Cannot logon -- corrupt user's profile?

[APC]

I think I am invaded with malware and that it may have corrupted my
profile. I can logon with another username, but when I logon with
mine I get a Windows Environment Error that states something like --
cannot log on with user's profile but the system has logged on with a
default profile DETAIL -- not enough space on the disk. It will also
not let me run adaware. I can run the default program, but I am
unable to run an update. Posted below is a hijack this log. Any help
would be appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 2:46:19 PM, on 11/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\nslsvice.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\lotus\notes\ntmulti.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Xerox\Usage Analysis Tool\uaserver.exe
D:\Program Files\Xerox\Usage Analysis Tool\DiscoveryService.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\CxtPls\CxtPls.exe
B:\AMY\AntiVirus Programs\HijackThis.exe

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [uaserver] D:\Program Files\Xerox\Usage Analysis
Tool\uaserver.exe
O4 - HKLM\..\Run: [p4mV37U] fxdjet32.exe
O4 - HKLM\..\Run: [dservice] D:\Program Files\Xerox\Usage Analysis
Tool\DiscoveryService.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [hoadgbw] D:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [tFFg37R] fxdjet32.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
-k
O4 - HKCU\..\Run: [Y359RXY6V] nmmhz.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cowmRXdFV] nmmhz.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program
Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office1\Office10\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097177852372
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
adamsgroup.loc
O17 - HKLM\Software\..\Telephony: DomainName = adamsgroup.loc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
adamsgroup.loc

 

[S.Sengupta]

Log on to safe mode as Administrator.And do a System Restore to a day
before things went wrong.This may restore the corrupt registry.
If that fails go to Control Panel>User accounts and make a new user
account that will end by replace the damaged one Now
open My Computer windows on the two user's profile folders, and copy
across the folders inside from the old into the new a/c.
Now you can remove the old one

regards,
ssg MS-MVP

I think I am invaded with malware and that it may have corrupted my
profile. I can logon with another username, but when I logon with
mine I get a Windows Environment Error that states something like --
cannot log on with user's profile but the system has logged on with a
default profile DETAIL -- not enough space on the disk. It will also
not let me run adaware. I can run the default program, but I am
unable to run an update. Posted below is a hijack this log. Any help
would be appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 2:46:19 PM, on 11/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\nslsvice.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\lotus\notes\ntmulti.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Xerox\Usage Analysis Tool\uaserver.exe
D:\Program Files\Xerox\Usage Analysis Tool\DiscoveryService.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\CxtPls\CxtPls.exe
B:\AMY\AntiVirus Programs\HijackThis.exe

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [uaserver] D:\Program Files\Xerox\Usage Analysis
Tool\uaserver.exe
O4 - HKLM\..\Run: [p4mV37U] fxdjet32.exe
O4 - HKLM\..\Run: [dservice] D:\Program Files\Xerox\Usage Analysis
Tool\DiscoveryService.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [hoadgbw] D:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [tFFg37R] fxdjet32.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
-k
O4 - HKCU\..\Run: [Y359RXY6V] nmmhz.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cowmRXdFV] nmmhz.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program
Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office1\Office10\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097177852372
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
adamsgroup.loc
O17 - HKLM\Software\..\Telephony: DomainName = adamsgroup.loc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
adamsgroup.loc

 

[Rock]

I think I am invaded with malware and that it may have corrupted my
profile. I can logon with another username, but when I logon with
mine I get a Windows Environment Error that states something like --
cannot log on with user's profile but the system has logged on with a
default profile DETAIL -- not enough space on the disk. It will also
not let me run adaware. I can run the default program, but I am
unable to run an update. Posted below is a hijack this log. Any help
would be appreciated.

<snip>

Don't post HijackThis logs here. There are specialty forums for it.

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/