Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sharing violation on NTUSER.DAT (LoadProfile)

Posted on 2006-11-07
5
Medium Priority
?
1,038 Views
Last Modified: 2008-01-09
Sharing violation on NTUSER.DAT (LoadProfile)      11/07/2006 09:32:45.439      thread:2364      [d:\xpsprtm\admin\wmi\wbem\providers\win32provider\common\userhive.cpp.640

The above message (multiple instances) occured in my .Net Framework log this AM during the same time as some sort of 'wierd' "restore" action was occurring, somehow related to ASPNET.  Overall; I believe this is possibly related to a hack I've been analyzing/attempting to block.  It was too late to determine the thread source by the time I discovered the log entry.

Anyone able to tell me what I might glean from the message beyond the obvious?  Any other logs etc I might peruse to tie things down more specifically?  

I'm not a .Net expert.  This message is new to me and I can't find any information about it.  And what is the "d:\......" indicative of.  It's not my CD ("D") drive (which currently isn't working due to another manifestation of the hack) but I've seen it in relation to some other messages that seem to be related to the problem I'm working on.

Please don't suggest scans etcetera.  Been there done that.  Essentially, since my own systems 'tools' etcetera are being used against me the scans aren't really finding anything.  There's a backdoor (somewhere) on my system that I've been unable to locate.

Thanks.  Note: My access to internet/mail is severely limited due to the problem but I WILL check back.

J
 
0
Comment
Question by:jrs_50
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 2

Accepted Solution

by:
smurteira earned 600 total points
ID: 17892680
Have you tried the user profile hive cleanup service from microsoft.  

http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&DisplayLang=en

Might be worth a try.
0
 
LVL 4

Author Comment

by:jrs_50
ID: 17892908
I run with uphclean and have for weeks.

Does not, however, address this issue.  I'd still like to find out WHAT created the sharing violation.  It's a more distinct error than the previous sporadic occurances of "Impersonation failed".  I'd like to tie it with the apparent access to virutally every system32 file that occurred at the same time.

Thanks for the info anyway.  I like uphclean.

J
0
 
LVL 7

Assisted Solution

by:dlangr
dlangr earned 400 total points
ID: 17893780
If you are hacked, forget about fixing the problems. Back up your data and then reinstall the system cause you are just never sure when it is really clean. Things might be left behind wich you are not aware of.
0
 
LVL 4

Author Comment

by:jrs_50
ID: 17898005
It is not a matter of 'if' and I am well aware that a reinstall will be required.  However, the previous reinstall did not resolve the issue.  I have another day, or so, to attempt to narrow things down a bit and perhaps prevent reoccurrence before engaging in the lengthy process of rebuilding the system from scratch and associated other steps that apparently will need to be taken.  The message posted appears to bear some relation to the overall 'problem'.

I'm still hoping that someone more familiar with the .Net framework can provide further info regarding how I might better 'interpret' the message with regard to determining a 'cause'.  I have been unable to find any more specific information regarding the potential/likely cause of the 'error'.  I am also limited regarding the ability to stay on the internet for any prolonged periods and hoping someone who has more time might be able to find what I can't. Anyone?

Thanks,
J

0
 
LVL 4

Author Comment

by:jrs_50
ID: 18014619
I forgot I had this open.
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question