A
APC
I think I am invaded with malware and that it may have corrupted my
profile. I can logon with another username, but when I logon with
mine I get a Windows Environment Error that states something like --
cannot log on with user's profile but the system has logged on with a
default profile DETAIL -- not enough space on the disk. It will also
not let me run adaware. I can run the default program, but I am
unable to run an update. Posted below is a hijack this log. Any help
would be appreciated.
Logfile of HijackThis v1.97.7
Scan saved at 2:46:19 PM, on 11/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\nslsvice.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\lotus\notes\ntmulti.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Xerox\Usage Analysis Tool\uaserver.exe
D:\Program Files\Xerox\Usage Analysis Tool\DiscoveryService.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\CxtPls\CxtPls.exe
B:\AMY\AntiVirus Programs\HijackThis.exe
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [uaserver] D:\Program Files\Xerox\Usage Analysis
Tool\uaserver.exe
O4 - HKLM\..\Run: [p4mV37U] fxdjet32.exe
O4 - HKLM\..\Run: [dservice] D:\Program Files\Xerox\Usage Analysis
Tool\DiscoveryService.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [hoadgbw] D:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [tFFg37R] fxdjet32.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
-k
O4 - HKCU\..\Run: [Y359RXY6V] nmmhz.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cowmRXdFV] nmmhz.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program
Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office1\Office10\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097177852372
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
adamsgroup.loc
O17 - HKLM\Software\..\Telephony: DomainName = adamsgroup.loc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
adamsgroup.loc
profile. I can logon with another username, but when I logon with
mine I get a Windows Environment Error that states something like --
cannot log on with user's profile but the system has logged on with a
default profile DETAIL -- not enough space on the disk. It will also
not let me run adaware. I can run the default program, but I am
unable to run an update. Posted below is a hijack this log. Any help
would be appreciated.
Logfile of HijackThis v1.97.7
Scan saved at 2:46:19 PM, on 11/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\nslsvice.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\lotus\notes\ntmulti.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Xerox\Usage Analysis Tool\uaserver.exe
D:\Program Files\Xerox\Usage Analysis Tool\DiscoveryService.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\CxtPls\CxtPls.exe
B:\AMY\AntiVirus Programs\HijackThis.exe
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [uaserver] D:\Program Files\Xerox\Usage Analysis
Tool\uaserver.exe
O4 - HKLM\..\Run: [p4mV37U] fxdjet32.exe
O4 - HKLM\..\Run: [dservice] D:\Program Files\Xerox\Usage Analysis
Tool\DiscoveryService.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [hoadgbw] D:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [tFFg37R] fxdjet32.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
-k
O4 - HKCU\..\Run: [Y359RXY6V] nmmhz.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cowmRXdFV] nmmhz.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program
Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office1\Office10\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097177852372
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
adamsgroup.loc
O17 - HKLM\Software\..\Telephony: DomainName = adamsgroup.loc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
adamsgroup.loc