[misterewe]

its slowing down my comp, i have tons of pop ups...

already ran norton, adaware, spybot, and most of all...

my hijack this keeps picking it up...i keep trying to fix it and it keeps coming back...

i looked for the program on my harddrive and its nowhere to be found, so i can't delete it.

here's my hijack this log...

help me please, my comp has been polluted this last week, its becoming a magnet for adware, malware, popups....agh!

the pokapoka65 and eliteryc32 are the big two that keep coming back....grrr

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\Proxy.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\etb\pokapoka65.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [cvqev] cvcavc.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [System service65] C:\WINNT\etb\pokapoka65.exe
O4 - HKLM\..\Run: [lsass] C:\winnt\system32\eliteryc32.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: Remote Procedure Call (RPC) Manager (RpcMgr) - Unknown owner - C:\WINNT\system32\Proxy.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINNT\system32\scardsvr32.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Update (WindowsUpdate) - Unknown owner - C:\WINNT\system32\usrinit.exe (file missing)



thank you in advance!!!

[Advertisements]

Hi misterewe and welcome to Geekstogo!

Can you please post your entire log, from the very top to the very bottom.


Thanks,



Excal

[Excal]

Hi misterewe and welcome to Geekstogo!

Can you please post your entire log, from the very top to the very bottom.


Thanks,



Excal

[misterewe]

Oops...Sorry, forgot the top part...

Logfile of HijackThis v1.99.1
Scan saved at 9:45:49 PM, on 9/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\Proxy.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\etb\pokapoka65.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [cvqev] cvcavc.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [System service65] C:\WINNT\etb\pokapoka65.exe
O4 - HKLM\..\Run: [lsass] C:\winnt\system32\eliteryc32.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: Remote Procedure Call (RPC) Manager (RpcMgr) - Unknown owner - C:\WINNT\system32\Proxy.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINNT\system32\scardsvr32.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Update (WindowsUpdate) - Unknown owner - C:\WINNT\system32\usrinit.exe (file missing)



thanks excal!

[Excal]

DOWNLOAD PROGRAMS

Download and install CleanUp! Here
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Download LQfix Here
save it to your desktop, please do not use yet


THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Go to Start->Run and type in services.msc and hit OK. Then look for Windows Update (WindowsUpdate) and double click on it. Click on the Stop button and under Startup type, choose Disabled.

5. Close all browsers, windows and unneeded programs.

6. Open HiJack and do a scan.

7. Put a Check next to the following items:

O4 - HKLM\..\Run: [cvqev] cvcavc.exe
O4 - HKLM\..\Run: [System service65] C:\WINNT\etb\pokapoka65.exe
O4 - HKLM\..\Run: [lsass] C:\winnt\system32\eliteryc32.exe
O23 - Service: Windows Update (WindowsUpdate) - Unknown owner - C:\WINNT\system32\usrinit.exe (file missing)

8. click the Fix Checked box

9. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINNT\system32\usrinit.exe
Start>Search to find this one:
Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.
cvcavc.exe

10. Double click on LQFix program u downloaded.
A doswindow will open and close again, this is normal.

11. Run the program CleanUp!

12. Delete Bad Service:

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• click on "delete an NT service"
• Copy and paste this in the box: WindowsUpdate
• Click "ok", then reboot

13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

[misterewe]

Thank you, Excal...I really appreciate your help, and jumped in headfirst with your advice.

Except something really bad just occured.

Everything was running smoothly... in regards to your instructions.


two little discrepancies occured (and one BIG ONE, which i'll get into later)


- step 7...there was no

O23 - Service: Windows Update (WindowsUpdate) - Unknown owner - C:\WINNT\system32\usrinit.exe (file missing)


to fix.


-Step 9 there was no "cvcavc.exe" to remove...


now for the BIG problem, and why i haven't been able to get online for the last 2 days....


I finished step 12, then I went to reboot....THEN....

whenever i startup and log into windows 2000, I get this "administrator" log in prompt....

then i click enter, then I get into windows.....one major problem...

after I click enter, I'll get a
"loading your personal settings......applying settings"

then I get the log in box again!

I tried all the different modes....safe mode, last known good configuration, etc etc and I could not get past the log in prompt.

(I have a hunch the erasing of the windows update, or userinit or something was used to authenticate me into my system and I could not get in.)

I even tried to reinstall my windows 2000...but it wouldn't work, cuz i didn't have enough space.

so....the only way i could get into my windows 2000 system...was to reformat my entire system where I lost all my pictures, music, papers, files.




so now i'm slightly devastated, and still reinstalling drivers and such....

I do appreciate the help, though. Just wanted to give you a heads up.

thanks.

[Excal]

Well I do see a problem there if you did delete userinit.exe.

The file u were suppose to delete was usrinit.exe. I am sorry I was clearer on that and I do wish you the best of luck. Sorry about the loss of your documents and pics.






Excal

[Excal]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.