Windows Vista Tips
Home Register Members Search Windows Vista Tips File Database Links
Member Login:

Windows Vista Tips > Newsgroups > Windows Server > Windows cannot load the locally stored profile

Reply
Thread Tools Display Modes

Windows cannot load the locally stored profile

 
 
charlestek
Guest
Posts: n/a

 
      04-30-2007
Been getting event ID 1502 when I try to boot the Win 2003 server I use as a
workstation for software development. Ran chkdsk /r, no problems. Usually
if I reboot a few time, the problem goes away, and I login normally. This
started a few weeks ago. Sometimes it will be days between this cropping up
when booting.

I will note that I've been getting a lot of Windows desktop search errors,
but I've disabled indexing from my profile area.

Because of this article: F:\Documents and
Settings\Administrator\Desktop\ProfileProblems\thr ead-180344.php.htm

Citing: "How are user registry handles
"leaked"? Often by having a service run as the user's credentials."


Just now, I enabled user environment debug logging per
http://support.microsoft.com/kb/221833, and logged out and back in
(successfully, unfortunately).

ANY HELP WOULD BE GREATLY APPRECIATED. THANKS, Phil

The userenv.log text is as follows:
USERENV(bf0.c50) 18:32:28:828 LibMain: Process Name:
F:\WINDOWS\system32\dumprep.exe
USERENV(db8.dec) 18:33:35:656 LibMain: Process Name: C:\Program
Files\Internet Explorer\iexplore.exe
USERENV(db8.dec) 18:33:35:656 GetProfileType: Profile already
loaded.
USERENV(db8.dec) 18:33:35:656 GetProfileType: ProfileFlags is 0
USERENV(db8.7c0) 18:33:35:890 ImpersonateUser: Failed to
impersonate user with 5.
USERENV(db8.7c0) 18:33:35:906 GetUserNameAndDomain Failed to
impersonate user
USERENV(db8.7c0) 18:33:35:906 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(db8.7c0) 18:33:35:906 ImpersonateUser: Failed to
impersonate user with 5.
USERENV(db8.7c0) 18:33:35:906 GetUserNameAndDomain Failed to
impersonate user
USERENV(db8.7c0) 18:33:35:906 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(db8.cd0) 18:34:33:562 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: Yes, we can
impersonate the user. Running as self
USERENV(1ac.1b0) 18:42:47:718
================================================== =======
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: Entering, hToken
= <0x804>, lpProfileInfo = 0x6e5d8
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile:
lpProfileInfo->dwFlags = <0x0>
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile:
lpProfileInfo->lpUserName = <Administrator>
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: NULL central
profile path
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: NULL default
profile path
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: NULL server name
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: In console
winlogon process
USERENV(1ac.1b0) 18:42:47:718 In LoadUserProfileP
USERENV(1ac.1b0) 18:42:47:718
================================================== =======
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: Entering, hToken
= <0x804>, lpProfileInfo = 0x6e5d8
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile:
lpProfileInfo->dwFlags = <0x0>
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile:
lpProfileInfo->lpUserName = <Administrator>
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: NULL central
profile path
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: NULL default
profile path
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: NULL server name
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: User sid:
S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1ac.1b0) 18:42:47:718 CSyncManager::EnterLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.1b0) 18:42:47:718 CSyncManager::EnterLock: No
existing entry found
USERENV(1ac.1b0) 18:42:47:718 CSyncManager::EnterLock: New entry
created
USERENV(1ac.1b0) 18:42:47:718 CHashTable::HashAdd:
S-1-5-21-1653384031-3508051079-812977905-500 added in bucket 6
USERENV(1ac.1b0) 18:42:47:718 LoadUserProfile: Wait succeeded.
In critical section.
USERENV(1ac.1b0) 18:42:47:718 TestIfUserProfileLoaded: return
with error 2.
USERENV(1ac.1b0) 18:42:47:718 RestoreUserProfile: Entering
USERENV(1ac.1b0) 18:42:47:718 RestoreUserProfile: User is a
Admin
USERENV(1ac.1b0) 18:42:47:718 IsCentralProfileReachable:
Entering
USERENV(1ac.1b0) 18:42:47:718 IsCentralProfileReachable: Null
path. Leaving
USERENV(1ac.1b0) 18:42:47:718 RestoreUserProfile: Profile path
= <>
USERENV(1ac.1b0) 18:42:47:718 ExtractProfileFromBackup: A
profile already exists
USERENV(1ac.1b0) 18:42:47:718 PatchNewProfileIfRequred: A
profile already exists with the current sid, exitting
USERENV(1ac.1b0) 18:42:47:718 CreateLocalProfileKey: user
<S-1-5-21-1653384031-3508051079-812977905-500> is local, not setting
preference key
USERENV(1ac.1b0) 18:42:47:718 GetExistingLocalProfileImage:
Found entry in profile list for existing local profile
USERENV(1ac.1b0) 18:42:47:718 GetExistingLocalProfileImage:
Local profile image filename = <%SystemDrive%\Documents and
Settings\Administrator>
USERENV(1ac.1b0) 18:42:47:718 GetExistingLocalProfileImage:
Expanded local profile image filename = <F:\Documents and
Settings\Administrator>
USERENV(1ac.1b0) 18:42:47:718 GetExistingLocalProfileImage: No
local mandatory profile. Error = 2
USERENV(1ac.1b0) 18:42:47:718 GetExistingLocalProfileImage:
Found local profile image file ok <F:\Documents and
Settings\Administrator\ntuser.dat>
USERENV(1ac.1b0) 18:42:47:718 GetExistingLocalProfileImage:
Failed to query low profile unload time with error 2
USERENV(1ac.1b0) 18:42:47:734 Local Existing Profile Image is
reachable
USERENV(1ac.1b0) 18:42:47:734 Local profile name is
<F:\Documents and Settings\Administrator>
USERENV(1ac.1b0) 18:42:47:734 RestoreUserProfile: No central
profile. Attempting to load local profile.
USERENV(1ac.1b0) 18:42:48:093 MyRegLoadKey: Returning 00000000
USERENV(1ac.1b0) 18:42:48:109 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(1ac.1b0) 18:42:48:109 MyRegLoadKeyEx: Loading key
<S-1-5-21-1653384031-3508051079-812977905-500_Classes>
USERENV(1ac.1b0) 18:42:48:125 MyRegLoadKeyEx: Successfully
loaded <S-1-5-21-1653384031-3508051079-812977905-500_Classes>
USERENV(1ac.1b0) 18:42:48:125 CreateClassHive: existing user
classes hive found
USERENV(1ac.1b0) 18:42:48:125 RestoreUserProfile: About to
Leave. Final Information follows:
USERENV(1ac.1b0) 18:42:48:125 Profile was successfully loaded.
USERENV(1ac.1b0) 18:42:48:125 lpProfile->lpRoamingProfile = <>
USERENV(1ac.1b0) 18:42:48:125 lpProfile->lpLocalProfile =
<F:\Documents and Settings\Administrator>
USERENV(1ac.1b0) 18:42:48:125 lpProfile->dwInternalFlags = 0x100
USERENV(1ac.1b0) 18:42:48:125 RestoreUserProfile: Leaving.
USERENV(1ac.1b0) 18:42:48:125 UpgradeProfile: Entering
USERENV(1ac.1b0) 18:42:48:125 UpgradeProfile: Build numbers
match
USERENV(1ac.1b0) 18:42:48:125 UpgradeProfile: Leaving
Successfully
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(AppData) : <%APPDATA%> expanded to <F:\Documents and
Settings\Administrator\Application Data>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Cookies) : <%USERPROFILE%\Cookies> expanded to <F:\Documents and
Settings\Administrator\Cookies>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Desktop) : <%USERPROFILE%\Desktop> expanded to <F:\Documents and
Settings\Administrator\Desktop>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Favorites) : <%USERPROFILE%\Favorites> expanded to <F:\Documents and
Settings\Administrator\Favorites>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(NetHood) : <%USERPROFILE%\NetHood> expanded to <F:\Documents and
Settings\Administrator\NetHood>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Personal) : <%USERPROFILE%\My Documents> expanded to <F:\Documents
and Settings\Administrator\My Documents>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(PrintHood) : <%USERPROFILE%\PrintHood> expanded to <F:\Documents and
Settings\Administrator\PrintHood>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Recent) : <%USERPROFILE%\Recent> expanded to <F:\Documents and
Settings\Administrator\Recent>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(SendTo) : <%USERPROFILE%\SendTo> expanded to <F:\Documents and
Settings\Administrator\SendTo>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Start Menu) : <%USERPROFILE%\Start Menu> expanded to <F:\Documents
and Settings\Administrator\Start Menu>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Templates) : <%USERPROFILE%\Templates> expanded to <F:\Documents and
Settings\Administrator\Templates>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Programs) : <%USERPROFILE%\Start Menu\Programs> expanded to
<F:\Documents and Settings\Administrator\Start Menu\Programs>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Startup) : <%USERPROFILE%\Start Menu\Programs\Startup> expanded to
<F:\Documents and Settings\Administrator\Start Menu\Programs\Startup>.
USERENV(1ac.1b0) 18:42:48:125 PrepareProfileForUse: User Shell
Folder(Local Settings) : <%USERPROFILE%\Local Settings> expanded to
<F:\Documents and Settings\Administrator\Local Settings>.
USERENV(1ac.1b0) 18:42:48:140 PrepareProfileForUse: User Shell
Folder(Local AppData) : <%USERPROFILE%\Local Settings\Application Data>
expanded to <F:\Documents and Settings\Administrator\Local
Settings\Application Data>.
USERENV(1ac.1b0) 18:42:48:140 PrepareProfileForUse: User Shell
Folder(Cache) : <%USERPROFILE%\Local Settings\Temporary Internet Files>
expanded to <F:\Documents and Settings\Administrator\Local
Settings\Temporary Internet Files>.
USERENV(1ac.1b0) 18:42:48:140 PrepareProfileForUse: User Shell
Folder(History) : <%USERPROFILE%\Local Settings\History> expanded to
<F:\Documents and Settings\Administrator\Local Settings\History>.
USERENV(1ac.1b0) 18:42:48:140 Profile Ref Count is 1
USERENV(1ac.1b0) 18:42:48:140 LoadUserProfile: Leaving critical
Section.
USERENV(1ac.1b0) 18:42:48:140 CSyncManager::LeaveLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.1b0) 18:42:48:140 CSyncManager::LeaveLock: Lock
released
USERENV(1ac.1b0) 18:42:48:140 CHashTable::HashDelete:
S-1-5-21-1653384031-3508051079-812977905-500 deleted
USERENV(1ac.1b0) 18:42:48:156 CSyncManager::LeaveLock: Lock
deleted
USERENV(1ac.1b0) 18:42:48:156 LoadUserProfile: Impersonated
user: 00000804, 00000000
USERENV(1ac.1b0) 18:42:48:156 LoadUserProfile: 002 About
Reverted to user: 00000000
USERENV(1ac.1b0) 18:42:48:156 LoadUserProfile: Leaving with a
value of 1.
USERENV(1ac.1b0) 18:42:48:156
================================================== =======
USERENV(1ac.1b0) 18:42:48:156 LoadUserProfile: LoadUserProfileP
succeeded
USERENV(1ac.1b0) 18:42:48:156 LoadUserProfile: Returning
success. Final Information follows:
USERENV(1ac.1b0) 18:42:48:156 lpProfileInfo->UserName =
<Administrator>
USERENV(1ac.1b0) 18:42:48:156 lpProfileInfo->lpProfilePath =
<(null)>
USERENV(1ac.1b0) 18:42:48:156 lpProfileInfo->dwFlags = 0x0
USERENV(1ac.1b0) 18:42:48:156 LoadUserProfile: Returning TRUE.
hProfile = <0x814>
USERENV(1ac.1b0) 18:42:48:156 ApplySystemPolicy: Entering
USERENV(1ac.1b0) 18:42:48:156 ApplySystemPolicy: No Policy
file. Leaving.
USERENV(1ac.1b0) 18:42:48:156 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(1ac.1b0) 18:42:48:859 IsSyncForegroundPolicyRefresh:
Synchronous, Reason: policy set to SYNC
USERENV(1ac.168) 18:42:48:859 IsSyncForegroundPolicyRefresh:
Synchronous, Reason: policy set to SYNC
USERENV(1ac.168) 18:42:48:875 ApplyGroupPolicy: Entering. Flags
= 2
USERENV(1ac.168) 18:42:48:875 ApplyGroupPolicy: Duplicating
handles
USERENV(1ac.168) 18:42:48:875 ProcessGPOs:
USERENV(1ac.168) 18:42:48:875 ProcessGPOs:
USERENV(1ac.168) 18:42:48:875 ProcessGPOs: Starting user Group
Policy (Sync forground) processing...
USERENV(1ac.168) 18:42:48:875 ProcessGPOs:
USERENV(1ac.168) 18:42:48:875 ProcessGPOs:
USERENV(1ac.168) 18:42:48:875 EnterCriticalPolicySectionEx:
Entering with timeout 600000 and flags 0x0
USERENV(1ac.168) 18:42:48:875 EnterCriticalPolicySectionEx: User
critical section has been claimed. Handle = 0x888
USERENV(1ac.168) 18:42:48:875 EnterCriticalPolicySectionEx:
Leaving successfully.
USERENV(1ac.168) 18:42:48:875 ProcessGPOs: Machine role is 0.
USERENV(1ac.168) 18:42:48:875 ReadGPExtensions: Rsop entry point
not found for dskquota.dll.
