Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not log into profile


  • Please log in to reply
14 replies to this topic

#1 wdkoseck

wdkoseck

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 22 February 2010 - 12:08 AM

My niece has a Compaq Presario laptop computer running windows Vista.

I can boot up in safe mode and get on her system but when I boot up normally it will not load her profile - I even removed the password and I still can not get in her profile. An error message staing that the User Services service did not start comes up.

Is there a way to create a new profile in safe mode to see if he profile is corrupt?

There is only one profile on the system.

I can post more details about the computer tomorrow I just wanted to get a general idea if there was a way to create a new profile in safe mode.

I have gone to the users section in the control panel but all I can see is her profile and I have run the malware bytes program and removed a ton of spyware from her system.

Thanks

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:10 AM

Posted 22 February 2010 - 01:34 AM

Check the event log files to see if they are not full.

Via control Panel and Administrative Tools

Edited by cryptodan, 22 February 2010 - 01:35 AM.


#3 wdkoseck

wdkoseck
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 22 February 2010 - 03:50 PM

When I get in her logs I find the following:

Fault bucket 12077901, type 5
Event Name: CLR20r3
Response: http://oca.microsoft.com/resredir.aspx?SID...Bucket=12077901
Cab Id: 0

Problem signature:
P1: mmc.exe
P2: 6.0.6000.16386
P3: 4549af41
P4: MMCEx
P5: 3.0.0.0
P6: 4549bcfc
P7: 81b
P8: 75
P9: N3CTRYE2KN3C34SGL4ZQYRBFTE4M13NB
P10:

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 2/22/2010 2:22:57 PM
Event ID: 1505
Task Category: None
Level: Error
Keywords: Classic
User: austyn-PC\austyn
Computer: austyn-PC
Description:
Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="49152">1505</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T20:22:57.000Z" />
<EventRecordID>28127</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>austyn-PC</Computer>
<Security UserID="S-1-5-21-457494642-2263526326-1064306866-1000" />
</System>
<EventData Name="EVENT_ADMIN_OVERRIDE">
<Data Name="Error">Access is denied. </Data>
</EventData>
</Event>

Attached files:
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER5705.tmp.version.txt

These files may be available here:


- System

- Provider

[ Name] Microsoft-Windows-User Profiles Service
[ Guid] {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}
[ EventSourceName] profsvc

- EventID 1505

[ Qualifiers] 49152

Version 0

Level 2

Task 0

Opcode 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2010-02-22T20:30:51.000Z

EventRecordID 28139

Correlation

- Execution

[ ProcessID] 0
[ ThreadID] 0

Channel Application

Computer austyn-PC

- Security

[ UserID] S-1-5-21-457494642-2263526326-1064306866-1000


- EventData

Error Access is denied.

I also get a message saying User Profile Service not available.

She is running a Presario C500 with 502mb ram and Windows Vista Home Basic 32 bit.

How do I see if the event logs are full?

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:10 AM

Posted 22 February 2010 - 04:07 PM

You right click on all the logs individually and select properties and see the log size then see what the maximum log file size is.

#5 wdkoseck

wdkoseck
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 22 February 2010 - 04:30 PM

Maximum for all logs is 20480

Application is 11.07mb
Security log is 17.07mb
System is 20mb

Setup maximum log size is 1028 kb
size is 68kb

I was finally able to see the user profiles on the system and All I see is the following

Temp.Austyn-pc.xxxx

and

Default
Public

It seems like there is no real profile on thi laptop - kind of lik it got deleted but nt sure.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:10 AM

Posted 22 February 2010 - 04:32 PM

Whats in location: C:\Users directory?

#7 wdkoseck

wdkoseck
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 22 February 2010 - 05:00 PM

if I open a cmd box and go to c:\users I get the following:


C:\Users>dir
Volume in drive C has no label.
Volume Serial Number is 3A43-F3DD

Directory of C:\Users

10/27/2009 11:37 AM <DIR> .
10/27/2009 11:37 AM <DIR> ..
02/23/2008 02:47 PM <DIR> Public
04/27/2008 05:04 PM <DIR> TEMP
06/11/2008 09:38 PM <DIR> TEMP.austyn-PC
07/23/2009 11:50 AM <DIR> TEMP.austyn-PC(56).004
08/05/2008 05:42 PM <DIR> TEMP.austyn-PC.000
08/13/2008 09:51 PM <DIR> TEMP.austyn-PC.001
11/15/2008 03:25 AM <DIR> TEMP.austyn-PC.002
12/15/2008 11:29 AM <DIR> TEMP.austyn-PC.003
07/23/2009 06:42 PM <DIR> TEMP.austyn-PC.004
09/13/2009 01:02 PM <DIR> TEMP.austyn-PC.005
09/18/2009 04:35 PM <DIR> TEMP.austyn-PC.006
10/23/2009 06:36 PM <DIR> TEMP.austyn-PC.007
0 File(s) 0 bytes
14 Dir(s) 43,218,194,432 bytes free

C:\Users>

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:10 AM

Posted 23 February 2010 - 06:33 AM

I think you maybe infected.

#9 wdkoseck

wdkoseck
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 23 February 2010 - 06:48 AM

When I left home I was running Trend Microscan's house call free virus scanner and it had found at least 2 viruses. Do you have any reccomendations on what else I can use to clean up this pc?

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:10 AM

Posted 23 February 2010 - 06:51 AM

When I left home I was running Trend Microscan's house call free virus scanner and it had found at least 2 viruses. Do you have any reccomendations on what else I can use to clean up this pc?



I will let the fine knowledgeable people here at BC tell you what to do.

#11 wdkoseck

wdkoseck
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 23 February 2010 - 07:26 AM

I will let the fine knowledgeable people here at BC tell you what to do.


Thanks for your help.

#12 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:10 AM

Posted 23 February 2010 - 09:58 AM

Moved to AII Forum.

#13 wdkoseck

wdkoseck
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 23 February 2010 - 05:54 PM

Thanks.

What programs can I run on this pc to find out exactly what kind of infections spyare / rootkit / virus that she has on it?

I ran the malware bytes and cleaned up over 100 items and I can try spybot search & destroy but beyond that I am lost because of the extent that this machine is messed up.

Would it be better to run the repair windows from the boot menu?

#14 wdkoseck

wdkoseck
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 25 February 2010 - 08:30 AM

I used to be able to access the internet in safe mode now all I get is page cannot be displayed.

#15 wdkoseck

wdkoseck
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 06 March 2010 - 06:45 PM

I think the best thing to do is to restor this machine - If I do what steps do I need to take?

The d: drive contains the restore partition,

Do I need to make a backup of this drive and if so what is the best way to do it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users