Solved

AD or local PC Profile issue

Posted on 2010-08-18
16
631 Views
Last Modified: 2012-05-10
I've a user that can log on to any PC and their profile works fine.  Then they log on to one PC and I get the Windows can't log you on etc with the following detail.
'DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.'

I've tried several solutions but to no avail; these include, removing the profile from that Laptop completely,running UPHclean, cleaning up registry.

It basically will not allow this user to log in but anyone else can fine with no issues.

Any Ideas and solutions would be helpful and welcome...and yes the user needs to use this Laptop.
0
Comment
Question by:lfrs_org
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
16 Comments
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 33463367
this pc looks like infected
please log in as local admin... scan the computer .. disjoin and join to domain again and check

Thank you
Dhruv
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33463407
The file that is causing the problem, UsrClass.dat, and its found it residing in
C:\Documents and Settings\Current User\Local Settings\ApplicationData\Microsoft\Windows\UsrClass.dat

Where the Current User is the user logged in to the network at the moment). Move the file out of that directory and log back in (it doesn’t matter where you move it to as long as you know, just in case it wouldn’t work). The file is going to be recreated and this will eliminate the login error the user was getting. When everything is working fine, just delete the old UsrClass.dat file.
0
 

Author Comment

by:lfrs_org
ID: 33463474
Zsaurabh: The profile has been completely deleted from the PC and therefore has no C:\Documents and Settings\Current User\Local Settings\ApplicationData\Microsoft\Windows\UsrClass.dat file to move any where.  Unless you are thinking of all users but then it doesn't explain why other people can log into this PC fine.

Basically the pc will not let this user log in full stop, no profile is created it just goes back to the login prompt.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 3

Expert Comment

by:VBDotNetCoder
ID: 33465814
Did you check the startup programs via msconfig?
Which programs and 3rd party services are being loaded at startup?
Please send a list of programs loading at the startup...

Did you try reinstalling a fresh XP or whatever you're using on the laptop?
0
 

Author Comment

by:lfrs_org
ID: 33466146
Yes      HKLM:Run      Preload      C:\Windows\RUNXMLPL.exe
Yes      HKLM:Run      IAAnotif      "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Yes      HKLM:Run      SynTPStart      C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Yes      HKLM:Run      RTHDCPL      RTHDCPL.EXE
Yes      HKLM:Run      Alcmtr      ALCMTR.EXE
Yes      HKLM:Run      AzMixerSel      C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
Yes      HKLM:Run      Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Yes      HKLM:Run      RemoteControl      "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Yes      HKLM:Run      LanguageShortcut      "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
Yes      HKLM:Run      IMJPMIG8.1      "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Yes      HKLM:Run      MSPY2002      C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
Yes      HKLM:Run      PHIME2002ASync      C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Yes      HKLM:Run      PHIME2002A      C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Yes      HKLM:Run      IgfxTray      C:\WINDOWS\system32\igfxtray.exe
Yes      HKLM:Run      HotKeysCmds      C:\WINDOWS\system32\hkcmd.exe
Yes      HKLM:Run      Persistence      C:\WINDOWS\system32\igfxpers.exe
Yes      HKLM:Run      PLFSetL      C:\WINDOWS\PLFSetL.exe
Yes      HKLM:Run      Acer ePresentation HPD      C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
Yes      HKLM:Run      ePower_DMC      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Yes      HKLM:Run      Boot      C:\Acer\Empowering Technology\ePower\Boot.exe
Yes      HKLM:Run      StarteLock      "C:\Acer\Empowering Technology\eLock\Service\startelock.exe"
Yes      HKLM:Run      eDataSecurity Loader      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
Yes      HKLM:Run      eRecoveryService      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
Yes      HKLM:Run      LManager      C:\PROGRA~1\LAUNCH~1\LManager.exe
Yes      HKLM:Run      BCSSync      "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes      HKLM:Run      ccApp      "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Yes      HKLM:Run      QuickTime Task      "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes      HKLM:Run      SunJavaUpdateSched      "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes      Startup Common      Acer Empowering Technology.lnk      C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Yes      Startup Common      Citrix XenApp.lnk      C:\WINDOWS\Installer\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

Are the startup content.  The laptop has only 2weeks ago been reinstalled with windows XP with service pack 3.  