USERENV(1ac.168) 18:42:48:875 ReadGPExtensions: Rsop entry point
not found for gptext.dll.
USERENV(1ac.168) 18:42:48:875 ReadGPExtensions: Rsop entry point
not found for iedkcs32.dll.
USERENV(1ac.168) 18:42:48:875 ReadGPExtensions: Rsop entry point
not found for F:\WINDOWS\System32\srchadmin.dll.
USERENV(1ac.168) 18:42:48:875 ReadGPExtensions: Rsop entry point
not found for scecli.dll.
USERENV(1ac.168) 18:42:48:875 ReadGPExtensions: Rsop entry point
not found for F:\WINDOWS\System32\cscui.dll.
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(1ac.168) 18:42:48:875 ReadStatus: Read Extension's
Previous status successfully.
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {7933F41E-56F8-41d6-A31C-4148A711EE93}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(1ac.168) 18:42:48:875 ReadExtStatus: Reading Previous
Status for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(1ac.168) 18:42:48:906 ProcessGPOs: No site name
defined. Skipping site policy.
USERENV(1ac.168) 18:42:48:906 ProcessGPOs: Calling GetGPOInfo
for normal policy mode
USERENV(1ac.168) 18:42:48:906 GetGPOInfo:
********************************
USERENV(1ac.168) 18:42:48:906 GetGPOInfo: Entering...
USERENV(1ac.168) 18:42:48:906 GetGPOInfo: lpHostName or
lpDNName is NULL. Skipping DS stuff.
USERENV(1ac.168) 18:42:48:906 GetGPOInfo: Leaving with 1
USERENV(1ac.168) 18:42:48:906 GetGPOInfo:
********************************
USERENV(1ac.168) 18:42:48:906 ProcessGPOs: Logging Data for
Target <Administrator>.
USERENV(1ac.168) 18:42:48:906 ProcessGPOs: OpenThreadToken
failed with error 1008, assuming thread is not impersonating
USERENV(1ac.168) 18:42:48:906
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:906 ProcessGPOs: Processing extension
Registry
USERENV(1ac.168) 18:42:48:906 ReadStatus: Read Extension's
Previous status successfully.
USERENV(1ac.168) 18:42:48:906 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:906 CheckGPOs: No GPO changes and no
security group membership change and extension Registry has NoGPOChanges
set.
USERENV(1ac.168) 18:42:48:906
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:906
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:906 ProcessGPOs: Processing extension
Wireless Group Policy
USERENV(1ac.168) 18:42:48:906 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:906 CheckGPOs: No GPO changes but
couldn't read extension Wireless Group Policy's status or policy time.
USERENV(1ac.168) 18:42:48:906 ProcessGPOs: Extension Wireless
Group Policy skipped with flags 0x2.
USERENV(1ac.168) 18:42:48:906
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:906 ProcessGPOs: Processing extension
Folder Redirection
USERENV(1ac.168) 18:42:48:906 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:906 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension Folder Redirection's status or policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension Folder
Redirection skipped because both deleted and changed GPO lists are empty.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
Microsoft Disk Quota
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension Microsoft Disk Quota's status or policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension Microsoft
Disk Quota skipped with flags 0x2.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
QoS Packet Scheduler
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension QoS Packet Scheduler's status or policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension QoS Packet
Scheduler skipped with flags 0x2.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
Scripts
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension Scripts's status or policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension Scripts
skipped because both deleted and changed GPO lists are empty.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
Internet Explorer Zonemapping
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension Internet Explorer Zonemapping's status or policy
time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension Internet
Explorer Zonemapping skipped because both deleted and changed GPO lists are
empty.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
Windows Search Group Policy Extension
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension Windows Search Group Policy Extension's status or
policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension Windows
Search Group Policy Extension skipped with flags 0x2.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
Security
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension Security's status or policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension Security
skipped with flags 0x2.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
Internet Explorer Branding
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension Internet Explorer Branding's status or policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension Internet
Explorer Branding skipped because both deleted and changed GPO lists are
empty.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
EFS recovery
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension EFS recovery's status or policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension EFS
recovery skipped with flags 0x2.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
Microsoft Offline Files
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CheckGPOs: No GPO changes but
couldn't read extension Microsoft Offline Files's status or policy time.
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Extension Microsoft
Offline Files skipped with flags 0x2.
USERENV(1ac.168) 18:42:48:921
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:921 ProcessGPOs: Processing extension
Software Installation
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:921 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:937 CheckGPOs: No GPO changes but
couldn't read extension Software Installation's status or policy time.
USERENV(1ac.168) 18:42:48:937 ProcessGPOs: Extension Software
Installation skipped because both deleted and changed GPO lists are empty.
USERENV(1ac.168) 18:42:48:937
ProcessGPOs: -----------------------
USERENV(1ac.168) 18:42:48:937 ProcessGPOs: Processing extension
IP Security
USERENV(1ac.168) 18:42:48:937 CompareGPOLists: The lists are
the same.
USERENV(1ac.168) 18:42:48:937 CheckGPOs: No GPO changes but
couldn't read extension IP Security's status or policy time.
USERENV(1ac.168) 18:42:48:937 ProcessGPOs: Extension IP Security
skipped with flags 0x2.
USERENV(1ac.168) 18:42:48:937 SetFgRefreshInfo: Previous User Fg
policy Synchronous, Reason: SKU.
USERENV(1ac.168) 18:42:48:937 SetFgRefreshInfo: Next User Fg
policy Synchronous, Reason: SKU.
USERENV(1ac.168) 18:42:48:937 ProcessGPOs: No WMI logging done
in this policy cycle.
USERENV(1ac.168) 18:42:48:937 LeaveCriticalPolicySection:
Critical section 0x888 has been released.
USERENV(1ac.168) 18:42:48:937 ProcessGPOs: User Group Policy has
been applied.
USERENV(1ac.168) 18:42:48:937 ProcessGPOs: Leaving with 1.
USERENV(1ac.168) 18:42:48:937 ApplyGroupPolicy: Leaving
successfully.
USERENV(1ac.16c) 18:42:49:031 GPOThread: Next refresh will
happen in 108 minutes
USERENV(1ac.1b0) 18:42:49:218 IsSyncForegroundPolicyRefresh:
Synchronous, Reason: policy set to SYNC
USERENV(e4c.bc8) 18:42:49:453 LibMain: Process Name:
F:\WINDOWS\system32\userinit.exe
USERENV(9f4.ac4) 18:42:50:359 LibMain: Process Name:
F:\WINDOWS\Explorer.EXE
USERENV(9f4.ac4) 18:42:50:500 GetProfileType: Profile already
loaded.
USERENV(9f4.ac4) 18:42:50:500 GetProfileType: ProfileFlags is 0
USERENV(9f4.ac4) 18:42:50:515 GetProfileType: Profile already
loaded.
USERENV(9f4.b88) 18:42:50:531 GetProfileType: Profile already
loaded.
USERENV(9f4.ac4) 18:42:50:531 GetProfileType: ProfileFlags is 0
USERENV(9f4.b88) 18:42:50:531 GetProfileType: ProfileFlags is 0
USERENV(72c.814) 18:42:51:093 LibMain: Process Name:
F:\WINDOWS\system32\RUNDLL32.EXE
USERENV(948.950) 18:42:51:515 LibMain: Process Name:
F:\WINDOWS\system32\RUNDLL32.EXE
USERENV(224.37c) 18:42:51:734 LibMain: Process Name: F:\Program
Files\Windows Defender\MSASCui.exe
USERENV(72c.814) 18:42:52:046 LoadUserProfile: Yes, we can
impersonate the user. Running as self
USERENV(72c.814) 18:42:52:078
================================================== =======
USERENV(72c.814) 18:42:52:187 LoadUserProfile: Entering, hToken
= <0xb4>, lpProfileInfo = 0x7f678
USERENV(72c.814) 18:42:52:250 LoadUserProfile:
lpProfileInfo->dwFlags = <0x1>
USERENV(72c.814) 18:42:52:312 LoadUserProfile:
lpProfileInfo->lpUserName = <Administrator>
USERENV(72c.814) 18:42:52:406 LoadUserProfile: NULL central
profile path
USERENV(72c.814) 18:42:52:484 LoadUserProfile: NULL default
profile path
USERENV(948.950) 18:42:52:468 LibMain: Process Name:
F:\WINDOWS\system32\RUNDLL32.EXE
USERENV(72c.814) 18:42:52:562 LoadUserProfile: NULL server name
USERENV(72c.814) 18:42:52:703 LoadUserProfile: no thread token
found, impersonating self.
USERENV(bec.1c4) 18:42:52:703 LibMain: Process Name:
F:\WINDOWS\system32\ctfmon.exe
USERENV(bec.1c4) 18:42:52:859 GetProfileType: Profile already
loaded.
USERENV(72c.814) 18:42:52:937 LoadUserProfile: Calling
DropClientToken (as self) succeeded
USERENV(1ac.b34) 18:42:53:062 IProfileSecurityCallBack: client
authenticated.
USERENV(bec.1c4) 18:42:53:062 GetProfileType: ProfileFlags is 0
USERENV(1ac.b34) 18:42:53:125 In LoadUserProfileP
USERENV(1ac.b34) 18:42:53:265 LoadUserProfile: Running as
client, sid = S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1ac.b34) 18:42:53:828
================================================== =======
USERENV(1ac.b34) 18:42:53:859 LoadUserProfile: Entering, hToken
= <0x174>, lpProfileInfo = 0x109cfa0
USERENV(1ac.b34) 18:42:54:453 LoadUserProfile:
lpProfileInfo->dwFlags = <0x1>
USERENV(1ac.b34) 18:42:54:453 LoadUserProfile:
lpProfileInfo->lpUserName = <Administrator>
USERENV(1ac.b34) 18:42:54:453 LoadUserProfile: NULL central
profile path
USERENV(1ac.b34) 18:42:54:453 LoadUserProfile: NULL default
profile path
USERENV(1ac.b34) 18:42:54:468 LoadUserProfile: NULL server name
USERENV(1ac.b34) 18:42:54:468 LoadUserProfile: User sid:
S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1ac.b34) 18:42:54:468 CSyncManager::EnterLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.b34) 18:42:54:484 CSyncManager::EnterLock: No
existing entry found
USERENV(1ac.b34) 18:42:54:500 CSyncManager::EnterLock: New entry
created
USERENV(1ac.b34) 18:42:54:515 CHashTable::HashAdd:
S-1-5-21-1653384031-3508051079-812977905-500 added in bucket 6
USERENV(1ac.b34) 18:42:54:531 LoadUserProfile: Wait succeeded.
In critical section.
USERENV(1ac.b34) 18:42:54:578 TestIfUserProfileLoaded: Profile
already loaded.
USERENV(1ac.b34) 18:42:54:609 LoadUserClasses: classes hive
already loaded.
USERENV(1ac.b34) 18:42:54:640 Profile Ref Count is 2
USERENV(1ac.b34) 18:42:54:671 LoadUserProfile: Leaving critical
Section.
USERENV(1ac.b34) 18:42:54:812 CSyncManager::LeaveLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.b34) 18:42:54:843 CSyncManager::LeaveLock: Lock
released
USERENV(1ac.b34) 18:42:54:843 CHashTable::HashDelete:
S-1-5-21-1653384031-3508051079-812977905-500 deleted
USERENV(1ac.b34) 18:42:54:843 CSyncManager::LeaveLock: Lock
deleted
USERENV(1ac.b34) 18:42:54:859 LoadUserProfile: Impersonated
user: 00000174, 00000928
USERENV(1ac.b34) 18:42:54:859 LoadUserProfile: 002 About
Reverted to user: 00000928
USERENV(1ac.b34) 18:42:54:859 LoadUserProfile: 003 About
Reverted back to user <00000000>
USERENV(1ac.b34) 18:42:54:859 LoadUserProfile: Leaving with a
value of 1.
USERENV(1ac.b34) 18:42:54:859
================================================== =======
USERENV(1ac.b34) 18:42:54:859 LoadUserProfileI: returning 0
USERENV(72c.814) 18:42:54:859 LoadUserProfile: Running as self
USERENV(72c.814) 18:42:54:859 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(72c.814) 18:42:54:859 LoadUserProfile: Returning
success. Final Information follows:
USERENV(72c.814) 18:42:54:859 lpProfileInfo->UserName =
<Administrator>
USERENV(72c.814) 18:42:54:859 lpProfileInfo->lpProfilePath =
<(null)>
USERENV(72c.814) 18:42:54:859 lpProfileInfo->dwFlags = 0x1
USERENV(1ac.1d8) 18:42:54:859 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.1d8) 18:42:54:859 ReleaseClientContext: Releasing
context
