NPE show the path of the infected file? By that I mean did it show (just as an example)
C:\Windows\system32\something\something\something
or was it just a generic name? If it showed a specific path you could use the start menu search to locate the file and either rename it (in case it's a necessary file) or delete it outright (not what I would recommend.) And to repeat what I said earlier, once a machine is infected there's no guarantee it's malware-free no matter how many scans say it is.
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel i5 2.4 Ghz8GB DDR3Intel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Sony Vaio VPCEB47GM Laptop
OS
Win 7 Pro 64-bit
CPU
Intel i5 2.4 Ghz
Memory
8GB DDR3
Graphics Card(s)
Intel HD 3000
Sound Card
IDT High Definition
Monitor(s) Displays
15.6 WGXA Anti-Glare LED
Screen Resolution
1280x800
Hard Drives
640Gb 7200rpm
Antivirus
MSE
Browser
Opera (primary) with IE9 backup
it was just a generic term that was given for NPE.
I ran Combofix and no changes are noticed.
I don't have the windows 7 disc, also.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64-bitAMD Turion II P540 Dual-Core 2.40 Ghz4.00 GB
Computer Manufacturer/Model Number
Toshiba/ Satellite L655D-S5109
OS
Windows 7 Home Premium 64-bit
CPU
AMD Turion II P540 Dual-Core 2.40 Ghz
Memory
4.00 GB
Hard Drives
500 GB internal
it was just a generic term that was given for NPE.
I ran Combofix and no changes are noticed.
I don't have the windows 7 disc, also.

Did the ComboFix log note any file deletions at the top?

Either way, run "combofix /uninstall" to get rid of anything left behind.
 

My Computer My Computer

At a glance

Windows 7 Ultimate RTM (Technet)3.00 gigahertz Intel Core2 Duo E84004GBATI Radeon X1950 Pro
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Ultimate RTM (Technet)
CPU
3.00 gigahertz Intel Core2 Duo E8400
Motherboard
ASUSTeK Computer INC. P5K/EPU Rev 1.xx
Memory
4GB
Graphics Card(s)
ATI Radeon X1950 Pro
Sound Card
Built in HD Audio
Monitor(s) Displays
22" Gateway LCD
Screen Resolution
1920 x 1200
Hard Drives
ST3160023A [Hard drive] (160.04 GB) -- drive 0, rev 8.01, ST3500630AS [Hard drive] (500.11 GB) -- drive 2, rev 3.AAK
ST3500630AS [Hard drive] (500.11 GB) -- drive 1, rev 3.AAK
Keyboard
Logitech G11
Mouse
Microsoft Wireless Laser Mouse 5000
Internet Speed
13.44 Mbps
My computer keeps saying, "The system could not find the environment..

My computer keeps saying "The system could not find the environment option that was entered."

All this started when I deleted my Microsoft Essentials because my dad got ESET NOD32 ANTIVIRUS and it says I have to delete all other antivirus and anti malware programs so I did just that. Then it says I don't have permission to install it even though I have my own computer and its an administrative account. I then decided to try and delete games and files I could download again and now I can't uninstall, I can't download, I can't even play my games. I also can't even restore my computer and I have clicked things and it has said please retype. Is it possible I may have deleted something I shouldn't have that is causing this, is the computer responding badly to the changes, or what? Please someone give me some answers ASAP I AM BEGGING YOU!!!!!
 

My Computer My Computer

At a glance

Windows 7 32bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Acer
OS
Windows 7 32bit
Hard Drives
Dell
Keyboard
Dell
Mouse
Dell
Antivirus
none
Browser
Google Chrome
Back
Top