Sharing violation on NTUSER.DAT (LoadProfile)
Posted on 2006-11-07
Sharing violation on NTUSER.DAT (LoadProfile) 11/07/2006 09:32:45.439 thread:2364 [d:\xpsprtm\admin\wmi\wbem\providers\win32provider\common\userhive.cpp.640
The above message (multiple instances) occured in my .Net Framework log this AM during the same time as some sort of 'wierd' "restore" action was occurring, somehow related to ASPNET. Overall; I believe this is possibly related to a hack I've been analyzing/attempting to block. It was too late to determine the thread source by the time I discovered the log entry.
Anyone able to tell me what I might glean from the message beyond the obvious? Any other logs etc I might peruse to tie things down more specifically?
I'm not a .Net expert. This message is new to me and I can't find any information about it. And what is the "d:\......" indicative of. It's not my CD ("D") drive (which currently isn't working due to another manifestation of the hack) but I've seen it in relation to some other messages that seem to be related to the problem I'm working on.
Please don't suggest scans etcetera. Been there done that. Essentially, since my own systems 'tools' etcetera are being used against me the scans aren't really finding anything. There's a backdoor (somewhere) on my system that I've been unable to locate.
Thanks. Note: My access to internet/mail is severely limited due to the problem but I WILL check back.