USERENV(1ac.1d8) 18:42:54:859 ReleaseClientContext_s: Releasing
context
USERENV(1ac.1d8) 18:42:54:859 MIDL_user_free enter
USERENV(72c.814) 18:42:54:859 ReleaseInterface: Releasing rpc
binding handle
USERENV(72c.814) 18:42:54:859 LoadUserProfile: Returning TRUE.
hProfile = <0xe4>
USERENV(72c.814) 18:42:54:859 UnloadUserProfile: Entering,
hProfile = <0xe4>
USERENV(72c.814) 18:42:54:859 UnloadUserProfile: no thread token
found, impersonating self.
USERENV(72c.814) 18:42:54:859 GetInterface: Returning rpc
binding handle
USERENV(1ac.e18) 18:42:54:859 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.e18) 18:42:54:859 DropClientContext: Got client
token 00000144, sid = S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1ac.e18) 18:42:54:859 MIDL_user_allocate enter
USERENV(1ac.e18) 18:42:54:859 DropClientContext: load profile
object successfully made
USERENV(1ac.e18) 18:42:54:859 DropClientContext: Returning 0
USERENV(72c.814) 18:42:54:859 UnLoadUserProfile: Calling
DropClientToken (as self) succeeded
USERENV(1ac.1d8) 18:42:54:875 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.1d8) 18:42:54:875 UnloadUserProfileP: Entering,
hProfile = <0x6cc>
USERENV(1ac.1d8) 18:42:54:875 UnloadUserProfileP:
ImpersonateUser <00000144>, old token is <00000000>
USERENV(1ac.1d8) 18:42:54:875 GetExclusionListFromRegistry:
Policy list is empty, returning user list = <Local Settings;Temporary
Internet Files;History;Temp;Local Settings\Application
Data\Microsoft\Outlook>
USERENV(1ac.1d8) 18:42:54:875 CSyncManager::EnterLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.1d8) 18:42:54:875 CSyncManager::EnterLock: No
existing entry found
USERENV(1ac.1d8) 18:42:54:875 CSyncManager::EnterLock: New entry
created
USERENV(1ac.1d8) 18:42:54:875 CHashTable::HashAdd:
S-1-5-21-1653384031-3508051079-812977905-500 added in bucket 6
USERENV(1ac.1d8) 18:42:54:875 UnloadUserProfileP: Wait
succeeded. In critical section.
USERENV(1ac.1d8) 18:42:55:656 UnloadUserProfileP: Didn't unload
user profile, Ref Count is 1
USERENV(1ac.1d8) 18:42:55:703 UnloadUserProfileP: About Reverted
back to user <00000000>
USERENV(1ac.1d8) 18:42:55:718 CSyncManager::LeaveLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.1d8) 18:42:55:750 CSyncManager::LeaveLock: Lock
released
USERENV(1ac.1d8) 18:42:55:781 CHashTable::HashDelete:
S-1-5-21-1653384031-3508051079-812977905-500 deleted
USERENV(1ac.1d8) 18:42:55:828 CSyncManager::LeaveLock: Lock
deleted
USERENV(1ac.1d8) 18:42:55:843 UnloadUserProfileP: Leave critical
section.
USERENV(1ac.1d8) 18:42:55:859 UnloadUserProfileP: Leaving with a
return value of 1
USERENV(1ac.1d8) 18:42:55:875 UnloadUserProfileI: returning 0
USERENV(72c.814) 18:42:55:875 UnloadUserProfile: Calling
UnloadUserProfileI succeeded
USERENV(1ac.b34) 18:42:55:875 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.b34) 18:42:55:875 ReleaseClientContext: Releasing
context
USERENV(1ac.b34) 18:42:55:875 ReleaseClientContext_s: Releasing
context
USERENV(1ac.b34) 18:42:55:890 MIDL_user_free enter
USERENV(72c.814) 18:42:55:906 ReleaseInterface: Releasing rpc
binding handle
USERENV(72c.814) 18:42:55:921 UnloadUserProfile: returning 1
USERENV(72c.814) 18:42:56:062 LoadUserProfile: Yes, we can
impersonate the user. Running as self
USERENV(72c.814) 18:42:56:078
================================================== =======
USERENV(72c.814) 18:42:56:078 LoadUserProfile: Entering, hToken
= <0xe4>, lpProfileInfo = 0x7f678
USERENV(72c.814) 18:42:56:093 LoadUserProfile:
lpProfileInfo->dwFlags = <0x1>
USERENV(72c.814) 18:42:56:093 LoadUserProfile:
lpProfileInfo->lpUserName = <Administrator>
USERENV(72c.814) 18:42:56:109 LoadUserProfile: NULL central
profile path
USERENV(72c.814) 18:42:56:125 LoadUserProfile: NULL default
profile path
USERENV(72c.814) 18:42:56:125 LoadUserProfile: NULL server name
USERENV(72c.814) 18:42:56:140 LoadUserProfile: no thread token
found, impersonating self.
USERENV(72c.814) 18:42:56:140 GetInterface: Returning rpc
binding handle
USERENV(1ac.e18) 18:42:56:156 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.e18) 18:42:56:171 DropClientContext: Got client
token 00000144, sid = S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1ac.e18) 18:42:56:203 MIDL_user_allocate enter
USERENV(1ac.e18) 18:42:56:218 DropClientContext: load profile
object successfully made
USERENV(1ac.e18) 18:42:56:234 DropClientContext: Returning 0
USERENV(72c.814) 18:42:56:250 LoadUserProfile: Calling
DropClientToken (as self) succeeded
USERENV(1ac.1d8) 18:42:56:265 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.1d8) 18:42:56:281 In LoadUserProfileP
USERENV(1ac.1d8) 18:42:56:281 LoadUserProfile: Running as
client, sid = S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1ac.1d8) 18:42:56:296
================================================== =======
USERENV(1ac.1d8) 18:42:56:296 LoadUserProfile: Entering, hToken
= <0x928>, lpProfileInfo = 0x109c9f8
USERENV(1ac.1d8) 18:42:56:312 LoadUserProfile:
lpProfileInfo->dwFlags = <0x1>
USERENV(1ac.1d8) 18:42:56:312 LoadUserProfile:
lpProfileInfo->lpUserName = <Administrator>
USERENV(1ac.1d8) 18:42:56:312 LoadUserProfile: NULL central
profile path
USERENV(1ac.1d8) 18:42:56:312 LoadUserProfile: NULL default
profile path
USERENV(1ac.1d8) 18:42:56:328 LoadUserProfile: NULL server name
USERENV(1ac.1d8) 18:42:56:343 LoadUserProfile: User sid:
S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1ac.1d8) 18:42:56:343 CSyncManager::EnterLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.1d8) 18:42:56:359 CSyncManager::EnterLock: No
existing entry found
USERENV(1ac.1d8) 18:42:56:359 CSyncManager::EnterLock: New entry
created
USERENV(1ac.1d8) 18:42:56:375 CHashTable::HashAdd:
S-1-5-21-1653384031-3508051079-812977905-500 added in bucket 6
USERENV(1ac.1d8) 18:42:56:375 LoadUserProfile: Wait succeeded.
In critical section.
USERENV(1ac.1d8) 18:42:56:390 TestIfUserProfileLoaded: Profile
already loaded.
USERENV(1ac.1d8) 18:42:56:390 LoadUserClasses: classes hive
already loaded.
USERENV(1ac.1d8) 18:42:56:406 Profile Ref Count is 2
USERENV(1ac.1d8) 18:42:56:406 LoadUserProfile: Leaving critical
Section.
USERENV(1ac.1d8) 18:42:56:406 CSyncManager::LeaveLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.1d8) 18:42:56:421 CSyncManager::LeaveLock: Lock
released
USERENV(1ac.1d8) 18:42:56:421 CHashTable::HashDelete:
S-1-5-21-1653384031-3508051079-812977905-500 deleted
USERENV(1ac.1d8) 18:42:56:421 CSyncManager::LeaveLock: Lock
deleted
USERENV(1ac.1d8) 18:42:56:437 LoadUserProfile: Impersonated
user: 00000928, 000007cc
USERENV(1ac.1d8) 18:42:56:437 LoadUserProfile: 002 About
Reverted to user: 000007cc
USERENV(1ac.1d8) 18:42:56:437 LoadUserProfile: 003 About
Reverted back to user <00000000>
USERENV(1ac.1d8) 18:42:56:453 LoadUserProfile: Leaving with a
value of 1.
USERENV(1ac.1d8) 18:42:56:453
================================================== =======
USERENV(1ac.1d8) 18:42:56:453 LoadUserProfileI: returning 0
USERENV(72c.814) 18:42:56:468 LoadUserProfile: Running as self
USERENV(72c.814) 18:42:56:500 LoadUserProfile: Calling
LoadUserProfileI (as user) succeeded
USERENV(72c.814) 18:42:56:531 LoadUserProfile: Returning
success. Final Information follows:
USERENV(72c.814) 18:42:56:546 lpProfileInfo->UserName =
<Administrator>
USERENV(72c.814) 18:42:56:546 lpProfileInfo->lpProfilePath =
<(null)>
USERENV(72c.814) 18:42:56:562 lpProfileInfo->dwFlags = 0x1
USERENV(1ac.b34) 18:42:56:562 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.b34) 18:42:56:562 ReleaseClientContext: Releasing
context
USERENV(1ac.b34) 18:42:56:562 ReleaseClientContext_s: Releasing
context
USERENV(1ac.b34) 18:42:56:578 MIDL_user_free enter
USERENV(72c.814) 18:42:56:578 ReleaseInterface: Releasing rpc
binding handle
USERENV(72c.814) 18:42:56:578 LoadUserProfile: Returning TRUE.
hProfile = <0xec>
USERENV(72c.814) 18:42:56:609 UnloadUserProfile: Entering,
hProfile = <0xec>
USERENV(72c.814) 18:42:56:625 UnloadUserProfile: no thread token
found, impersonating self.
USERENV(72c.814) 18:42:56:625 GetInterface: Returning rpc
binding handle
USERENV(1ac.e18) 18:42:56:640 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.e18) 18:42:56:656 DropClientContext: Got client
token 00000144, sid = S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1ac.e18) 18:42:56:656 MIDL_user_allocate enter
USERENV(1ac.e18) 18:42:56:656 DropClientContext: load profile
object successfully made
USERENV(1ac.e18) 18:42:56:671 DropClientContext: Returning 0
USERENV(72c.814) 18:42:56:671 UnLoadUserProfile: Calling
DropClientToken (as self) succeeded
USERENV(1ac.1d8) 18:42:56:687 IProfileSecurityCallBack: client
authenticated.
USERENV(1ac.1d8) 18:42:56:687 UnloadUserProfileP: Entering,
hProfile = <0x6cc>
USERENV(1ac.1d8) 18:42:56:687 UnloadUserProfileP:
ImpersonateUser <00000144>, old token is <00000000>
USERENV(1ac.1d8) 18:42:56:718 GetExclusionListFromRegistry:
Policy list is empty, returning user list = <Local Settings;Temporary
Internet Files;History;Temp;Local Settings\Application
Data\Microsoft\Outlook>
USERENV(1ac.1d8) 18:42:56:734 CSyncManager::EnterLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(510.5e0) 18:42:56:718 LibMain: Process Name: F:\Program
Files\Google\Google Talk\googletalk.exe
USERENV(1ac.1d8) 18:42:56:734 CSyncManager::EnterLock: No
existing entry found
USERENV(1ac.1d8) 18:42:56:734 CSyncManager::EnterLock: New entry
created
USERENV(1ac.1d8) 18:42:56:750 CHashTable::HashAdd:
S-1-5-21-1653384031-3508051079-812977905-500 added in bucket 6
USERENV(1ac.1d8) 18:42:56:750 UnloadUserProfileP: Wait
succeeded. In critical section.
USERENV(1ac.1d8) 18:42:57:781 UnloadUserProfileP: Didn't unload
user profile, Ref Count is 1
USERENV(1ac.1d8) 18:42:57:843 UnloadUserProfileP: About Reverted
back to user <00000000>
USERENV(1ac.1d8) 18:42:57:843 CSyncManager::LeaveLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1ac.1d8) 18:42:57:843 CSyncManager::LeaveLock: Lock
released
USERENV(1ac.1d8) 18:42:57:843 CHashTable::HashDelete:
S-1-5-21-1653384031-3508051079-812977905-500 deleted
USERENV(c34.9b0) 18:42:57:843 LibMain: Process Name: F:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
USERENV(1ac.1d8) 18:42:57:843 CSyncManager::LeaveLock: Lock
deleted
USERENV(1ac.1d8) 18:42:57:843 UnloadUserProfileP: Leave critical
section.
USERENV(1ac.1d8) 18:42:57:843 UnloadUserProfileP: Leaving with a
return value of 1
USERENV(c34.9b0) 18:42:57:843 ImpersonateUser: Failed to
impersonate user with 5.
USERENV(1ac.1d8) 18:42:57:859 UnloadUserProfileI: returning 0
USERENV(72c.814) 18:42:57:859 UnloadUserProfile: Calling
UnloadUserProfileI succeeded
USERENV(1ac.b34) 18:42:57:859 IProfileSecurityCallBack: client
authenticated.
USERENV(c34.9b0) 18:42:57:859 GetUserNameAndDomain Failed to
impersonate user
USERENV(1ac.b34) 18:42:57:875 ReleaseClientContext: Releasing
context
USERENV(1ac.b34) 18:42:57:875 ReleaseClientContext_s: Releasing
context
USERENV(c34.9b0) 18:42:57:875 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(1ac.b34) 18:42:57:875 MIDL_user_free enter
USERENV(72c.814) 18:42:57:875 ReleaseInterface: Releasing rpc
binding handle
USERENV(72c.814) 18:42:57:890 UnloadUserProfile: returning 1
USERENV(c34.9b0) 18:42:58:171 ImpersonateUser: Failed to
impersonate user with 5.
USERENV(c34.9b0) 18:42:58:234 GetUserNameAndDomain Failed to
impersonate user
USERENV(c34.9b0) 18:42:58:234 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(c34.9b0) 18:42:58:265 ImpersonateUser: Failed to
impersonate user with 5.
USERENV(c34.9b0) 18:42:58:281 GetUserNameAndDomain Failed to
impersonate user
USERENV(c34.9b0) 18:42:58:281 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(928.d10) 18:42:59:562 LibMain: Process Name: F:\Program
Files\Onfolio\onfserv.exe
USERENV(928.d10) 18:42:59:578 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(928.d10) 18:42:59:609 GetUserDNSDomainName: Computer is
running standalone. No DNS domain name available.
USERENV(d94.e30) 18:43:00:406 LibMain: Process Name: F:\Program
Files\Windows Desktop Search\WindowsSearch.exe
USERENV(7f0.478) 18:43:03:250 LibMain: Process Name:
F:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(9f4.ac4) 18:45:22:656 GetProfileType: Profile already
loaded.
USERENV(9f4.ac4) 18:45:22:671 GetProfileType: ProfileFlags is 0
USERENV(9f4.ac4) 18:45:23:015 GetProfileType: Profile already
loaded.
USERENV(9f4.ac4) 18:45:23:015 GetProfileType: ProfileFlags is 0
 
