Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

On boot System problem with Admin Profile User


  • Please log in to reply

#16
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,546 posts

Please don't run any other fixing tools they will change the system and make my work harder.

 

I will post more instructions for you latter...


  • 0

Advertisements


#17
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,546 posts

Hi,

 

I prepared a fix for you that will try to repair your old profile...

 

- download the file ProfileFix.exe using the link I send you by PM

- execute the script and accept all the security prompts

- when the script finish Notepad will open with a log please copy & paste it contents to your post

 

After the fix don't try to login using your old user because it will not work yet!


  • 0

#18
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts

Hi Sleepy I will not run anything unless you instruct me to do so.  I did this abt 3-5 days ago before you responded.  I wanted to let you know what happened.

 

Log File

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 4/18/2018 11:20:56 AM >------
Category: 0
Computer Name: Scott-PC
Event Code: 1001
Record Number: 220978
Source Name: Microsoft-Windows-Wininit
Time Written: 04-18-2018 @ 17:20:16
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  218880 file records processed.                                         

File verification completed.
  2005 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  290128 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  218880 file SDs/SIDs processed.                                        

Cleaning up 91 unused index entries from index $SII of file 0x9.
Cleaning up 91 unused index entries from index $SDH of file 0x9.
Cleaning up 91 unused security descriptors.
Security descriptor verification completed.
  35625 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36510672 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  218864 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  44580755 free clusters processed.                                        

Free space verification is complete.
Windows has checked the file system and found no problems.

 488282111 KB total disk space.
 309504212 KB in 158439 files.
    114896 KB in 35626 indexes.
         0 KB in bad sectors.
    339983 KB in use by the system.
     65536 KB occupied by the log file.
 178323020 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  44580755 allocation units available on disk.

Internal Info:
00 57 03 00 1c f6 02 00 ee 83 05 00 00 00 00 00  .W..............
9e 6f 00 00 5c 00 00 00 00 00 00 00 00 00 00 00  .o..\...........
30 8f 18 00 50 01 17 00 80 1c 17 00 00 00 17 00  0...P...........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 1001
Record Number: 220135
Source Name: Microsoft-Windows-Wininit
Time Written: 04-16-2018 @ 17:49:41
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  218880 file records processed.                                         

File verification completed.
  1993 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  296598 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  218880 file SDs/SIDs processed.                                        

Cleaning up 657 unused index entries from index $SII of file 0x9.
Cleaning up 657 unused index entries from index $SDH of file 0x9.
Cleaning up 657 unused security descriptors.
Security descriptor verification completed.
  38860 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34971872 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  218864 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  45042109 free clusters processed.                                        

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 307660012 KB in 150146 files.
    115416 KB in 38861 indexes.
         0 KB in bad sectors.
    338247 KB in use by the system.
     65536 KB occupied by the log file.
 180168436 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  45042109 allocation units available on disk.

Internal Info:
00 57 03 00 5a e2 02 00 17 59 05 00 00 00 00 00  .W..Z....Y......
a9 6f 00 00 5c 00 00 00 00 00 00 00 00 00 00 00  .o..\...........
30 8f 0a 00 50 01 09 00 80 1c 09 00 00 00 09 00  0...P...........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 26212
Record Number: 219076
Source Name: Chkdsk
Time Written: 04-14-2018 @ 23:03:42
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.  

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
  194560 file records processed.                                         

File verification completed.
  2046 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  255548 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  194560 file SDs/SIDs processed.                                        

Cleaning up 86 unused index entries from index $SII of file 0x9.
Cleaning up 86 unused index entries from index $SDH of file 0x9.
Cleaning up 86 unused security descriptors.
Security descriptor verification completed.
  30495 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37693040 USN bytes processed.                                            

Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

 488282111 KB total disk space.
 307166652 KB in 159859 files.
    107432 KB in 30496 indexes.
         0 KB in bad sectors.
    316271 KB in use by the system.
     65536 KB occupied by the log file.
 180691756 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  45172939 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 26212
Record Number: 219073
Source Name: Chkdsk
Time Written: 04-14-2018 @ 22:59:46
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.  