Other people log on fine to this computer what is your thinking VB?
0
 
LVL 3

Expert Comment

by:VBDotNetCoder
ID: 33470868
Some malware camouflage themselves as RUNXMLPL.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the RUNXMLPL.exe process on your pc whether it is pest .(the first item on your list)

There are some items that I didn't see before in your startup list.

 I recommend to download Spybot Search and Destroy software and after updating the software scan you laptop.

Also download & run ComboFix to be sure there is no BHO or any other malware that cannot be identified by looking into startup objects.

Did you check the event viewer (system and application sections) ?
Is there a red (error) or warning (yellow) when the pc is booting to windows?
0
 

Author Comment

by:lfrs_org
ID: 33474654
Virus and malware scans are clear.

The only errors that have come up in the event viewer are Crypt32 which is to do with Windows Root Certificates.

Still no joy.

0
 
LVL 3

Expert Comment

by:VBDotNetCoder
ID: 33475008
Since there is no relevant record on event viewer, it must be a 3rd party software.

I think one of the startup programs are causing it. Can you disable all of them (using msconfig: HKLM-RUN, HKCU-RUN, Startup Folder...), restart and give it a try? If it boots correctly then you can be sure one of them is causing this message.

After that you can turn them on one by one, restart and see exactly which one is causing the problem...
0
 

Author Comment

by:lfrs_org
ID: 33475296
Ok, I think you are misunderstanding what it is that is happening here.

* Have disabled all startup items and the issue continues.
* There are not viruses or Malware issues;
* Other people can log on to this laptop fine, and can work on it with out any issues.
* This is just 1 person having the problem, his account is fine in active directory and has been tested on other PCs/Laptops and he has no problems loging in to them.
* He has no profile left on the laptop, so it should load a new one, but it doesn't! It comes up with
"Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format. "

When you click ok it takes you back to the CTRL-ALT-DEL login screen.  I can then log in fine.  

Once again thankyou for your help.
0
 
LVL 3

Accepted Solution

by:
VBDotNetCoder earned 500 total points
ID: 33475428
Yes I misunderstood, sorry...

Do you have event IDs 1505 and 1508 in Application log?
0
 

Author Comment

by:lfrs_org
ID: 33475778
I get 1500 and 1508 in the event log.

After seraching these I found the Microsoft User Profile Hive Cleanup Service (UPHClean) which loads onto the laptop fine, but doesn't solve my problem.  Its automatically in the services startup and seems to have no effect on the profile whatsoever.
0
 
LVL 3

Assisted Solution

by:VBDotNetCoder
VBDotNetCoder earned 500 total points
ID: 33475925
So now I have 3 questions:

1) How much RAM is installed on the laptop?
2) How are the virtual memory settings (What is the pagefile size min/max ?)
3) Does the problem occur when you give administrator (first local than domain, for testing only) priviledges to the problematic account?
0
 

Author Comment

by:lfrs_org
ID: 33476127
1 - 1GB
2 - Page file Currently allocated 3000MB, Initial Size (MB) 3000 and Max Size (MB) 3000.
3 - Made user local administrator get the event id 1508 then 1505, logs in with temp account.
0
 

Author Comment

by:lfrs_org
ID: 33476293
I've solved the problem, basically looks like the profile was trying to associate itself with a TEMP profile, that I was totally ingoring.

I've removed that profile and it has allowed the user to log into the laptop without any errors. I've tested again by removing administrator priviledges and it has help the profile.

VB thankyou for your assistance in this matter it has helped talking it through with someone.
0
 

Author Closing Comment

by:lfrs_org
ID: 33476323
Managed to work out the solution with the question VB asked.
0
 
LVL 3

Expert Comment

by:VBDotNetCoder
ID: 33476937
Glad I helped :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question