Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1044
  • Last Modified:

Sharing violation on NTUSER.DAT (LoadProfile)

Sharing violation on NTUSER.DAT (LoadProfile)      11/07/2006 09:32:45.439      thread:2364      [d:\xpsprtm\admin\wmi\wbem\providers\win32provider\common\userhive.cpp.640

The above message (multiple instances) occured in my .Net Framework log this AM during the same time as some sort of 'wierd' "restore" action was occurring, somehow related to ASPNET.  Overall; I believe this is possibly related to a hack I've been analyzing/attempting to block.  It was too late to determine the thread source by the time I discovered the log entry.

Anyone able to tell me what I might glean from the message beyond the obvious?  Any other logs etc I might peruse to tie things down more specifically?  

I'm not a .Net expert.  This message is new to me and I can't find any information about it.  And what is the "d:\......" indicative of.  It's not my CD ("D") drive (which currently isn't working due to another manifestation of the hack) but I've seen it in relation to some other messages that seem to be related to the problem I'm working on.

Please don't suggest scans etcetera.  Been there done that.  Essentially, since my own systems 'tools' etcetera are being used against me the scans aren't really finding anything.  There's a backdoor (somewhere) on my system that I've been unable to locate.

Thanks.  Note: My access to internet/mail is severely limited due to the problem but I WILL check back.

J
 
0
jrs_50
Asked:
jrs_50
  • 3
2 Solutions
 
smurteiraCommented:
Have you tried the user profile hive cleanup service from microsoft.  

http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&DisplayLang=en

Might be worth a try.
0
 
jrs_50Author Commented:
I run with uphclean and have for weeks.

Does not, however, address this issue.  I'd still like to find out WHAT created the sharing violation.  It's a more distinct error than the previous sporadic occurances of "Impersonation failed".  I'd like to tie it with the apparent access to virutally every system32 file that occurred at the same time.

Thanks for the info anyway.  I like uphclean.

J
0
 
dlangrCommented:
If you are hacked, forget about fixing the problems. Back up your data and then reinstall the system cause you are just never sure when it is really clean. Things might be left behind wich you are not aware of.
0
 
jrs_50Author Commented:
It is not a matter of 'if' and I am well aware that a reinstall will be required.  However, the previous reinstall did not resolve the issue.  I have another day, or so, to attempt to narrow things down a bit and perhaps prevent reoccurrence before engaging in the lengthy process of rebuilding the system from scratch and associated other steps that apparently will need to be taken.  The message posted appears to bear some relation to the overall 'problem'.

I'm still hoping that someone more familiar with the .Net framework can provide further info regarding how I might better 'interpret' the message with regard to determining a 'cause'.  I have been unable to find any more specific information regarding the potential/likely cause of the 'error'.  I am also limited regarding the ability to stay on the internet for any prolonged periods and hoping someone who has more time might be able to find what I can't. Anyone?

Thanks,
J

0
 
jrs_50Author Commented:
I forgot I had this open.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now