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
  194560 file records processed.                                         

File verification completed.
  2046 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  255548 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  194560 file SDs/SIDs processed.                                        

Cleaning up 86 unused index entries from index $SII of file 0x9.
Cleaning up 86 unused index entries from index $SDH of file 0x9.
Cleaning up 86 unused security descriptors.
Security descriptor verification completed.
  30495 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37678736 USN bytes processed.                                            

Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

 488282111 KB total disk space.
 307096348 KB in 159856 files.
    107432 KB in 30496 indexes.
         0 KB in bad sectors.
    316655 KB in use by the system.
     65536 KB occupied by the log file.
 180761676 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  45190419 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 1001
Record Number: 212776
Source Name: Microsoft-Windows-Wininit
Time Written: 03-26-2018 @ 22:16:27
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
Deleted corrupt attribute list entry
with type code 128 in file 157410.
Unable to find child frs 0x29d32 with sequence number 0x1ae.
Deleted corrupt attribute list entry
with type code 128 in file 157410.
Unable to find child frs 0xa7fa with sequence number 0x2f6.
  193280 file records processed.                                         

File verification completed.
  1649 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  59 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
Index entry setuperr.log of index $I30 in file 0x1fa points to unused file 0x25723.
Deleting index entry setuperr.log in index $I30 of file 506.
Index entry lastalive0.dat of index $I30 in file 0x69b points to unused file 0x26443.
Deleting index entry lastalive0.dat in index $I30 of file 1691.
Index entry lastalive1.dat of index $I30 in file 0x69b points to unused file 0x2644e.
Deleting index entry lastalive1.dat in index $I30 of file 1691.
Index entry LASTAL~1.DAT of index $I30 in file 0x69b points to unused file 0x26443.
Deleting index entry LASTAL~1.DAT in index $I30 of file 1691.
Index entry LASTAL~2.DAT of index $I30 in file 0x69b points to unused file 0x2644e.
Deleting index entry LASTAL~2.DAT in index $I30 of file 1691.
Index entry ~FontCache-System.dat of index $I30 in file 0x69b points to unused file 0x29560.
Deleting index entry ~FontCache-System.dat in index $I30 of file 1691.
Index entry ~FONTC~2.DAT of index $I30 in file 0x69b points to unused file 0x29560.
Deleting index entry ~FONTC~2.DAT in index $I30 of file 1691.
The file reference 0x1460000000030fb of index entry asl.140239_24Mar18.log of index $I30
with parent 0xb718 is not the same as 0x1470000000030fb.
Deleting index entry asl.140239_24Mar18.log in index $I30 of file 46872.
The file reference 0x1460000000030fb of index entry ASL140~1.LOG of index $I30
with parent 0xb718 is not the same as 0x1470000000030fb.
Deleting index entry ASL140~1.LOG in index $I30 of file 46872.
Correcting error in index $I30 for file 158148.
Correcting error in index $I30 for file 158148.
The index bitmap $I30 in file 0x269c4 is incorrect.
Correcting error in index $I30 for file 158148.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
ff ff ff ff ff ff ff ff 5f 33 5e 36 d4 b4 d3 01  ........_3^6....
3f 46 21 f0 7b c3 d3 01 60 94 21 f0 7b c3 d3 01  ?F!.{...`.!.{...
Sorting index $I30 in file 158148.
  252702 index entries processed.                                        

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file ASL145~1.LOG (12539) into directory file 46872.
Recovering orphaned file asl.145042_26Mar18.log (12539) into directory file 46872.
Recovering orphaned file ASL145~1.LOG (21472) into directory file 48719.
Recovering orphaned file asl.145038_26Mar18.log (21472) into directory file 48719.
Recovering orphaned file thm8C06.tmp (57059) into directory file 158148.
Recovering orphaned file thm1F18.tmp (155624) into directory file 158148.
Recovering orphaned file thmCC83.tmp (157397) into directory file 158148.
Recovering orphaned file thmCC5E.tmp (157401) into directory file 158148.
Recovering orphaned file thmCC5F.tmp (157410) into directory file 158148.
Recovering orphaned file thmCC60.tmp (157465) into directory file 158148.
Recovering orphaned file thmCC61.tmp (157485) into directory file 158148.
  11 unindexed files scanned.                                        

