The Procedure entry point CredEnumerateA could not be found?

HI All,

This is my first official post,

I recently downloaded a the operating program for usenet. I know I know :-o I should have never done it but did so at the suggestion of a friend those sites scare me but he was convincing and well, I have never done that before and I think I may have been taught a lesson.

I deleted the program within a couple of min cause honestly it scared me to use those sites. At any rate now at random I get a error box from windows 2000pro. I know I know its old but it works for me. anyway in the upper banner of the box in the left corner there is a file name listed that is ALWAYS a .exe file but its name changes every single time the box comes up. Right now there is one and in the upper left corner is z00ruTt.exe - Entry point not Found. Below this in the larger portion of the box centered above the OK button it reads "The procedure entry point CredEnumerateA could not be found in the dynamic link library advapi.32.dll

This box shows up at random. If I do not click ok it will keep coming up, not as separate boxes but the same one.They look like the same box but actually each one has its own .exe file. so I click ok on the box and in its exact location the next one and next one till they stop. Its usally one at a time but if Im away from comp they build up and have been many when I get back. Again its not many boxes but ONE box that well for get it I dont know how to explain it.:confused

When this comes up at random the .exe file is always different but the rest of the box remains the same.

Im posting in here because the fact that it is coming up every couple of min and the .exe file is always different and that when I do a file search search on this comp they do not show up concerns me. Its as if its randomly looking for something.

In addition to this and I don't know if they are related or not but started the same day. I get at start up or restart a pop up box that says of course now I cant remember exactly but it says something about eziriz .net reactor. I apologize for not remembering and I need to restart for it to come back so for now I will leave it as that and post EXACTLY what it says later.

In the back of my mind I think that the Usenet program was not for my operating system. Im NOT going back there to look. but just thought I might mention this.

Im posting this now BEFORE I go through the READ AND RUN ME procedures just to give those who may help an idea of what my current issue is.

I will wait for direction from u experts as to what to do next. Im proceeding with caution because I was just getting ready to back up this hard drive with EVERYTHING on it, I have been putting it off. But now Im worried I will back up a bunch of problems. Thats another issue though.

Thank you for any help and please if this is not in the right forum I apologize and will not be offended if someone moves it to a better location.

 

Hi Again,

Thank you to chaslang for responding.

Well I followed the directions to the letter and ran everything. However

combofix would not run because of a request to uninstall CA antivirus. I TRIED TRIED TRIED to get CA uninstalled but it did not work. Apparently this is a common problem with there software. I tried many of there own suggestions with not luck.

ROOTREPEAL also ran a bit then because of error messages stopped. They said cannot read from address and each one was different. I noticed that each one created a "crash Report" that Im sure I can attach if that is necessary.

So it appears that the programs that did run found quite a lot of crap. The issues I wrote about below are no longer happening. Does that mean Im safe? I dont know.

I know you guys are busy here so I hesitate to submit all my info for review if Im not having any immediate problems. This is why I posted a summary of my problem before I ran the procedure I really didn't want to waste anyone's time on an issue that could be easily solved. I mean dont get me wrong I really would appreciate a review and diagnosis but if its not a pressing issue than that's ok. Someone just let me know.

Also I would love to run those 2 programs but dont know how to get rid of the CA and how to overcome the "cannot read" errors.

So if someone feels like reviewing my info let me know and if anyone could direct me on getting the 2 others to run that would be great.

Hey I am already thankful for all the stuff I ran from here. In addition the sticky's were AMAZINGLY through and were easy to follow. Thanks

 

Ok here are the logs.

I could not attach the MBAM log because of the message below:

"mbam-log-2011-04-29 (20-35-39).txt:
Your file of 469.6 KB bytes exceeds the forum's limit of 375.0 KB for this file type."

Thanks for helping

 

Thanks again,

I believe the file is so large because of the error message I was getting that is the title of this thread. As I looked at the file it appears that each time the message would come up it created a new .exe file. This is what the large log is comprised of.

I have attached the zip file and hope it works. I have not created a zip file in years.

Sorry for the delay I have been had some electrical problems at the house.

I might add that at start up I get a registry to small pop up. I read somewhere here not to make any changes to anything until u guys review all the logs. If this pop up is not related to anything in my logs could some one please advise me as to what I should do about it?

Also I want to really clean up this hard drive and was going to start that process then I came here for help with the Malware issue. I want to do this right and clean up everything that I do not need or use. I dont want to create any more problems so I would appreciate very much some direction on that process. If this is not the forum or even the site to seek this direction just let me know.

Again thanks for all your help.

 

WOW..

I cant believe how much info you went over. Look I cant say it enough thank you very much.

To answer your questions:

Firefox install: Not that I know of, I just downloaded it and installed it.

Proxy Overrides: Absolutely not I don't even know what those are. I mean I think they are related to internet connection but that's all.

I will get to work following your instructions.

Thanks again.

 

Hi Again,

Ok Everything seems to have worked fine. I followed the instructions as u laid them out.

At last reboot (before writing this) I did still get the registry too small pop up but I can live with that if its not the sign of something more ominous going on in the background. :confused

That uninstaller was incredible. I cant imagine how many left over files are in here from just using the standard windows uninstaller.. Did that also take out all of those files from previously removed programs? or just from the ones that I recently did?

I did delete quite a bunch of other stuff that I did not use anymore so it was great. Also I was wondering if the "packages" that updates or "hot fixes" come in can be deleted after they have been installed? There are dozens of them on here..

Anyway the registry pop up is still there but its the only thing I can "see" that is an issue.

I will wait for further instructions

Thank you again

 

Hmm,

I have attached a screen shot of the temp folder and none of those are in there. I cut off part of the edges and bottom of the screen shot to try and reduce size but it did not reduce it so I just put it in a zip file. Those in there now are Im assuming are from more clean up I did yesterday.

I did NOT run any of the programs you suggested since sending you the logs. The clean up I did was just putting things in the trash.

I went in the exact order they were listed in your post. Starting from the top to the bottom.

I also peaked in the tasks folder and the files u listed are no longer there.

I have been careful to follow instructions. There are some other programs I wanted to get rid of but thought I better wait till I here back from you so I waited.

Since I totally deleted CA from my system I have no similar program. Can u recommend some programs I should have running to protect my internet connection and these types of issues.? I realize I will probably not be able to install them till we are done here but just thought I should ask now.

Also Im switching to ATT u-verse internet (should be here today) Im wondering if I should wait until we are done here? no big deal I haven't even cancelled my other service yet.

Thanks again for your continued help.

 

Here it is..