Reply With Quote
 
 
 
 
Phil C.
Guest
Posts: n/a

 
      05-01-2007
I tried logging in this morning and got "Windows cannot load the locally
stored profile".
This time, the userenv.log shows exactly what is happening, but I cannot
interpret it:

[Key section from log below: USERENV(1c8.1cc) 05:34:39:015 MyRegLoadKey:
Failed to load subkey <S-1-5-21-1653384031-3508051079-812977905-500>, error
=32
USERENV(1c8.1cc) 05:34:39:015 MyRegLoadKey: Returning 00000020
USERENV(1c8.1cc) 05:34:39:062 RestoreUserProfile: MyRegLoadKey returned
FALSE.
USERENV(1c8.1cc) 05:34:39:062 ReportError: Impersonating user.
USERENV(1c8.1cc) 05:34:39:125 ReportError: Logging Error <Windows cannot
load the locally stored profile. Possible causes of this error include
insufficient security rights or a corrupt local profile. If this problem
persists, contact your network administrator.
DETAIL - The process cannot access the file because it is being used by
another process.
> ]
************************************************** ************
full text of userenv.log:
************************************************** ************

USERENV(1c8.1cc) 05:34:23:484 InitializePolicyProcessing: Initialised
Machine Mutex/Events
USERENV(1c8.1cc) 05:34:23:500 InitializePolicyProcessing: Initialised User
Mutex/Events
USERENV(1c8.1cc) 05:34:23:500 LibMain: Process Name:
\??\F:\WINDOWS\system32\winlogon.exe
USERENV(1c8.1cc) 05:34:23:609 Entering CUserProfile::Initialize ...
USERENV(1c8.1cc) 05:34:23:609 CUserProfile::Initialize called by winlogon
USERENV(1c8.1cc) 05:34:23:609 CUserProfile::Initialize: critical section
initialized
USERENV(1c8.1cc) 05:34:23:609 CSyncManager::Initialize: critical section
initialized
USERENV(1c8.1cc) 05:34:23:609 CUserProfile::Initialize: registry key
Software\Microsoft\Windows NT\CurrentVersion\ProfileList opened
USERENV(1c8.1cc) 05:34:23:609 CUserProfile::Initialize: Proccessing
S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1c8.1cc) 05:34:23:609 CSyncManager::EnterLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1c8.1cc) 05:34:23:609 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1cc) 05:34:23:609 CSyncManager::EnterLock: New entry created
USERENV(1c8.1cc) 05:34:23:609 CHashTable::HashAdd:
S-1-5-21-1653384031-3508051079-812977905-500 added in bucket 6
USERENV(1c8.1cc) 05:34:23:609 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(1c8.1cc) 05:34:23:609 CUserProfile::GetRefCountAndFlags: Ref count
is 0, state is 00000100
USERENV(1c8.1cc) 05:34:23:609 CSyncManager::LeaveLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1c8.1cc) 05:34:23:609 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1cc) 05:34:23:609 CHashTable::HashDelete:
S-1-5-21-1653384031-3508051079-812977905-500 deleted
USERENV(1c8.1cc) 05:34:23:609 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1cc) 05:34:23:609 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(1c8.1cc) 05:34:23:609 CUserProfile::Initialize: Proccessing S-1-5-20
USERENV(1c8.1cc) 05:34:23:609 CSyncManager::EnterLock <S-1-5-20>
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::EnterLock: New entry created
USERENV(1c8.1cc) 05:34:23:625 CHashTable::HashAdd: S-1-5-20 added in bucket
4
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::GetRefCountAndFlags: Ref count
is 3, state is 00000000
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock <S-1-5-20>
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1cc) 05:34:23:625 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::Initialize: Proccessing S-1-5-19
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::EnterLock <S-1-5-19>
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::EnterLock: New entry created
USERENV(1c8.1cc) 05:34:23:625 CHashTable::HashAdd: S-1-5-19 added in bucket
12
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::GetRefCountAndFlags: Ref count
is 3, state is 00000000
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock <S-1-5-19>
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1cc) 05:34:23:625 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::Initialize: Proccessing S-1-5-18
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::EnterLock <S-1-5-18>
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::EnterLock: New entry created
USERENV(1c8.1cc) 05:34:23:625 CHashTable::HashAdd: S-1-5-18 added in bucket
11
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Enter
critical section.
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::GetRefCountAndFlags: Ref count
is 1, state is 00000000
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock <S-1-5-18>
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1cc) 05:34:23:625 CHashTable::HashDelete: S-1-5-18 deleted
USERENV(1c8.1cc) 05:34:23:625 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::CleanupUserProfile: Leave
critical section
USERENV(1c8.1cc) 05:34:23:625 CUserProfile::Initialize:
RpcServerRegisterIfEx successful
USERENV(1c8.1cc) 05:34:23:625 Exiting CUserProfile::Initialize, successful
USERENV(204.208) 05:34:23:718 LibMain: Process Name:
F:\WINDOWS\system32\lsass.exe
USERENV(1f8.1fc) 05:34:23:765 LibMain: Process Name:
F:\WINDOWS\system32\services.exe
USERENV(1c8.1cc) 05:34:23:796 IsSyncForegroundPolicyRefresh: Synchronous,
Reason: policy set to SYNC
USERENV(204.208) 05:34:23:828 LibMain: Process Name:
F:\WINDOWS\system32\lsass.exe
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1f8.1fc) 05:34:24:171
================================================== =======
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: Entering, hToken = <0x324>,
lpProfileInfo = 0x6fce4
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: NULL central profile path
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: NULL default profile path
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: NULL server name
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.1fc) 05:34:24:171 GetInterface: Returning rpc binding handle
USERENV(1c8.2f4) 05:34:24:171 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:24:171 DropClientContext: Got client token 000003DC,
sid = S-1-5-18
USERENV(1c8.2f4) 05:34:24:171 MIDL_user_allocate enter
USERENV(1c8.2f4) 05:34:24:171 DropClientContext: load profile object
successfully made
USERENV(1c8.2f4) 05:34:24:171 DropClientContext: Returning 0
USERENV(1f8.1fc) 05:34:24:171 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.1e4) 05:34:24:171 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:24:187 In LoadUserProfileP
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: Running as client, sid =
S-1-5-18
USERENV(1c8.1e4) 05:34:24:187
================================================== =======
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: Entering, hToken = <0x3e4>,
lpProfileInfo = 0xac67c8
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: NULL central profile path
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: NULL default profile path
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: NULL server name
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: User sid: S-1-5-20
USERENV(1c8.1e4) 05:34:24:187 CSyncManager::EnterLock <S-1-5-20>
USERENV(1c8.1e4) 05:34:24:187 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1e4) 05:34:24:187 CSyncManager::EnterLock: New entry created
USERENV(1c8.1e4) 05:34:24:187 CHashTable::HashAdd: S-1-5-20 added in bucket
4
USERENV(1c8.1e4) 05:34:24:187 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.1e4) 05:34:24:187 TestIfUserProfileLoaded: return with error 2.
USERENV(1c8.1e4) 05:34:24:187 RestoreUserProfile: Entering
USERENV(1c8.1e4) 05:34:24:187 IsCentralProfileReachable: Entering
USERENV(1c8.1e4) 05:34:24:187 IsCentralProfileReachable: Null path.
Leaving
USERENV(1c8.1e4) 05:34:24:187 RestoreUserProfile: Profile path = <>
USERENV(1c8.1e4) 05:34:24:187 ExtractProfileFromBackup: A profile already
exists
USERENV(1c8.1e4) 05:34:24:187 PatchNewProfileIfRequred: A profile already
exists with the current sid, exitting
USERENV(1c8.1e4) 05:34:24:187 CreateLocalProfileKey: user <S-1-5-20> is
local, not setting preference key
USERENV(1c8.1e4) 05:34:24:187 GetExistingLocalProfileImage: Found entry in
profile list for existing local profile
USERENV(1c8.1e4) 05:34:24:187 GetExistingLocalProfileImage: Local profile
image filename = <%SystemDrive%\Documents and Settings\NetworkService>
USERENV(1c8.1e4) 05:34:24:187 GetExistingLocalProfileImage: Expanded local
profile image filename = <F:\Documents and Settings\NetworkService>
USERENV(1c8.1e4) 05:34:24:187 GetExistingLocalProfileImage: No local
mandatory profile. Error = 2
USERENV(1c8.1e4) 05:34:24:187 GetExistingLocalProfileImage: Found local
profile image file ok <F:\Documents and Settings\NetworkService\ntuser.dat>
USERENV(1c8.1e4) 05:34:24:187 GetExistingLocalProfileImage: Failed to query
low profile unload time with error 2
USERENV(1c8.1e4) 05:34:24:187 Local Existing Profile Image is reachable
USERENV(1c8.1e4) 05:34:24:187 Local profile name is <F:\Documents and
Settings\NetworkService>
USERENV(1c8.1e4) 05:34:24:187 RestoreUserProfile: No central profile.
Attempting to load local profile.
USERENV(1c8.1e4) 05:34:24:187 MyRegLoadKey: Returning 00000000
USERENV(1c8.1e4) 05:34:24:187 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(1c8.1e4) 05:34:24:218 MyRegLoadKeyEx: Loading key
<S-1-5-20_Classes>
USERENV(1c8.1e4) 05:34:24:218 MyRegLoadKeyEx: Successfully loaded
<S-1-5-20_Classes>
USERENV(1c8.1e4) 05:34:24:218 CreateClassHive: existing user classes hive
found
USERENV(1c8.1e4) 05:34:24:218 RestoreUserProfile: About to Leave. Final
Information follows:
USERENV(1c8.1e4) 05:34:24:218 Profile was successfully loaded.
USERENV(1c8.1e4) 05:34:24:218 lpProfile->lpRoamingProfile = <>
USERENV(1c8.1e4) 05:34:24:218 lpProfile->lpLocalProfile = <F:\Documents and
Settings\NetworkService>
USERENV(1c8.1e4) 05:34:24:218 lpProfile->dwInternalFlags = 0x0
USERENV(1c8.1e4) 05:34:24:218 RestoreUserProfile: Leaving.
USERENV(1c8.1e4) 05:34:24:218 UpgradeProfile: Entering
USERENV(1c8.1e4) 05:34:24:218 UpgradeProfile: Build numbers match
USERENV(1c8.1e4) 05:34:24:218 UpgradeProfile: Leaving Successfully
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(AppData) : <%USERPROFILE%\Application Data> expanded to <F:\Documents
and Settings\NetworkService\Application Data>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Cookies) : <%USERPROFILE%\Cookies> expanded to <F:\Documents and
Settings\NetworkService\Cookies>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Desktop) : <%USERPROFILE%\Desktop> expanded to <F:\Documents and
Settings\NetworkService\Desktop>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Favorites) : <%USERPROFILE%\Favorites> expanded to <F:\Documents and
Settings\NetworkService\Favorites>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(NetHood) : <%USERPROFILE%\NetHood> expanded to <F:\Documents and
Settings\NetworkService\NetHood>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Personal) : <%USERPROFILE%\My Documents> expanded to <F:\Documents
and Settings\NetworkService\My Documents>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(PrintHood) : <%USERPROFILE%\PrintHood> expanded to <F:\Documents and
Settings\NetworkService\PrintHood>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Recent) : <%USERPROFILE%\Recent> expanded to <F:\Documents and
Settings\NetworkService\Recent>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(SendTo) : <%USERPROFILE%\SendTo> expanded to <F:\Documents and
Settings\NetworkService\SendTo>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell Folder(Start
Menu) : <%USERPROFILE%\Start Menu> expanded to <F:\Documents and
Settings\NetworkService\Start Menu>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Templates) : <%USERPROFILE%\Templates> expanded to <F:\Documents and
Settings\NetworkService\Templates>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Programs) : <%USERPROFILE%\Start Menu\Programs> expanded to
<F:\Documents and Settings\NetworkService\Start Menu\Programs>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Startup) : <%USERPROFILE%\Start Menu\Programs\Startup> expanded to
<F:\Documents and Settings\NetworkService\Start Menu\Programs\Startup>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell Folder(Local
Settings) : <%USERPROFILE%\Local Settings> expanded to <F:\Documents and
Settings\NetworkService\Local Settings>.
USERENV(1c8.1e4) 05:34:24:218 GetProfileType: Profile already loaded.
USERENV(1c8.1e4) 05:34:24:218 LoadProfileInfo: Failed to query central
profile with error 2
USERENV(1c8.1e4) 05:34:24:218 GetProfileType: ProfileFlags is 0
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell Folder(Local
AppData) : <%USERPROFILE%\Local Settings\Application Data> expanded to
<F:\Documents and Settings\NetworkService\Local Settings\Application Data>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(Cache) : <%USERPROFILE%\Local Settings\Temporary Internet Files>
expanded to <F:\Documents and Settings\NetworkService\Local
Settings\Temporary Internet Files>.
USERENV(1c8.1e4) 05:34:24:218 PrepareProfileForUse: User Shell
Folder(History) : <%USERPROFILE%\Local Settings\History> expanded to
<F:\Documents and Settings\NetworkService\Local Settings\History>.
USERENV(1c8.1e4) 05:34:24:218 Profile Ref Count is 1
USERENV(1c8.1e4) 05:34:24:218 LoadUserProfile: Leaving critical Section.
USERENV(1c8.1e4) 05:34:24:218 CSyncManager::LeaveLock <S-1-5-20>
USERENV(1c8.1e4) 05:34:24:218 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1e4) 05:34:24:218 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(1c8.1e4) 05:34:24:218 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1e4) 05:34:24:218 LoadUserProfile: Impersonated user: 000003e4,
000003f8
USERENV(204.24c) 05:34:24:218 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(204.24c) 05:34:24:218 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(1c8.1e4) 05:34:24:250 LoadUserProfile: 002 About Reverted to user:
000003f8
USERENV(1c8.1e4) 05:34:24:250 LoadUserProfile: 003 About Reverted back to
user <00000000>
USERENV(1c8.1e4) 05:34:24:250 LoadUserProfile: Leaving with a value of 1.
USERENV(1c8.1e4) 05:34:24:250
================================================== =======
USERENV(1c8.1e4) 05:34:24:250 LoadUserProfileI: returning 0
USERENV(1f8.1fc) 05:34:24:250 LoadUserProfile: Running as self
USERENV(1f8.1fc) 05:34:24:250 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(1f8.1fc) 05:34:24:250 LoadUserProfile: Returning success. Final
Information follows:
USERENV(1f8.1fc) 05:34:24:250 lpProfileInfo->UserName = <NetworkService>
USERENV(1f8.1fc) 05:34:24:250 lpProfileInfo->lpProfilePath = <(null)>
USERENV(1f8.1fc) 05:34:24:250 lpProfileInfo->dwFlags = 0x9
USERENV(1c8.2f4) 05:34:24:250 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:24:250 ReleaseClientContext: Releasing context