Recovering orphaned file thmCC82.tmp (157487) into directory file 158148.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  193280 file SDs/SIDs processed.                                        

Cleaning up 83 unused index entries from index $SII of file 0x9.
Cleaning up 83 unused index entries from index $SDH of file 0x9.
Cleaning up 83 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 157410.
  29713 data files processed.                                           

CHKDSK is verifying Usn Journal...
The USN Journal entry at offset 0x7ee0e9000 and length 0xb9b0a672 crosses
the page boundary.
The USN Journal entry at offset 0x7ee0ea000 and length 0xb187dffb crosses
the page boundary.
Repairing Usn Journal file record segment.
  35242336 USN bytes processed.                                            

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 281557064 KB in 146743 files.
    101628 KB in 29714 indexes.
         0 KB in bad sectors.
    312655 KB in use by the system.
     65536 KB occupied by the log file.
 206310764 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  51577691 allocation units available on disk.

Internal Info:
00 f3 02 00 54 b1 02 00 80 08 05 00 00 00 00 00  ....T...........
1c 75 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  .u..;...........
11 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 1001
Record Number: 192163
Source Name: Microsoft-Windows-Wininit
Time Written: 01-22-2018 @ 21:15:17
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  187136 file records processed.                                         

File verification completed.
  2944 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  59 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
The file reference 0x2ed000000011744 of index entry lastalive0.dat of index $I30
with parent 0x69b is not the same as 0x2ec000000011744.
Deleting index entry lastalive0.dat in index $I30 of file 1691.
The file reference 0x2be00000001fb89 of index entry lastalive1.dat of index $I30
with parent 0x69b is not the same as 0x2bd00000001fb89.
Deleting index entry lastalive1.dat in index $I30 of file 1691.
The file reference 0x2ed000000011744 of index entry LASTAL~1.DAT of index $I30
with parent 0x69b is not the same as 0x2ec000000011744.
Deleting index entry LASTAL~1.DAT in index $I30 of file 1691.
The file reference 0x2be00000001fb89 of index entry LASTAL~2.DAT of index $I30
with parent 0x69b is not the same as 0x2bd00000001fb89.
Deleting index entry LASTAL~2.DAT in index $I30 of file 1691.
The file reference 0x3040000000117f9 of index entry ~FontCache-FontFace.dat of index $I30
with parent 0x69b is not the same as 0x3030000000117f9.
Deleting index entry ~FontCache-FontFace.dat in index $I30 of file 1691.
The file reference 0x22e00000001569d of index entry ~FontCache-System.dat of index $I30
with parent 0x69b is not the same as 0x22d00000001569d.
Deleting index entry ~FontCache-System.dat in index $I30 of file 1691.
The file reference 0x3040000000117f9 of index entry ~FONTC~1.DAT of index $I30
with parent 0x69b is not the same as 0x3030000000117f9.
Deleting index entry ~FONTC~1.DAT in index $I30 of file 1691.
The file reference 0x22e00000001569d of index entry ~FONTC~2.DAT of index $I30
with parent 0x69b is not the same as 0x22d00000001569d.
Deleting index entry ~FONTC~2.DAT in index $I30 of file 1691.
The file reference 0x25c00000002047c of index entry mpenginedb.db-shm of index $I30
with parent 0xd9e3 is not the same as 0x25b00000002047c.
Deleting index entry mpenginedb.db-shm in index $I30 of file 55779.
The file reference 0x25c00000002047c of index entry MPENGI~2.DB~ of index $I30
with parent 0xd9e3 is not the same as 0x25b00000002047c.
Deleting index entry MPENGI~2.DB~ in index $I30 of file 55779.
Correcting error in index $I30 for file 85918.
Correcting error in index $I30 for file 85918.
The index bitmap $I30 in file 0x14f9e is incorrect.
Correcting error in index $I30 for file 85918.
The down pointer of current index entry with length 0x70 is invalid.
97 04 02 00 00 00 60 02 70 00 52 00 01 00 00 00  ......`.p.R.....
9e 4f 01 00 00 00 2b 00 64 e4 ab 54 0a 92 d3 01  .O....+.d..T....
1c 4d b2 54 0a 92 d3 01 68 78 20 52 28 92 d3 01  .M.T....hx R(...
64 e4 ab 54 0a 92 d3 01 58 01 00 00 00 00 00 00  d..T....X.......
53 01 00 00 00 00 00 00 20 20 00 00 00 00 00 00  S.......  ......
08 02 39 00 44 00 36 00 38 00 46 00 34 00 7e 00  ..9.D.6.8.F.4.~.
31 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff  1...............
b5 04 02 00 00 00 62 02 70 00 52 00 01 00 00 00  ......b.p.R.....
Sorting index $I30 in file 85918.
The file reference 0xa6000000006e8a of index entry thm5492.tmp of index $I30
with parent 0x204fb is not the same as 0xa7000000006e8a.
Deleting index entry thm5492.tmp in index $I30 of file 132347.
  244596 index entries processed.                                        

