Connection issue on temporary session
rakap
Posted messages
10
Status
Member
-
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Hello,
I could no longer log in with my regular user account but only on the temporary account.
In safe mode, I initiated system restore and it worked.
However, Windows performed its weekly automatic backup, but there wasn't enough space on the partitioned backup drive. The backup was halted.
So now I can no longer recover the restore point that I manually created earlier (as a precaution on 10/29/2017).
Windows does not offer me any recovery dates anymore.
How can I recover this restore point? If it's possible.
I don't know what to do anymore.
Thank you for your help.
PS: Bitdefender Antivirus – Kaspersky Encryption Software
I could no longer log in with my regular user account but only on the temporary account.
In safe mode, I initiated system restore and it worked.
However, Windows performed its weekly automatic backup, but there wasn't enough space on the partitioned backup drive. The backup was halted.
So now I can no longer recover the restore point that I manually created earlier (as a precaution on 10/29/2017).
Windows does not offer me any recovery dates anymore.
How can I recover this restore point? If it's possible.
I don't know what to do anymore.
Thank you for your help.
PS: Bitdefender Antivirus – Kaspersky Encryption Software
11 answers
Hi,
Uninstall BitDefender to see what it's like without it.
Go to Event Viewer and check for any errors related to the session opening:
Windows key + R
type eventvwr.msc
go to the Windows Logs => Application
If you have User Profile Service errors
Post the content here (the one at the bottom).
Please press any key to continue with the cleaning...
Uninstall BitDefender to see what it's like without it.
Go to Event Viewer and check for any errors related to the session opening:
Windows key + R
type eventvwr.msc
go to the Windows Logs => Application
If you have User Profile Service errors
Post the content here (the one at the bottom).
Please press any key to continue with the cleaning...
Hello and thank you for this suggestion.
I did try to remove Bitdefender but I'm unable to do so.
Is there another way to uninstall Bitdefender other than using Bitdefender Uninstall? It didn't work with the Bitdefender uninstall tool.
And I can't remove Bitdefender via the classic Control Panel.
As for the login report, I will post that this evening.
I did try to remove Bitdefender but I'm unable to do so.
Is there another way to uninstall Bitdefender other than using Bitdefender Uninstall? It didn't work with the Bitdefender uninstall tool.
And I can't remove Bitdefender via the classic Control Panel.
As for the login report, I will post that this evening.
I don't really know which version there are exactly, there are dozens of them. Plus, there's the version I installed and then the updates for that same version...
So I'm going to check the event viewer to find out the exact version and try to uninstall it.
So I'm going to check the event viewer to find out the exact version and try to uninstall it.
Here is the report:
Error 11/11/2017 10:16:24 User Profile Service 1511 None
Error 11/11/2017 10:16:24 User Profile Service 1515 None
Error 11/11/2017 10:16:24 User Profile Service 1502 None
Error 11/11/2017 10:16:24 User Profile Service 1508 None
Information 11/11/2017 10:16:19 User Profile Service 1531 None
Information 10/11/2017 22:07:54 User Profile Service 1532 None
Warning 10/11/2017 22:07:51 User Profile Service 1530 None
Warning 10/11/2017 22:07:50 User Profile Service 1530 None
Error 11/11/2017 10:16:24 User Profile Service 1511 None
Error 11/11/2017 10:16:24 User Profile Service 1515 None
Error 11/11/2017 10:16:24 User Profile Service 1502 None
Error 11/11/2017 10:16:24 User Profile Service 1508 None
Information 11/11/2017 10:16:19 User Profile Service 1531 None
Information 10/11/2017 22:07:54 User Profile Service 1532 None
Warning 10/11/2017 22:07:51 User Profile Service 1530 None
Warning 10/11/2017 22:07:50 User Profile Service 1530 None
Windows cannot find the local profile and is attempting to log you in with a temporary profile. Changes made to this profile will be lost when you log off.
Windows has saved the profile of this user. Windows will automatically attempt to use the saved profile the next time this user opens a session.
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupted local profile.
DETAIL - The process cannot access the file because it is being used by another process.
Windows cannot load the registry. This problem is often caused by insufficient memory or insufficient access rights.
DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\Berthalie\ntuser.dat
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3010290874-4165481152-1425161321-1000:
Process 556 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3010290874-4165481152-1425161321-1000
Process 1716 (\Device\HarddiskVolume2\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe) has opened key \REGISTRY\USER\S-1-5-21-3010290874-4165481152-1425161321-1000
Windows has saved the profile of this user. Windows will automatically attempt to use the saved profile the next time this user opens a session.
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupted local profile.
DETAIL - The process cannot access the file because it is being used by another process.
Windows cannot load the registry. This problem is often caused by insufficient memory or insufficient access rights.
DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\Berthalie\ntuser.dat
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3010290874-4165481152-1425161321-1000:
Process 556 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3010290874-4165481152-1425161321-1000
Process 1716 (\Device\HarddiskVolume2\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe) has opened key \REGISTRY\USER\S-1-5-21-3010290874-4165481152-1425161321-1000
DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\Berthalie\ntuser.dat
I am almost certain it is due to BitDefender locking the profile file.
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links leading to the reports here in a new response so that we can consult them.
for C:\Users\Berthalie\ntuser.dat
I am almost certain it is due to BitDefender locking the profile file.