USERENV(1c8.2f4) 05:34:24:250 ReleaseClientContext_s: Releasing context
USERENV(1c8.2f4) 05:34:24:250 MIDL_user_free enter
USERENV(1f8.1fc) 05:34:24:250 ReleaseInterface: Releasing rpc binding handle
USERENV(1f8.1fc) 05:34:24:250 LoadUserProfile: Returning TRUE. hProfile =
<0x340>
USERENV(1f8.1fc) 05:34:24:250 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(340.344) 05:34:24:359 LibMain: Process Name: F:\Program
Files\Windows Defender\MsMpEng.exe
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1f8.1fc) 05:34:24:406
================================================== =======
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: Entering, hToken = <0x370>,
lpProfileInfo = 0x6fce4
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: NULL central profile path
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: NULL default profile path
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: NULL server name
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.1fc) 05:34:24:406 GetInterface: Returning rpc binding handle
USERENV(1c8.1e4) 05:34:24:406 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:24:406 DropClientContext: Got client token 000006D0,
sid = S-1-5-18
USERENV(1c8.1e4) 05:34:24:406 MIDL_user_allocate enter
USERENV(1c8.1e4) 05:34:24:406 DropClientContext: load profile object
successfully made
USERENV(1c8.1e4) 05:34:24:406 DropClientContext: Returning 0
USERENV(1f8.1fc) 05:34:24:406 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.2f4) 05:34:24:406 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:24:406 In LoadUserProfileP
USERENV(1c8.2f4) 05:34:24:406 LoadUserProfile: Running as client, sid =
S-1-5-18
USERENV(1c8.2f4) 05:34:24:406
================================================== =======
USERENV(1c8.2f4) 05:34:24:406 LoadUserProfile: Entering, hToken = <0x6d4>,
lpProfileInfo = 0xac80d0
USERENV(1c8.2f4) 05:34:24:406 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1c8.2f4) 05:34:24:406 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1c8.2f4) 05:34:24:406 LoadUserProfile: NULL central profile path
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: NULL default profile path
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: NULL server name
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: User sid: S-1-5-20
USERENV(1c8.2f4) 05:34:24:421 CSyncManager::EnterLock <S-1-5-20>
USERENV(1c8.2f4) 05:34:24:421 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.2f4) 05:34:24:421 CSyncManager::EnterLock: New entry created
USERENV(1c8.2f4) 05:34:24:421 CHashTable::HashAdd: S-1-5-20 added in bucket
4
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.2f4) 05:34:24:421 TestIfUserProfileLoaded: Profile already
loaded.
USERENV(1c8.2f4) 05:34:24:421 LoadUserClasses: classes hive already loaded.
USERENV(1c8.2f4) 05:34:24:421 Profile Ref Count is 2
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: Leaving critical Section.
USERENV(1c8.2f4) 05:34:24:421 CSyncManager::LeaveLock <S-1-5-20>
USERENV(1c8.2f4) 05:34:24:421 CSyncManager::LeaveLock: Lock released
USERENV(1c8.2f4) 05:34:24:421 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(1c8.2f4) 05:34:24:421 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: Impersonated user: 000006d4,
000006dc
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: 002 About Reverted to user:
000006dc
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: 003 About Reverted back to
user <00000000>
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfile: Leaving with a value of 1.
USERENV(1c8.2f4) 05:34:24:421
================================================== =======
USERENV(1c8.2f4) 05:34:24:421 LoadUserProfileI: returning 0
USERENV(1f8.1fc) 05:34:24:421 LoadUserProfile: Running as self
USERENV(1f8.1fc) 05:34:24:421 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(1f8.1fc) 05:34:24:421 LoadUserProfile: Returning success. Final
Information follows:
USERENV(1f8.1fc) 05:34:24:421 lpProfileInfo->UserName = <NetworkService>
USERENV(1f8.1fc) 05:34:24:421 lpProfileInfo->lpProfilePath = <(null)>
USERENV(1f8.1fc) 05:34:24:421 lpProfileInfo->dwFlags = 0x9
USERENV(1c8.1e4) 05:34:24:421 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:24:421 ReleaseClientContext: Releasing context
USERENV(1c8.1e4) 05:34:24:421 ReleaseClientContext_s: Releasing context
USERENV(1c8.1e4) 05:34:24:421 MIDL_user_free enter
USERENV(1f8.1fc) 05:34:24:421 ReleaseInterface: Releasing rpc binding handle
USERENV(1f8.1fc) 05:34:24:421 LoadUserProfile: Returning TRUE. hProfile =
<0x360>
USERENV(1f8.1fc) 05:34:24:421 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1f8.1fc) 05:34:24:437
================================================== =======
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: Entering, hToken = <0x36c>,
lpProfileInfo = 0x6fce4
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: NULL central profile path
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: NULL default profile path
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: NULL server name
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.1fc) 05:34:24:437 GetInterface: Returning rpc binding handle
USERENV(1c8.2f4) 05:34:24:437 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:24:437 DropClientContext: Got client token 000006D0,
sid = S-1-5-18
USERENV(1c8.2f4) 05:34:24:437 MIDL_user_allocate enter
USERENV(1c8.2f4) 05:34:24:437 DropClientContext: load profile object
successfully made
USERENV(1c8.2f4) 05:34:24:437 DropClientContext: Returning 0
USERENV(1f8.1fc) 05:34:24:437 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.1e4) 05:34:24:437 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:24:437 In LoadUserProfileP
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: Running as client, sid =
S-1-5-18
USERENV(1c8.1e4) 05:34:24:453
================================================== =======
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: Entering, hToken = <0x6d4>,
lpProfileInfo = 0xac9e30
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: NULL central profile path
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: NULL default profile path
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: NULL server name
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: User sid: S-1-5-19
USERENV(1c8.1e4) 05:34:24:453 CSyncManager::EnterLock <S-1-5-19>
USERENV(1c8.1e4) 05:34:24:453 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1e4) 05:34:24:453 CSyncManager::EnterLock: New entry created
USERENV(1c8.1e4) 05:34:24:453 CHashTable::HashAdd: S-1-5-19 added in bucket
12
USERENV(1c8.1e4) 05:34:24:453 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.1e4) 05:34:24:453 TestIfUserProfileLoaded: return with error 2.
USERENV(1c8.1e4) 05:34:24:453 RestoreUserProfile: Entering
USERENV(1c8.1e4) 05:34:24:453 IsCentralProfileReachable: Entering
USERENV(1c8.1e4) 05:34:24:453 IsCentralProfileReachable: Null path.
Leaving
USERENV(1c8.1e4) 05:34:24:453 RestoreUserProfile: Profile path = <>
USERENV(1c8.1e4) 05:34:24:453 ExtractProfileFromBackup: A profile already
exists
USERENV(1c8.1e4) 05:34:24:453 PatchNewProfileIfRequred: A profile already
exists with the current sid, exitting
USERENV(1c8.1e4) 05:34:24:453 CreateLocalProfileKey: user <S-1-5-19> is
local, not setting preference key
USERENV(1c8.1e4) 05:34:24:453 GetExistingLocalProfileImage: Found entry in
profile list for existing local profile
USERENV(1c8.1e4) 05:34:24:453 GetExistingLocalProfileImage: Local profile
image filename = <%SystemDrive%\Documents and Settings\LocalService>
USERENV(1c8.1e4) 05:34:24:453 GetExistingLocalProfileImage: Expanded local
profile image filename = <F:\Documents and Settings\LocalService>
USERENV(1c8.1e4) 05:34:24:453 GetExistingLocalProfileImage: No local
mandatory profile. Error = 2
USERENV(1c8.1e4) 05:34:24:453 GetExistingLocalProfileImage: Found local
profile image file ok <F:\Documents and Settings\LocalService\ntuser.dat>
USERENV(1c8.1e4) 05:34:24:453 GetExistingLocalProfileImage: Failed to query
low profile unload time with error 2
USERENV(1c8.1e4) 05:34:24:453 Local Existing Profile Image is reachable
USERENV(1c8.1e4) 05:34:24:453 Local profile name is <F:\Documents and
Settings\LocalService>
USERENV(1c8.1e4) 05:34:24:453 RestoreUserProfile: No central profile.
Attempting to load local profile.
USERENV(1c8.1e4) 05:34:24:453 MyRegLoadKey: Returning 00000000
USERENV(1c8.1e4) 05:34:24:453 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(1c8.1e4) 05:34:24:453 MyRegLoadKeyEx: Loading key
<S-1-5-19_Classes>
USERENV(1c8.1e4) 05:34:24:453 MyRegLoadKeyEx: Successfully loaded
<S-1-5-19_Classes>
USERENV(1c8.1e4) 05:34:24:453 CreateClassHive: existing user classes hive
found
USERENV(1c8.1e4) 05:34:24:453 RestoreUserProfile: About to Leave. Final
Information follows:
USERENV(1c8.1e4) 05:34:24:453 Profile was successfully loaded.
USERENV(1c8.1e4) 05:34:24:453 lpProfile->lpRoamingProfile = <>
USERENV(1c8.1e4) 05:34:24:453 lpProfile->lpLocalProfile = <F:\Documents and
Settings\LocalService>
USERENV(1c8.1e4) 05:34:24:453 lpProfile->dwInternalFlags = 0x0
USERENV(1c8.1e4) 05:34:24:453 RestoreUserProfile: Leaving.
USERENV(1c8.1e4) 05:34:24:453 UpgradeProfile: Entering
USERENV(1c8.1e4) 05:34:24:453 UpgradeProfile: Build numbers match
USERENV(1c8.1e4) 05:34:24:453 UpgradeProfile: Leaving Successfully
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(AppData) : <%USERPROFILE%\Application Data> expanded to <F:\Documents
and Settings\LocalService\Application Data>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(Cookies) : <%USERPROFILE%\Cookies> expanded to <F:\Documents and
Settings\LocalService\Cookies>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(Desktop) : <%USERPROFILE%\Desktop> expanded to <F:\Documents and
Settings\LocalService\Desktop>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(Favorites) : <%USERPROFILE%\Favorites> expanded to <F:\Documents and
Settings\LocalService\Favorites>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(NetHood) : <%USERPROFILE%\NetHood> expanded to <F:\Documents and
Settings\LocalService\NetHood>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(Personal) : <%USERPROFILE%\My Documents> expanded to <F:\Documents
and Settings\LocalService\My Documents>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(PrintHood) : <%USERPROFILE%\PrintHood> expanded to <F:\Documents and
Settings\LocalService\PrintHood>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(Recent) : <%USERPROFILE%\Recent> expanded to <F:\Documents and
Settings\LocalService\Recent>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(SendTo) : <%USERPROFILE%\SendTo> expanded to <F:\Documents and
Settings\LocalService\SendTo>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell Folder(Start
Menu) : <%USERPROFILE%\Start Menu> expanded to <F:\Documents and
Settings\LocalService\Start Menu>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(Templates) : <%USERPROFILE%\Templates> expanded to <F:\Documents and
Settings\LocalService\Templates>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(Programs) : <%USERPROFILE%\Start Menu\Programs> expanded to
<F:\Documents and Settings\LocalService\Start Menu\Programs>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell
Folder(Startup) : <%USERPROFILE%\Start Menu\Programs\Startup> expanded to
<F:\Documents and Settings\LocalService\Start Menu\Programs\Startup>.
USERENV(1c8.1e4) 05:34:24:453 PrepareProfileForUse: User Shell Folder(Local
Settings) : <%USERPROFILE%\Local Settings> expanded to <F:\Documents and
Settings\LocalService\Local Settings>.
USERENV(1c8.1e4) 05:34:24:453 GetProfileType: Profile already loaded.
USERENV(1c8.1e4) 05:34:24:453 LoadProfileInfo: Failed to query central
profile with error 2
USERENV(1c8.1e4) 05:34:24:453 GetProfileType: ProfileFlags is 0
USERENV(1c8.1e4) 05:34:24:468 PrepareProfileForUse: User Shell Folder(Local
AppData) : <%USERPROFILE%\Local Settings\Application Data> expanded to
<F:\Documents and Settings\LocalService\Local Settings\Application Data>.
USERENV(1c8.1e4) 05:34:24:468 PrepareProfileForUse: User Shell
Folder(Cache) : <%USERPROFILE%\Local Settings\Temporary Internet Files>
expanded to <F:\Documents and Settings\LocalService\Local Settings\Temporary
Internet Files>.
USERENV(1c8.1e4) 05:34:24:468 PrepareProfileForUse: User Shell
Folder(History) : <%USERPROFILE%\Local Settings\History> expanded to
<F:\Documents and Settings\LocalService\Local Settings\History>.
USERENV(1c8.1e4) 05:34:24:468 Profile Ref Count is 1
USERENV(1c8.1e4) 05:34:24:468 LoadUserProfile: Leaving critical Section.
USERENV(1c8.1e4) 05:34:24:468 CSyncManager::LeaveLock <S-1-5-19>
USERENV(1c8.1e4) 05:34:24:468 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1e4) 05:34:24:468 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(1c8.1e4) 05:34:24:468 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1e4) 05:34:24:468 LoadUserProfile: Impersonated user: 000006d4,
000006e0
USERENV(204.298) 05:34:24:468 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(204.298) 05:34:24:468 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(1c8.1e4) 05:34:24:484 LoadUserProfile: 002 About Reverted to user:
000006e0
USERENV(1c8.1e4) 05:34:24:484 LoadUserProfile: 003 About Reverted back to
user <00000000>
USERENV(1c8.1e4) 05:34:24:484 LoadUserProfile: Leaving with a value of 1.
USERENV(1c8.1e4) 05:34:24:484
================================================== =======
USERENV(1c8.1e4) 05:34:24:484 LoadUserProfileI: returning 0
USERENV(1f8.1fc) 05:34:24:484 LoadUserProfile: Running as self
USERENV(1f8.1fc) 05:34:24:484 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(1f8.1fc) 05:34:24:484 LoadUserProfile: Returning success. Final
Information follows:
USERENV(1f8.1fc) 05:34:24:484 lpProfileInfo->UserName = <LocalService>
USERENV(1f8.1fc) 05:34:24:484 lpProfileInfo->lpProfilePath = <(null)>
USERENV(1f8.1fc) 05:34:24:484 lpProfileInfo->dwFlags = 0x9
USERENV(1c8.2f4) 05:34:24:484 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:24:484 ReleaseClientContext: Releasing context
USERENV(1c8.2f4) 05:34:24:484 ReleaseClientContext_s: Releasing context
USERENV(1c8.2f4) 05:34:24:484 MIDL_user_free enter
USERENV(1f8.1fc) 05:34:24:484 ReleaseInterface: Releasing rpc binding handle
USERENV(1f8.1fc) 05:34:24:484 LoadUserProfile: Returning TRUE. hProfile =
<0x398>
USERENV(1f8.1fc) 05:34:24:484 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(340.364) 05:34:24:562 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(36c.41c) 05:34:24:750 LibMain: Process Name:
F:\WINDOWS\System32\svchost.exe
USERENV(1f8.1fc) 05:34:28:140 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1f8.1fc) 05:34:28:140
================================================== =======
USERENV(1f8.1fc) 05:34:28:140 LoadUserProfile: Entering, hToken = <0x3c0>,
lpProfileInfo = 0x6fce4
USERENV(1f8.1fc) 05:34:28:140 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1f8.1fc) 05:34:28:140 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1f8.1fc) 05:34:28:140 LoadUserProfile: NULL central profile path
USERENV(1f8.1fc) 05:34:28:140 LoadUserProfile: NULL default profile path
USERENV(1f8.1fc) 05:34:28:140 LoadUserProfile: NULL server name
USERENV(1f8.1fc) 05:34:28:140 LoadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.1fc) 05:34:28:140 GetInterface: Returning rpc binding handle
USERENV(1c8.2f4) 05:34:28:156 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:28:156 DropClientContext: Got client token 000006D4,
sid = S-1-5-18
USERENV(1c8.2f4) 05:34:28:156 MIDL_user_allocate enter
USERENV(1c8.2f4) 05:34:28:156 DropClientContext: load profile object
successfully made
USERENV(1c8.2f4) 05:34:28:156 DropClientContext: Returning 0
USERENV(1f8.1fc) 05:34:28:156 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.1e4) 05:34:28:156 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:28:156 In LoadUserProfileP
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: Running as client, sid =
S-1-5-18
USERENV(1c8.1e4) 05:34:28:156
================================================== =======
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: Entering, hToken = <0x6d8>,
lpProfileInfo = 0xac80d0
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: NULL central profile path
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: NULL default profile path
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: NULL server name
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: User sid: S-1-5-20
USERENV(1c8.1e4) 05:34:28:156 CSyncManager::EnterLock <S-1-5-20>
USERENV(1c8.1e4) 05:34:28:156 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1e4) 05:34:28:156 CSyncManager::EnterLock: New entry created
USERENV(1c8.1e4) 05:34:28:156 CHashTable::HashAdd: S-1-5-20 added in bucket
4
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.1e4) 05:34:28:156 TestIfUserProfileLoaded: Profile already
loaded.
USERENV(1c8.1e4) 05:34:28:156 LoadUserClasses: classes hive already loaded.
USERENV(1c8.1e4) 05:34:28:156 Profile Ref Count is 3
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: Leaving critical Section.
USERENV(1c8.1e4) 05:34:28:156 CSyncManager::LeaveLock <S-1-5-20>
USERENV(1c8.1e4) 05:34:28:156 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1e4) 05:34:28:156 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(1c8.1e4) 05:34:28:156 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: Impersonated user: 000006d8,
000006dc
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: 002 About Reverted to user:
000006dc
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: 003 About Reverted back to
user <00000000>
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfile: Leaving with a value of 1.
USERENV(1c8.1e4) 05:34:28:156
================================================== =======
USERENV(1c8.1e4) 05:34:28:156 LoadUserProfileI: returning 0
USERENV(1f8.1fc) 05:34:28:156 LoadUserProfile: Running as self
USERENV(1f8.1fc) 05:34:28:156 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(1f8.1fc) 05:34:28:156 LoadUserProfile: Returning success. Final
Information follows:
USERENV(1f8.1fc) 05:34:28:156 lpProfileInfo->UserName = <NetworkService>
USERENV(1f8.1fc) 05:34:28:156 lpProfileInfo->lpProfilePath = <(null)>
USERENV(1f8.1fc) 05:34:28:156 lpProfileInfo->dwFlags = 0x9
USERENV(1c8.2f4) 05:34:28:156 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:28:156 ReleaseClientContext: Releasing context
USERENV(1c8.2f4) 05:34:28:156 ReleaseClientContext_s: Releasing context
USERENV(1c8.2f4) 05:34:28:156 MIDL_user_free enter
USERENV(1f8.1fc) 05:34:28:156 ReleaseInterface: Releasing rpc binding handle
USERENV(1f8.1fc) 05:34:28:156 LoadUserProfile: Returning TRUE. hProfile =
<0x3ac>
USERENV(1f8.1fc) 05:34:28:156 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(1c8.498) 05:34:28:218 IsSyncForegroundPolicyRefresh: Synchronous,
Reason: policy set to SYNC
USERENV(1c8.498) 05:34:28:218 ApplyGroupPolicy: Entering. Flags = 3
USERENV(1c8.498) 05:34:28:218 ApplyGroupPolicy: Duplicating handles
USERENV(1c8.498) 05:34:28:218 ProcessGPOs:
USERENV(1c8.498) 05:34:28:218 ProcessGPOs:
USERENV(1c8.498) 05:34:28:218 ProcessGPOs: Starting computer Group Policy
(Sync forground) processing...
USERENV(1c8.498) 05:34:28:218 ProcessGPOs:
USERENV(1c8.498) 05:34:28:218 ProcessGPOs:
USERENV(1c8.498) 05:34:28:218 EnterCriticalPolicySectionEx: Entering with
timeout 600000 and flags 0x0
USERENV(1c8.498) 05:34:28:218 EnterCriticalPolicySectionEx: Machine critical
section has been claimed. Handle = 0x750
USERENV(1c8.498) 05:34:28:218 EnterCriticalPolicySectionEx: Leaving
successfully.
USERENV(1c8.498) 05:34:28:218 ProcessGPOs: Machine role is 0.
USERENV(1c8.498) 05:34:28:218 ReadGPExtensions: Rsop entry point not found
for dskquota.dll.
USERENV(1c8.498) 05:34:28:218 ReadGPExtensions: Rsop entry point not found
for gptext.dll.
USERENV(1c8.498) 05:34:28:218 ReadGPExtensions: Rsop entry point not found
for iedkcs32.dll.
USERENV(1c8.498) 05:34:28:218 ReadGPExtensions: Rsop entry point not found
for F:\WINDOWS\System32\srchadmin.dll.
USERENV(1c8.498) 05:34:28:218 ReadGPExtensions: Rsop entry point not found
for scecli.dll.
USERENV(1c8.498) 05:34:28:218 ReadGPExtensions: Rsop entry point not found
for F:\WINDOWS\System32\cscui.dll.
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(1c8.498) 05:34:28:218 ReadStatus: Read Extension's Previous status
successfully.
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {7933F41E-56F8-41d6-A31C-4148A711EE93}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(1c8.498) 05:34:28:218 ReadStatus: Read Extension's Previous status
successfully.
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(1c8.498) 05:34:28:218 ReadExtStatus: Reading Previous Status for
extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(1c8.498) 05:34:28:218 ProcessGPOs: No site name defined. Skipping
site policy.
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: Calling GetGPOInfo for normal
policy mode
USERENV(1c8.498) 05:34:28:234 GetGPOInfo: ********************************
USERENV(1c8.498) 05:34:28:234 GetGPOInfo: Entering...
USERENV(1c8.498) 05:34:28:234 GetGPOInfo: lpHostName or lpDNName is NULL.
Skipping DS stuff.
USERENV(1c8.498) 05:34:28:234 GetGPOInfo: Leaving with 1
USERENV(1c8.498) 05:34:28:234 GetGPOInfo: ********************************
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: Logging Data for Target <OFFICE>.
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: OpenThreadToken failed with error
1008, assuming thread is not impersonating
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: Processing extension Registry
USERENV(1c8.498) 05:34:28:234 ReadStatus: Read Extension's Previous status
successfully.
USERENV(1c8.498) 05:34:28:234 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:234 CheckGPOs: No GPO changes and no security
group membership change and extension Registry has NoGPOChanges set.
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: Processing extension Wireless
Group Policy
USERENV(1c8.498) 05:34:28:234 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:234 CheckGPOs: No GPO changes but couldn't read
extension Wireless Group Policy's status or policy time.
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: Extension Wireless Group Policy
skipped because both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:234 ProcessGPOs: Processing extension Folder
Redirection
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Folder Redirection's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Folder Redirection
skipped with flags 0x3.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension Microsoft
Disk Quota
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Microsoft Disk Quota's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Microsoft Disk Quota
skipped because both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension QoS Packet
Scheduler
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension QoS Packet Scheduler's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension QoS Packet Scheduler
skipped because both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension Scripts
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Scripts's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Scripts skipped because
both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension Internet
Explorer Zonemapping
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Internet Explorer Zonemapping's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Internet Explorer
Zonemapping skipped because both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension Windows
Search Group Policy Extension
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Windows Search Group Policy Extension's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Windows Search Group
Policy Extension skipped because both deleted and changed GPO lists are
empty.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension Security
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Security's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Security skipped
because both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension Internet
Explorer Branding
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Internet Explorer Branding's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Internet Explorer
Branding skipped with flags 0x3.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension EFS recovery
USERENV(1c8.498) 05:34:28:250 ReadStatus: Read Extension's Previous status
successfully.
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes and no security
group membership change and extension EFS recovery has NoGPOChanges set.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension Microsoft
Offline Files
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Microsoft Offline Files's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Microsoft Offline Files
skipped because both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension Software
Installation
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension Software Installation's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension Software Installation
skipped because both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: -----------------------
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Processing extension IP Security
USERENV(1c8.498) 05:34:28:250 CompareGPOLists: The lists are the same.
USERENV(1c8.498) 05:34:28:250 CheckGPOs: No GPO changes but couldn't read
extension IP Security's status or policy time.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Extension IP Security skipped
because both deleted and changed GPO lists are empty.
USERENV(1c8.498) 05:34:28:250 SetFgRefreshInfo: Previous Machine Fg policy
Synchronous, Reason: SKU.
USERENV(1c8.498) 05:34:28:250 SetFgRefreshInfo: Next Machine Fg policy
Synchronous, Reason: SKU.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: No WMI logging done in this
policy cycle.
USERENV(1c8.498) 05:34:28:250 LeaveCriticalPolicySection: Critical section
0x750 has been released.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Computer Group Policy has been
applied.
USERENV(1c8.498) 05:34:28:250 ProcessGPOs: Leaving with 1.
USERENV(1c8.498) 05:34:28:250 ApplyGroupPolicy: Leaving successfully.
USERENV(490.494) 05:34:28:234 LibMain: Process Name:
F:\WINDOWS\system32\msdtc.exe
USERENV(1c8.4a4) 05:34:28:281 GPOThread: Next refresh will happen in 118
minutes
USERENV(538.550) 05:34:29:250 LibMain: Process Name:
F:\WINDOWS\System32\svchost.exe
USERENV(1f8.1fc) 05:34:29:281 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1f8.1fc) 05:34:29:296
================================================== =======
USERENV(1f8.1fc) 05:34:29:312 LoadUserProfile: Entering, hToken = <0x3e8>,
lpProfileInfo = 0x6fce4
USERENV(1f8.1fc) 05:34:29:328 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1f8.1fc) 05:34:29:343 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1f8.1fc) 05:34:29:343 LoadUserProfile: NULL central profile path
USERENV(1f8.1fc) 05:34:29:343 LoadUserProfile: NULL default profile path
USERENV(1f8.1fc) 05:34:29:343 LoadUserProfile: NULL server name
USERENV(1f8.1fc) 05:34:29:343 LoadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.1fc) 05:34:29:343 GetInterface: Returning rpc binding handle
USERENV(1c8.1e4) 05:34:29:343 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:29:343 DropClientContext: Got client token 000006B4,
sid = S-1-5-18
USERENV(1c8.1e4) 05:34:29:343 MIDL_user_allocate enter
USERENV(1c8.1e4) 05:34:29:343 DropClientContext: load profile object
successfully made
USERENV(1c8.1e4) 05:34:29:343 DropClientContext: Returning 0
USERENV(1f8.1fc) 05:34:29:343 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.2f4) 05:34:29:343 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:29:343 In LoadUserProfileP
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: Running as client, sid =
S-1-5-18
USERENV(1c8.2f4) 05:34:29:343
================================================== =======
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: Entering, hToken = <0x3f8>,
lpProfileInfo = 0xb74878
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: NULL central profile path
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: NULL default profile path
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: NULL server name
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: User sid: S-1-5-20
USERENV(1c8.2f4) 05:34:29:343 CSyncManager::EnterLock <S-1-5-20>
USERENV(1c8.2f4) 05:34:29:343 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.2f4) 05:34:29:343 CSyncManager::EnterLock: New entry created
USERENV(1c8.2f4) 05:34:29:343 CHashTable::HashAdd: S-1-5-20 added in bucket
4
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.2f4) 05:34:29:343 TestIfUserProfileLoaded: Profile already
loaded.
USERENV(1c8.2f4) 05:34:29:343 LoadUserClasses: classes hive already loaded.
USERENV(1c8.2f4) 05:34:29:343 Profile Ref Count is 4
USERENV(1c8.2f4) 05:34:29:343 LoadUserProfile: Leaving critical Section.
USERENV(1c8.2f4) 05:34:29:343 CSyncManager::LeaveLock <S-1-5-20>
USERENV(1c8.2f4) 05:34:29:343 CSyncManager::LeaveLock: Lock released
USERENV(1c8.2f4) 05:34:29:343 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(1c8.2f4) 05:34:29:359 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.2f4) 05:34:29:359 LoadUserProfile: Impersonated user: 000003f8,
00000144
USERENV(1c8.2f4) 05:34:29:359 LoadUserProfile: 002 About Reverted to user:
00000144
USERENV(1c8.2f4) 05:34:29:359 LoadUserProfile: 003 About Reverted back to
user <00000000>
USERENV(1c8.2f4) 05:34:29:359 LoadUserProfile: Leaving with a value of 1.
USERENV(1c8.2f4) 05:34:29:359
================================================== =======
USERENV(1c8.2f4) 05:34:29:359 LoadUserProfileI: returning 0
USERENV(1f8.1fc) 05:34:29:359 LoadUserProfile: Running as self
USERENV(1f8.1fc) 05:34:29:359 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(1f8.1fc) 05:34:29:359 LoadUserProfile: Returning success. Final
Information follows:
USERENV(1f8.1fc) 05:34:29:359 lpProfileInfo->UserName = <NetworkService>
USERENV(1f8.1fc) 05:34:29:359 lpProfileInfo->lpProfilePath = <(null)>
USERENV(1f8.1fc) 05:34:29:359 lpProfileInfo->dwFlags = 0x9
USERENV(1c8.1e4) 05:34:29:359 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:29:359 ReleaseClientContext: Releasing context
USERENV(1c8.1e4) 05:34:29:359 ReleaseClientContext_s: Releasing context
USERENV(1c8.1e4) 05:34:29:359 MIDL_user_free enter
USERENV(1f8.1fc) 05:34:29:359 ReleaseInterface: Releasing rpc binding handle
USERENV(1f8.1fc) 05:34:29:359 LoadUserProfile: Returning TRUE. hProfile =
<0x3f4>
USERENV(1f8.1fc) 05:34:29:359 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(700.704) 05:34:29:640 LibMain: Process Name:
F:\WINDOWS\system32\nvsvc32.exe
USERENV(720.724) 05:34:30:343 LibMain: Process Name: F:\Program
Files\Raxco\PerfectDisk\PDAgent.exe
USERENV(1f8.1fc) 05:34:30:625 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1f8.1fc) 05:34:30:703
================================================== =======
USERENV(1f8.1fc) 05:34:30:734 LoadUserProfile: Entering, hToken = <0x430>,
lpProfileInfo = 0x6fce4
USERENV(1f8.1fc) 05:34:30:781 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1f8.1fc) 05:34:30:796 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
USERENV(1f8.1fc) 05:34:30:812 LoadUserProfile: NULL central profile path
USERENV(1f8.1fc) 05:34:30:859 LoadUserProfile: NULL default profile path
USERENV(1f8.1fc) 05:34:30:859 LoadUserProfile: NULL server name
USERENV(1f8.1fc) 05:34:30:890 LoadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.1fc) 05:34:30:906 GetInterface: Returning rpc binding handle
USERENV(1c8.2f4) 05:34:30:906 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:30:906 DropClientContext: Got client token 000006B4,
sid = S-1-5-18
USERENV(1c8.2f4) 05:34:30:906 MIDL_user_allocate enter
USERENV(1c8.2f4) 05:34:30:906 DropClientContext: load profile object
successfully made
USERENV(1c8.2f4) 05:34:30:906 DropClientContext: Returning 0
USERENV(1f8.1fc) 05:34:30:906 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.1e4) 05:34:30:906 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:30:906 In LoadUserProfileP
USERENV(1c8.1e4) 05:34:30:906 LoadUserProfile: Running as client, sid =
S-1-5-18
USERENV(1c8.1e4) 05:34:30:906
================================================== =======
USERENV(1c8.1e4) 05:34:30:906 LoadUserProfile: Entering, hToken = <0x3f8>,
lpProfileInfo = 0xb63998
USERENV(1c8.1e4) 05:34:30:906 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1c8.1e4) 05:34:30:906 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
USERENV(1c8.1e4) 05:34:30:906 LoadUserProfile: NULL central profile path
USERENV(1c8.1e4) 05:34:30:906 LoadUserProfile: NULL default profile path
USERENV(1c8.1e4) 05:34:30:906 LoadUserProfile: NULL server name
USERENV(1c8.1e4) 05:34:30:906 LoadUserProfile: User sid: S-1-5-19
USERENV(1c8.1e4) 05:34:30:906 CSyncManager::EnterLock <S-1-5-19>
USERENV(1c8.1e4) 05:34:30:906 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1e4) 05:34:30:906 CSyncManager::EnterLock: New entry created
USERENV(1c8.1e4) 05:34:30:906 CHashTable::HashAdd: S-1-5-19 added in bucket
12
USERENV(1c8.1e4) 05:34:30:921 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.1e4) 05:34:30:937 TestIfUserProfileLoaded: Profile already
loaded.
USERENV(1c8.1e4) 05:34:30:953 LoadUserClasses: classes hive already loaded.
USERENV(1c8.1e4) 05:34:30:953 Profile Ref Count is 2
USERENV(1c8.1e4) 05:34:30:968 LoadUserProfile: Leaving critical Section.
USERENV(1c8.1e4) 05:34:30:968 CSyncManager::LeaveLock <S-1-5-19>
USERENV(1c8.1e4) 05:34:30:968 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1e4) 05:34:30:968 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(1c8.1e4) 05:34:30:968 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1e4) 05:34:30:984 LoadUserProfile: Impersonated user: 000003f8,
0000077c
USERENV(1c8.1e4) 05:34:30:984 LoadUserProfile: 002 About Reverted to user:
0000077c
USERENV(1c8.1e4) 05:34:31:000 LoadUserProfile: 003 About Reverted back to
user <00000000>
USERENV(1c8.1e4) 05:34:31:000 LoadUserProfile: Leaving with a value of 1.
USERENV(1c8.1e4) 05:34:31:015
================================================== =======
USERENV(1c8.1e4) 05:34:31:031 LoadUserProfileI: returning 0
USERENV(1f8.1fc) 05:34:31:046 LoadUserProfile: Running as self
USERENV(1f8.1fc) 05:34:31:046 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(1f8.1fc) 05:34:31:046 LoadUserProfile: Returning success. Final
Information follows:
USERENV(1f8.1fc) 05:34:31:046 lpProfileInfo->UserName = <LocalService>
USERENV(1f8.1fc) 05:34:31:046 lpProfileInfo->lpProfilePath = <(null)>
USERENV(1f8.1fc) 05:34:31:046 lpProfileInfo->dwFlags = 0x9
USERENV(1c8.170) 05:34:31:046 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.170) 05:34:31:046 ReleaseClientContext: Releasing context
USERENV(1c8.170) 05:34:31:046 ReleaseClientContext_s: Releasing context
USERENV(1c8.170) 05:34:31:046 MIDL_user_free enter
USERENV(1f8.1fc) 05:34:31:046 ReleaseInterface: Releasing rpc binding handle
USERENV(1f8.1fc) 05:34:31:046 LoadUserProfile: Returning TRUE. hProfile =
<0x444>
USERENV(1f8.1fc) 05:34:31:046 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(1f8.1fc) 05:34:31:093 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1f8.1fc) 05:34:31:109
================================================== =======
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: Entering, hToken = <0x45c>,
lpProfileInfo = 0x6fce4
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: NULL central profile path
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: NULL default profile path
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: NULL server name
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.1fc) 05:34:31:125 GetInterface: Returning rpc binding handle
USERENV(1c8.2f4) 05:34:31:125 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:31:125 DropClientContext: Got client token 000006B4,
sid = S-1-5-18
USERENV(1c8.2f4) 05:34:31:125 MIDL_user_allocate enter
USERENV(1c8.2f4) 05:34:31:125 DropClientContext: load profile object
successfully made
USERENV(1c8.2f4) 05:34:31:125 DropClientContext: Returning 0
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.1e4) 05:34:31:125 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:31:125 In LoadUserProfileP
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: Running as client, sid =
S-1-5-18
USERENV(1c8.1e4) 05:34:31:125
================================================== =======
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: Entering, hToken = <0x3f8>,
lpProfileInfo = 0xb74878
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: NULL central profile path
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: NULL default profile path
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: NULL server name
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: User sid: S-1-5-20
USERENV(1c8.1e4) 05:34:31:125 CSyncManager::EnterLock <S-1-5-20>
USERENV(1c8.1e4) 05:34:31:125 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1e4) 05:34:31:125 CSyncManager::EnterLock: New entry created
USERENV(1c8.1e4) 05:34:31:125 CHashTable::HashAdd: S-1-5-20 added in bucket
4
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.1e4) 05:34:31:125 TestIfUserProfileLoaded: Profile already
loaded.
USERENV(1c8.1e4) 05:34:31:125 LoadUserClasses: classes hive already loaded.
USERENV(1c8.1e4) 05:34:31:125 Profile Ref Count is 5
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: Leaving critical Section.
USERENV(1c8.1e4) 05:34:31:125 CSyncManager::LeaveLock <S-1-5-20>
USERENV(1c8.1e4) 05:34:31:125 CSyncManager::LeaveLock: Lock released
USERENV(1c8.1e4) 05:34:31:125 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(1c8.1e4) 05:34:31:125 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: Impersonated user: 000003f8,
0000077c
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: 002 About Reverted to user:
0000077c
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: 003 About Reverted back to
user <00000000>
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfile: Leaving with a value of 1.
USERENV(1c8.1e4) 05:34:31:125
================================================== =======
USERENV(1c8.1e4) 05:34:31:125 LoadUserProfileI: returning 0
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: Running as self
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(1f8.1fc) 05:34:31:125 LoadUserProfile: Returning success. Final
Information follows:
USERENV(1f8.1fc) 05:34:31:125 lpProfileInfo->UserName = <NetworkService>
USERENV(1f8.1fc) 05:34:31:125 lpProfileInfo->lpProfilePath = <(null)>
USERENV(1f8.1fc) 05:34:31:125 lpProfileInfo->dwFlags = 0x9
USERENV(1c8.170) 05:34:31:140 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.170) 05:34:31:140 ReleaseClientContext: Releasing context
USERENV(1c8.170) 05:34:31:140 ReleaseClientContext_s: Releasing context
USERENV(1c8.170) 05:34:31:140 MIDL_user_free enter
USERENV(1f8.1fc) 05:34:31:140 ReleaseInterface: Releasing rpc binding handle
USERENV(1f8.1fc) 05:34:31:140 LoadUserProfile: Returning TRUE. hProfile =
<0x468>
USERENV(1f8.1fc) 05:34:31:140 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(694.6a4) 05:34:31:171 LibMain: Process Name:
F:\WINDOWS\system32\smlogsvc.exe
USERENV(694.6a4) 05:34:31:171 GetProfileType: Profile already loaded.
USERENV(694.6a4) 05:34:31:187 GetProfileType: ProfileFlags is 0
USERENV(478.18c) 05:34:31:328 LibMain: Process Name:
F:\WINDOWS\system32\spoolsv.exe
USERENV(6a8.7d8) 05:34:31:343 LibMain: Process Name:
F:\WINDOWS\System32\svchost.exe
USERENV(3d4.e0) 05:34:31:421 LibMain: Process Name:
F:\WINDOWS\system32\svchost.exe
USERENV(e8.f0) 05:34:31:562 LibMain: Process Name:
F:\WINDOWS\system32\SearchIndexer.exe
USERENV(244.350) 05:34:31:734 LibMain: Process Name:
F:\WINDOWS\system32\mqsvc.exe
USERENV(1c8.1cc) 05:34:38:437 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1c8.1cc) 05:34:38:546
================================================== =======
USERENV(1c8.1cc) 05:34:38:546 LoadUserProfile: Entering, hToken = <0x76c>,
lpProfileInfo = 0x6e5d8
USERENV(1c8.1cc) 05:34:38:562 LoadUserProfile: lpProfileInfo->dwFlags =
<0x0>
USERENV(1c8.1cc) 05:34:38:562 LoadUserProfile: lpProfileInfo->lpUserName =
<Administrator>
USERENV(1c8.1cc) 05:34:38:578 LoadUserProfile: NULL central profile path
USERENV(1c8.1cc) 05:34:38:593 LoadUserProfile: NULL default profile path
USERENV(1c8.1cc) 05:34:38:609 LoadUserProfile: NULL server name
USERENV(1c8.1cc) 05:34:38:843 LoadUserProfile: In console winlogon process
USERENV(1c8.1cc) 05:34:38:843 In LoadUserProfileP
USERENV(1c8.1cc) 05:34:38:843
================================================== =======
USERENV(1c8.1cc) 05:34:38:843 LoadUserProfile: Entering, hToken = <0x76c>,
lpProfileInfo = 0x6e5d8
USERENV(1c8.1cc) 05:34:38:843 LoadUserProfile: lpProfileInfo->dwFlags =
<0x0>
USERENV(86c.870) 05:34:38:843 LibMain: Process Name: F:\Program
Files\Raxco\PerfectDisk\PDEngine.exe
USERENV(1c8.1cc) 05:34:38:843 LoadUserProfile: lpProfileInfo->lpUserName =
<Administrator>
USERENV(1c8.1cc) 05:34:38:859 LoadUserProfile: NULL central profile path
USERENV(1c8.1cc) 05:34:38:859 LoadUserProfile: NULL default profile path
USERENV(1c8.1cc) 05:34:38:859 LoadUserProfile: NULL server name
USERENV(1c8.1cc) 05:34:38:937 LoadUserProfile: User sid:
S-1-5-21-1653384031-3508051079-812977905-500
USERENV(1c8.1cc) 05:34:38:968 CSyncManager::EnterLock
<S-1-5-21-1653384031-3508051079-812977905-500>
USERENV(1c8.1cc) 05:34:38:968 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1cc) 05:34:38:968 CSyncManager::EnterLock: New entry created
USERENV(1c8.1cc) 05:34:38:968 CHashTable::HashAdd:
S-1-5-21-1653384031-3508051079-812977905-500 added in bucket 6
USERENV(1c8.1cc) 05:34:38:968 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.1cc) 05:34:38:968 TestIfUserProfileLoaded: return with error 2.
USERENV(1c8.1cc) 05:34:38:968 RestoreUserProfile: Entering
USERENV(1c8.1cc) 05:34:38:968 RestoreUserProfile: User is a Admin
USERENV(1c8.1cc) 05:34:38:968 IsCentralProfileReachable: Entering
USERENV(1c8.1cc) 05:34:38:968 IsCentralProfileReachable: Null path.
Leaving
USERENV(1c8.1cc) 05:34:38:968 RestoreUserProfile: Profile path = <>
USERENV(1c8.1cc) 05:34:38:968 ExtractProfileFromBackup: A profile already
exists
USERENV(1c8.1cc) 05:34:38:968 PatchNewProfileIfRequred: A profile already
exists with the current sid, exitting
USERENV(1c8.1cc) 05:34:38:968 CreateLocalProfileKey: user
<S-1-5-21-1653384031-3508051079-812977905-500> is local, not setting
preference key
USERENV(1c8.1cc) 05:34:38:968 GetExistingLocalProfileImage: Found entry in
profile list for existing local profile
USERENV(1c8.1cc) 05:34:38:968 GetExistingLocalProfileImage: Local profile
image filename = <%SystemDrive%\Documents and Settings\Administrator>
USERENV(1c8.1cc) 05:34:38:984 GetExistingLocalProfileImage: Expanded local
profile image filename = <F:\Documents and Settings\Administrator>
USERENV(1c8.1cc) 05:34:38:984 GetExistingLocalProfileImage: No local
mandatory profile. Error = 2
USERENV(1c8.1cc) 05:34:38:984 GetExistingLocalProfileImage: Found local
profile image file ok <F:\Documents and Settings\Administrator\ntuser.dat>
USERENV(1c8.1cc) 05:34:38:984 GetExistingLocalProfileImage: Failed to query
low profile unload time with error 2
USERENV(1c8.1cc) 05:34:38:984 Local Existing Profile Image is reachable
USERENV(1c8.1cc) 05:34:38:984 Local profile name is <F:\Documents and
Settings\Administrator>
USERENV(1c8.1cc) 05:34:38:984 RestoreUserProfile: No central profile.
Attempting to load local profile.
USERENV(1c8.1cc) 05:34:39:015 MyRegLoadKey: Failed to load subkey
<S-1-5-21-1653384031-3508051079-812977905-500>, error =32
USERENV(1c8.1cc) 05:34:39:015 MyRegLoadKey: Returning 00000020
USERENV(1c8.1cc) 05:34:39:062 RestoreUserProfile: MyRegLoadKey returned
FALSE.
USERENV(1c8.1cc) 05:34:39:062 ReportError: Impersonating user.
USERENV(1c8.1cc) 05:34:39:125 ReportError: Logging Error <Windows cannot
load the locally stored profile. Possible causes of this error include
insufficient security rights or a corrupt local profile. If this problem
persists, contact your network administrator.


