Solved

Sharing violation on NTUSER.DAT (LoadProfile)

Posted on 2006-11-07
5
1,030 Views
Last Modified: 2008-01-09
Sharing violation on NTUSER.DAT (LoadProfile)      11/07/2006 09:32:45.439      thread:2364      [d:\xpsprtm\admin\wmi\wbem\providers\win32provider\common\userhive.cpp.640

The above message (multiple instances) occured in my .Net Framework log this AM during the same time as some sort of 'wierd' "restore" action was occurring, somehow related to ASPNET.  Overall; I believe this is possibly related to a hack I've been analyzing/attempting to block.  It was too late to determine the thread source by the time I discovered the log entry.

Anyone able to tell me what I might glean from the message beyond the obvious?  Any other logs etc I might peruse to tie things down more specifically?  

I'm not a .Net expert.  This message is new to me and I can't find any information about it.  And what is the "d:\......" indicative of.  It's not my CD ("D") drive (which currently isn't working due to another manifestation of the hack) but I've seen it in relation to some other messages that seem to be related to the problem I'm working on.

Please don't suggest scans etcetera.  Been there done that.  Essentially, since my own systems 'tools' etcetera are being used against me the scans aren't really finding anything.  There's a backdoor (somewhere) on my system that I've been unable to locate.

Thanks.  Note: My access to internet/mail is severely limited due to the problem but I WILL check back.

J
 
0
Comment
Question by:jrs_50
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 2

Accepted Solution

by:
smurteira earned 300 total points
ID: 17892680
Have you tried the user profile hive cleanup service from microsoft.  

http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&DisplayLang=en

Might be worth a try.
0
 
LVL 4

Author Comment

by:jrs_50
ID: 17892908
I run with uphclean and have for weeks.

Does not, however, address this issue.  I'd still like to find out WHAT created the sharing violation.  It's a more distinct error than the previous sporadic occurances of "Impersonation failed".  I'd like to tie it with the apparent access to virutally every system32 file that occurred at the same time.

Thanks for the info anyway.  I like uphclean.

J
0
 
LVL 7

Assisted Solution

by:dlangr
dlangr earned 200 total points
ID: 17893780
If you are hacked, forget about fixing the problems. Back up your data and then reinstall the system cause you are just never sure when it is really clean. Things might be left behind wich you are not aware of.
0
 
LVL 4

Author Comment

by:jrs_50
ID: 17898005
It is not a matter of 'if' and I am well aware that a reinstall will be required.  However, the previous reinstall did not resolve the issue.  I have another day, or so, to attempt to narrow things down a bit and perhaps prevent reoccurrence before engaging in the lengthy process of rebuilding the system from scratch and associated other steps that apparently will need to be taken.  The message posted appears to bear some relation to the overall 'problem'.

I'm still hoping that someone more familiar with the .Net framework can provide further info regarding how I might better 'interpret' the message with regard to determining a 'cause'.  I have been unable to find any more specific information regarding the potential/likely cause of the 'error'.  I am also limited regarding the ability to stay on the internet for any prolonged periods and hoping someone who has more time might be able to find what I can't. Anyone?

Thanks,
J

0
 
LVL 4

Author Comment

by:jrs_50
ID: 18014619
I forgot I had this open.
0

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month8 days, 21 hours left to enroll

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question