Question : Vista user profile seems corrupted after malware removal

Hi, here's my problem.

I have Vista 32-bit home premium running on my PC. I just have one user account, my own, which is the administrator account.

In the last day or so, I became infected with a nasty little rogue antispyware thing -- the kind that pops up a bunch of fake warning messages and tries to get you to buy an anti-virus. It was blocking me from running most every removal program, but I managed to find some instructions on how to get rid of it manually. At least the major parts of it, anyway.

Once I was freed up to run Malwarebytes and such, I started running scans to try eliminating the final traces. The last scan I ran (I don't recall the specific program offhand) wanted to remove some registry entries associated with the malware. It asked me if I wanted to back up the registry, and I said I did. Then I went ahead and removed them and rebooted.

When Vista came back up, my desktop didn't load properly. I had a black background, my icons were in random order, and many icons were missing. Far more annoying, though, is that Vista acts like I've never used the computer before. It doesn't seem to recognize any of my settings, my favorites, my e-mail accounts, or anything like that. All those things are still on the hard drive, they haven't been deleted. It's just that Vista seems to be ignoring them.

Even before the desktop icons loaded, a crash error came up that said "Host Process for Windows Services has stopped working". When I closed it, another one saying the same thing popped up.

Then down in the bottom right corner, a bubble came up that reads "Failed to connect to a windows service. Windows could not connect to the User Profile Service service. This problem prevents limited users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond."

An image of my desktop, with these two errors visible, is attached to this message.

Right away I assumed that something had happened to the registry. I had backed it up, but I've never actually replaced the registry with a backup before, so I did a search on how to go about doing that. Some advice from a reliable site said that when trying to undo a registry mistake, it's much easier to just load a system restore point than do it manually. So I picked a good restore point and loaded it.

Unfortunately, it didn't fix anything. Worse yet, doing the system restore deleted the registry backup I had made, which I can't quite understand. I've done system restore before and I've always had the option to undo it once it was done. I thought I'd try that so I could regain the registry backup, but it won't allow me to undo this one. Also, it's telling me there are no saved system restore points anymore.

Since I couldn't do anything with system restore any longer, I started doing searches on those error messages I described. Reading several things brought me to the conclusion that my vista profile had some how gotten corrupted.

In Windows Explorer, I looked at my profile folders, the ones listed near the top of the file tree, directly under Desktop. I'd never noticed this before, but I saw that I had duplicate copies of several folders -- there were 2 desktops, 2 favorites, 2 documents, etc.

The newer folders were all mostly empty and pointed to c:\windows\system32\config\systemprofile. The old folders had all my desktop icons and favorites and everything, and those pointed to c:\users\(accountname).

I tried deleting the new folders, hoping the system would read from the old ones. I was able to delete all of them except the desktop folder. I tried copying the contents of my old desktop folder into the new one, and while some of the missing icons appeared, none of the settings or anything were restored.

I read up on several ways to try creating a new user profile in order to replace one that's gone bad, but none of them have worked. As I mentioned, I tried copying the data over from the old folders, but it's not fixing the problem. I tried removing my user profile and logging back in, trying to force Vista to create a new clean profile. But that hasn't worked either, and now I don't have a user profile at all.

Currently, I'm still getting both errors when I log into Windows. My settings and stuff aren't being recognized, so it's like I've never used the computer before. I have one user account (with admin privilges) but no user profile is listed. I still have all the folders from the user profile I'd been using, Vista just won't read it.

And going back to the beginning, I don't think I had the malware fully cleaned out when this happened. So I'm not sure what role that might be playing here, if any. I tend to think it was just an issue of a bad registry edit, but I'm certainly no expert.

I hope I've done a good job explaining where things stand. Any help would be greatly appriciated.

Attachments:

desktop.jpg (143 KB) (File Type Details)

desktop error messages

Answer : Vista user profile seems corrupted after malware removal

Unless somebody knows something that I don't, going back is not an option so let's try to move ahead.
brandongohwh has a good suggestion and should be done but I would use ComboFix first to see what it can find. You can get it and the instructions (please follow them carefully) here.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Random Solutions

NAS Permissions Issue

How to set vyatta to block all traffic destined for a network other than ours

How successful is the MVC Framework?

Working offline synchronization error

Grouping Data in XML

jquery dhtml use a selected dom element

Keyboard not working

Correct syntax in a Where clause

Outlook Auto-accept does not work for Outlook 2010 meeting requests: Iin Exchange 2003