DETAIL - The process cannot access the file because it is being used by
another process.
>

USERENV(1c8.1cc) 05:34:39:187 ErrorDialogEx: Calling DialogBoxParam
USERENV(1c8.1cc) 05:34:39:187 ErrorDlgProc:: DialogBoxParam
USERENV(1f8.7f0) 05:34:47:671 UnloadUserProfile: Entering, hProfile =
<0x468>
USERENV(1f8.7f0) 05:34:47:671 UnloadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.7f0) 05:34:47:671 GetInterface: Returning rpc binding handle
USERENV(1c8.2f4) 05:34:47:687 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:47:703 DropClientContext: Got client token 000007A4,
sid = S-1-5-18
USERENV(1c8.2f4) 05:34:47:718 MIDL_user_allocate enter
USERENV(1c8.2f4) 05:34:47:718 DropClientContext: load profile object
successfully made
USERENV(1c8.2f4) 05:34:47:718 DropClientContext: Returning 0
USERENV(1f8.7f0) 05:34:47:718 UnLoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.1e4) 05:34:47:734 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.1e4) 05:34:47:734 UnloadUserProfileP: Entering, hProfile =
<0x778>
USERENV(1c8.1e4) 05:34:47:734 UnloadUserProfileP: ImpersonateUser
<000007a4>, old token is <00000000>
USERENV(1c8.1e4) 05:34:47:734 GetExclusionListFromRegistry: Policy list is
empty, returning user list = <Local Settings;Temporary Internet
Files;History;Temp>
USERENV(1c8.1e4) 05:34:47:734 CSyncManager::EnterLock <S-1-5-20>
USERENV(1c8.1e4) 05:34:47:734 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.1e4) 05:34:47:734 CSyncManager::EnterLock: New entry created
USERENV(1c8.1e4) 05:34:47:734 CHashTable::HashAdd: S-1-5-20 added in bucket
4
USERENV(1c8.1e4) 05:34:47:734 UnloadUserProfileP: Wait succeeded. In
critical section.
USERENV(1f8.7d4) 05:34:47:921 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(1f8.7d4) 05:34:47:921
================================================== =======
USERENV(1f8.7d4) 05:34:47:937 LoadUserProfile: Entering, hToken = <0x1dc>,
lpProfileInfo = 0xf3f6f4
USERENV(1f8.7d4) 05:34:47:937 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1f8.7d4) 05:34:47:937 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
USERENV(1f8.7d4) 05:34:47:937 LoadUserProfile: NULL central profile path
USERENV(1f8.7d4) 05:34:47:937 LoadUserProfile: NULL default profile path
USERENV(1f8.7d4) 05:34:47:937 LoadUserProfile: NULL server name
USERENV(1f8.7d4) 05:34:47:937 LoadUserProfile: no thread token found,
impersonating self.
USERENV(1f8.7d4) 05:34:47:937 GetInterface: Returning rpc binding handle
USERENV(1c8.170) 05:34:47:937 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.170) 05:34:47:937 DropClientContext: Got client token 000007A0,
sid = S-1-5-18
USERENV(1c8.170) 05:34:47:937 MIDL_user_allocate enter
USERENV(1c8.170) 05:34:47:953 DropClientContext: load profile object
successfully made
USERENV(1c8.170) 05:34:47:953 DropClientContext: Returning 0
USERENV(1f8.7d4) 05:34:47:953 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(1c8.2f4) 05:34:47:953 IProfileSecurityCallBack: client
authenticated.
USERENV(1c8.2f4) 05:34:47:953 In LoadUserProfileP
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: Running as client, sid =
S-1-5-18
USERENV(1c8.2f4) 05:34:47:953
================================================== =======
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: Entering, hToken = <0x7a8>,
lpProfileInfo = 0xb6ff20
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: lpProfileInfo->dwFlags =
<0x9>
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: NULL central profile path
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: NULL default profile path
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: NULL server name
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: User sid: S-1-5-19
USERENV(1c8.2f4) 05:34:47:953 CSyncManager::EnterLock <S-1-5-19>
USERENV(1c8.2f4) 05:34:47:953 CSyncManager::EnterLock: No existing entry
found
USERENV(1c8.2f4) 05:34:47:953 CSyncManager::EnterLock: New entry created
USERENV(1c8.2f4) 05:34:47:953 CHashTable::HashAdd: S-1-5-19 added in bucket
12
USERENV(1c8.2f4) 05:34:47:953 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(1c8.2f4) 05:34:47:953 TestIfUserProfileLoaded: Profile already
loaded.
USERENV(1c8.2f4) 05:34:47:953 LoadUserClasses: classes hive already loaded.
USERENV(1c8.2f4) 05:34:48:984 Profile Ref Count is 3
USERENV(1c8.1e4) 05:34:48:984 UnloadUserProfileP: Didn't unload user
profile, Ref Count is 4
USERENV(1c8.2f4) 05:34:49:000 LoadUserProfile: Leaving critical Section.
USERENV(1c8.1e4) 05:34:49:000 UnloadUserProfileP: About Reverted back to
user <00000000>
USERENV(1c8.2f4) 05:34:49:015 CSyncManager::LeaveLock <S-1-5-19>
USERENV(1c8.1e4) 05:34:49:015 CSyncManager::LeaveLock <S-1-5-20>
USERENV(1c8.2f4) 05:34:49:031 CSyncManager::LeaveLock: Lock released
USERENV(1c8.2f4) 05:34:49:046 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(1c8.2f4) 05:34:49:046 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.1e4) 05:34:49:062 CSyncManager::LeaveLock: Lock released
USERENV(1c8.2f4) 05:34:49:062 LoadUserProfile: Impersonated user: 000007a8,
000007b0
USERENV(1c8.1e4) 05:34:49:078 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(1c8.2f4) 05:34:49:078 LoadUserProfile: 002 About Reverted to user:
000007b0
USERENV(1c8.1e4) 05:34:49:093 CSyncManager::LeaveLock: Lock deleted
USERENV(1c8.2f4) 05:34:49:093 LoadUserProfile: 003 About Reverted back to
user <00000000>
USERENV(1c8.2f4) 05:34:49:125 LoadUserProfile: Leaving with a value of 1.
USERENV(1c8.1e4) 05:34:49:125 UnloadUserProfileP: Leave critical section.
USERENV(1c8.2f4) 05:34:49:125
================================================== =======
USERENV(1c8.1e4) 05:34:49:125 UnloadUserProfileP: Leaving with a return
value of 1
USERENV(1c8.2f4) 05:34:49:125 LoadUserProfileI: returning 0
USERENV(1c8.1e4) 05:34:49:125 UnloadUserProfileI: returning 0
USERENV(1f8.7d4) 05:34:49:125 LoadUserProfile: Running as self
USERENV(1f8.7f0) 05:34:49:125 UnloadUserProfile: Calling UnloadUserProfileI
succeeded
USERENV(1f8.7d4) 05:34:49:125 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(1c8.170) 05:34:49:125 IProfileSecurityCallBack: client
authenticated.
USERENV(1f8.7d4) 05:34:49:125 LoadUserProfile: Returning success. Final
Information follows:
USERENV(1c8.170) 05:34:49:125 ReleaseClientContext: Releasing context
USERENV(1f8.7d4) 05:34:49:125 lpProfileInfo->UserName = <LocalService>
USERENV(1c8.170) 05:34:49:125 ReleaseClientContext_s: Releasing context
USERENV(1f8.7d4) 05:34:49:125 lpProfileInfo->lpProfilePath = <(null)>
USERENV(1c8.170) 05:34:49:125 MIDL_user_free enter
USERENV(1f8.7d4) 05:34:49:125 lpProfileInfo->dwFlags = 0x9
USERENV(1f8.7f0) 05:34:49:125 ReleaseInterface: Releasing rpc binding handle
USERENV(1c8.2f4) 05:34:49:140 IProfileSecurityCallBack: client
authenticated.
USERENV(1f8.7f0) 05:34:49:140 UnloadUserProfile: returning 1
USERENV(1c8.2f4) 05:34:49:140 ReleaseClientContext: Releasing context
USERENV(1c8.2f4) 05:34:49:140 ReleaseClientContext_s: Releasing context
USERENV(1c8.2f4) 05:34:49:140 MIDL_user_free enter
USERENV(1f8.7d4) 05:34:49:140 ReleaseInterface: Releasing rpc binding handle
USERENV(1f8.7d4) 05:34:49:140 LoadUserProfile: Returning TRUE. hProfile =
<0x46c>
USERENV(1f8.7d4) 05:34:49:140 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(36c.580) 05:34:50:343 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(36c.580) 05:34:50:343 GetUserNameAndDomain Failed to impersonate
user
USERENV(36c.580) 05:34:50:343 GetUserDNSDomainName: Computer is running
standalone. No DNS domain name available.
USERENV(36c.bb4) 05:34:50:406 GetProfileType: Profile already loaded.
USERENV(36c.bb4) 05:34:50:406 LoadProfileInfo: Failed to query central
profile with error 2
USERENV(36c.bb4) 05:34:50:406 GetProfileType: ProfileFlags is 0
 
Reply With Quote
Reply

« Windows Server 2k3 SP1 R2 - Login Screen reverted to whistler! | Installing W2K3 SP2 bluescreens server »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Error code 000000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 f739a15b. Dave Patrick Windows Server 1 03-03-2010 01:13 AM
Minidumps available ! Skybuck Flying Windows 64 Bit 18 10-09-2007 08:23 PM
Killer blow for x64 compatability... Mark Gillespie Windows 64 Bit 7 10-13-2006 08:03 PM
Can't load profile Charlie Windows Server 8 07-05-2006 06:36 AM
Windows will not load roaming profile for user X Julian Windows Server 1 10-05-2005 02:01 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Windows Vista Tips - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59