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file LASTAL~1.DAT (71492) into directory file 1691.
Recovering orphaned file lastalive0.dat (71492) into directory file 1691.
Recovering orphaned file ~FONTC~1.DAT (71673) into directory file 1691.
Recovering orphaned file ~FontCache-FontFace.dat (71673) into directory file 1691.
Recovering orphaned file ~FONTC~2.DAT (87709) into directory file 1691.
Recovering orphaned file ~FontCache-System.dat (87709) into directory file 1691.
Recovering orphaned file LASTAL~2.DAT (129929) into directory file 1691.
Recovering orphaned file lastalive1.dat (129929) into directory file 1691.
Recovering orphaned file MPENGI~2.DB~ (132220) into directory file 55779.
Recovering orphaned file mpenginedb.db-shm (132220) into directory file 55779.
Recovering orphaned file 9d68f46e5f082ffdc5e2b0695a3758df1b691060 (132247) into directory file 85918.
Recovering orphaned file FAILTE~1 (149725) into directory file 55779.
Recovering orphaned file FailTelemetry (149725) into directory file 55779.
  9 unindexed files scanned.                                        

Recovering orphaned file WEBCAC~1.TMP (149767) into directory file 21553.
Recovering orphaned file WebCacheV01.tmp (149767) into directory file 21553.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  187136 file SDs/SIDs processed.                                        

Cleaning up 1547 unused index entries from index $SII of file 0x9.
Cleaning up 1547 unused index entries from index $SDH of file 0x9.
Cleaning up 1547 unused security descriptors.
Security descriptor verification completed.
  28731 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37328368 USN bytes processed.                                            

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 379204948 KB in 141035 files.
     98360 KB in 28733 indexes.
         0 KB in bad sectors.
    308575 KB in use by the system.
     65536 KB occupied by the log file.
 108670228 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  27167557 allocation units available on disk.

Internal Info:
00 db 02 00 32 97 02 00 94 d8 04 00 00 00 00 00  ....2...........
37 75 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  7u..;...........
11 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------


  • 0

#19
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts

Hi Sleepy, TY for the fix. Log posted. It was a small log ?