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links leading to the reports here in a new response so that we can consult them.
Go to the Control Panel
then to Programs and Features.
Uninstall
CyberLink
Dropbox (unless you need it)
Google Toolbar for Internet Explorer
sysTPL
WildTangent Games App
Here is the fix to perform with FRST. You can refer to this explanatory note with screenshots.
Open Notepad: Press Windows + R,
In the "Run" field, type notepad and OK.
Copy/Paste the following into it:
Once the text is pasted in Notepad,
Go to the "File" menu and then "Save As",
On the left, navigate to the Desktop,
In the field at the bottom, for the file name enter: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.
Boot into safe mode
=> https://www.malekal.com/demarrer-windows-mode-sans-echec/
Once in safe mode,
Restart FRST and click on the "Fix" button
A restart may be necessary ( not mandatory )
A text file appears, copy/paste its content here in a new message.
Restart the computer in normal mode.
2°)
Reset/Repair the affected web browsers:
Please press a key to continue the disinfection...
then to Programs and Features.
Uninstall
CyberLink
Dropbox (unless you need it)
Google Toolbar for Internet Explorer
sysTPL
WildTangent Games App
Here is the fix to perform with FRST. You can refer to this explanatory note with screenshots.
Open Notepad: Press Windows + R,
In the "Run" field, type notepad and OK.
Copy/Paste the following into it:
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [872560 2013-12-05] (Tlapia)
2017-11-01 22:07 - 2017-11-01 22:07 - 000000000 ____D C:\ProgramData\SystemAcCrux
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Program Files (x86)\sysTPL
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2017-10-14] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
2017-10-27 18:17 - 2017-10-27 18:17 - 009932672 _____ C:\Users\Berthalie\Downloads\bitdefender_online.exe
2017-10-14 11:29 - 2017-10-14 11:29 - 000261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2017-10-29 22:10 - 2017-09-02 12:15 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-10-29 22:08 - 2017-09-03 17:18 - 000000000 ____D C:\Program Files\Bitdefender
EmptyTemp:
RemoveProxy:
Reboot:
Once the text is pasted in Notepad,
Go to the "File" menu and then "Save As",
On the left, navigate to the Desktop,
In the field at the bottom, for the file name enter: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.
Boot into safe mode
=> https://www.malekal.com/demarrer-windows-mode-sans-echec/
Once in safe mode,
Restart FRST and click on the "Fix" button
A restart may be necessary ( not mandatory )
A text file appears, copy/paste its content here in a new message.
Restart the computer in normal mode.
2°)
Reset/Repair the affected web browsers:
- Repair Mozilla Firefox (first paragraph)
- Repair Google Chrome (only the first paragraph).
Please press a key to continue the disinfection...
Good evening,
I launched the program.
Here is the result:
http://www.cjoint.com/c/GKsvR7UOBZ6
I restarted but no window opened.
I couldn't paste the text.
The problem persists for now.
I launched the program.
Here is the result:
http://www.cjoint.com/c/GKsvR7UOBZ6
I restarted but no window opened.
I couldn't paste the text.
The problem persists for now.
see what it looks like without BitDefender for the session.
--
Please press any key to continue the disinfection...
--
Please press any key to continue the disinfection...
Hello,
It does not change anything.
Should I launch a new fix with FRSt so that the window opens and I can paste the text above?
It does not change anything.
Should I launch a new fix with FRSt so that the window opens and I can paste the text above?
Uninstall all this:
EaseUS
Malwarebytes Anti-Malware (it's not up to date and it's for sure that it doesn't cause a problem).
QuickTime
sysTPL
WildTangent Games App
The last time the profile messed up was last night.
When did you uninstall it, BitDefender?
Error: (11/22/2017 10:35:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Berthalie-HP)
Description: Windows has saved this user's profile. Windows will automatically attempt to use the saved profile the next time this user logs on.
Error: (11/22/2017 10:35:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Berthalie-HP)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupted local profile.
DETAIL - The process cannot access the file because it is being used by another process.
Error: (11/22/2017 10:35:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows cannot load the registry. This issue is often caused by insufficient memory or insufficient access rights.
Otherwise, create a new user to see if it behaves the same way.
=> https://www.malekal.com/netplwiz-ajouter-un-utilisateur-windows-facilement/
--
Please press a key to continue the disinfection...
EaseUS
Malwarebytes Anti-Malware (it's not up to date and it's for sure that it doesn't cause a problem).
QuickTime
sysTPL
WildTangent Games App
The last time the profile messed up was last night.
When did you uninstall it, BitDefender?
Error: (11/22/2017 10:35:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Berthalie-HP)
Description: Windows has saved this user's profile. Windows will automatically attempt to use the saved profile the next time this user logs on.
Error: (11/22/2017 10:35:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Berthalie-HP)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupted local profile.
DETAIL - The process cannot access the file because it is being used by another process.
Error: (11/22/2017 10:35:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows cannot load the registry. This issue is often caused by insufficient memory or insufficient access rights.
Otherwise, create a new user to see if it behaves the same way.
=> https://www.malekal.com/netplwiz-ajouter-un-utilisateur-windows-facilement/
--
Please press a key to continue the disinfection...