 

~~~ ProfileFix script starting... Wed 04/18/2018 11:28 ~~~
 
ARCH: x86
 
::: Loading user profile hive...
The operation completed successfully.

 
::: Loading UsrClass hive...
The operation completed successfully.

 
::: Adjusting Registry permissions on User profile...
Processing ACL of: <machine\TMP>

SetACL finished successfully.
 
::: Adjusting Registry permissions on UsrClass profile...
Processing ACL of: <machine\USR>

SetACL finished successfully.
 
::: Unloading Registry hives...
The operation completed successfully.

The operation completed successfully.


Edited by everythingsm, Yesterday, 12:51 PM.

  • 0

#20
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,546 posts

Hi,
 
Thanks for the log, no errors and that is good.
 
Before doing more things I would like you to remove AVG completely from the computer please follow the instructions on this link:
https://support.avg....o-uninstall-AVG
 
Start from step C) AVG Remover


  • 0

#21
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts

I completed the removal. Machine rebooted and came back up and ran another item. I clicked ok. It is complete and I'm back at the desktop. Do you need any logs ?


  • 0

#22
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,546 posts

No logs necessary I will check later using FRST.

 

Now we need to change the registry give me some time to post the instructions.


  • 0

#23
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,546 posts
!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
 
Please follow the instructions exactly in the order I post, if you have any doubts please ask
 
Step 1 - Edit the Registry
  • open Regedit, click Start -> Run -> regedit
  • navigate to the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  • on the left side, right click on the sub-key S-1-5-21-4044866103-2329573634-2605357377-1000 and use the option rename, add .new to the end of the key name like this S-1-5-21-4044866103-2329573634-2605357377-1000.new
  • again on the left side, right click on the sub-key S-1-5-21-4044866103-2329573634-2605357377-1000.bak and use the option rename, remove the .bak on the end of the key name like this S-1-5-21-4044866103-2329573634-2605357377-1000
  • make sure you have the sub-key S-1-5-21-4044866103-2329573634-2605357377-1000 selected on the left
  • on the right side double click the State value and change it to 0
  • close Regedit
Step 2 - Run FRST fix
  • Highlight the contents of the box below, right click on it and select Copy

    Start::
    reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s
    End::

  • Execute FRST/FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    FRST_Fix.png
  • Press the Fix button just once and Wait
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.

  • 0

#24
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts

Hi Sleepy here ya go.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by SM (19-04-2018 08:27:53) Run:2
Running from C:\Users\SM\Desktop
Loaded Profiles: SM (Available Profiles: Scott & SM & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s

*****************


========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags    REG_DWORD    0xc
    State    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    Sid    REG_BINARY    010100000000000512000000
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1000
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Scott
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BE8030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x0
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1000.new
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\TEMP
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1003
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\SM
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BEB030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x5
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-500
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Administrator
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x100
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BF4010000
    Migrated    REG_BINARY    201283A24154CF01
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x0
    RunLogonScriptSync    REG_DWORD    0x0



========= End of Reg: =========


==== End of Fixlog 08:27:54 ====


  • 0

#25
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,546 posts

Hi,

 

Time to restart the computer and try to logon using the old user account Scott

 

Please report if you can access your normal desktop now or if you see a temporary profile again.


  • 0

Advertisements


#26
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts

Hi,

 

Tried to log on and it says wrong password. I have always just booted up without the password.  I have tried many different password combos and am trying to see if i have this written down.  Is there a way to by pass this ?

 

There was no Temp Profile.  On the Desk top is SM and Other User Options (My USer Square does not show in options). I select other user then place for User Name and below it an area for Password. I type in Scott and Passwords I use (I rarely don't use the same password on anything). None of the passwords I use will open the User Profile.


Edited by everythingsm, Today, 11:36 AM.

  • 0

#27
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,546 posts

Logon using the SM account then open the Control Panel -> User Accounts -> Manage another account select the Scott account and change the password.

 

https://www.sevenfor...ord-change.html ( follow OPTION TWO)


  • 0

#28
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts

Sleepy you do not even know the monkey you just pulled off my back ! :alarm: :thumbsup:

 

I have struggled with this since 4/10 and thought this was dust and you saved it. I was literally seconds from adjusting regedit myself and looked in my mailbox one last time and your message was there. I might have gotten the User Profile done with .bak but I had no idea reg the fixes you did with FAR etc.

 

All seems in tack except Firefox is older edition.  The rest seems to be here from what I can see.  I have some questions I want to pose reg how this might have happened, making a copy of the Admin User Id for future situations. My first is do I just upgrade FireFox and will that put the remaining back to normal ?


  • 0

#29
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,546 posts

Good.

 

Before doing more things please reboot the machine and logon again with the scott account to see if it continues to work.

 

Run a new FRST scan from this user and post the new logs so I can review the system state.


  • 0






Similar Topics

3 user(s) are reading this topic

2 members, 1 guests, 0 anonymous users


    everythingsm, SleepyDude

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP