Edit 29 May 2015 - add green text I think I figured out what's going on, at least for my own system since I've gotten rid of those eventlog entries. And it seems just KB3021674 is the immediate culprit since the KB mentions that one "could leverage the Windows User Profile Service (ProfSvc) to load registry hives that are associated with other user accounts". I think the Local Service and Network Service used to do exactly this to borrow access they should not have had, possibly from SYSTEM, which is why it used to work for me before the update but afterward didn't and actually never should have, given some of my file permission settings. The good news is that the update does not need to be uninstalled to solve it. The first clue is in a thread about this update going wrong for Vista/W7 users, but the basic outline is the same for XP and/or WEPOS 2009 as well even though nobody mentions it... see the third post by Susan Bradley on http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/kb3021674-causes-user-profile-event-1542/f203ebf9-08f5-4b95-84af-fbe8c52f3854?page=3 To dencorso and glnz, could you both check what account is the owner of the folders: C:\Documents and Settings\Default User C:\Documents and Settings\Local Service C:\Documents and Settings\Network Service C:\Documents and Settings\ (your account name) Mine are all owned by the "Administators" group, I'm thinking that glnz may have this too but perhaps dencorso does not? Also could you both open a cmd prompt and type cd c:\Documents and Settings cacls "Default User" > perms.txt cacls LocalService >> perms.txt cacls NetworkService >> perms.txt cacls (your account name) >> perms.txt then paste the contents of perms.txt here? In my case these showed that neither Local Service nor Network Service had any access to their own profiles since they were not the owner. The way I see it, the ideal solution would be to change the owner from Administrators group to Local Service and Network Service but the UI does not give me any way to do that... it can TAKE ownership but not give it away, and having it owned by either me or Administrator would not solve the problem. The other interesting post is on page 4 of that thread, in the Susan Bradley reply near the bottom, with the screen shots. But instead of focussing on "anyUser" as she does, check out NT AUTHORITY\Local Service and NT AUTHORITY\Network Service - giving them Full Control solved it for me. Also I had to do this for the entire folder (I also propagated to all children while I was at it), not just the files ntuser.dat and usrclass.dat - doing just those 2 files replaced the 6 errors with a pair of eventID1500's but didn't completely solve it. And yes, the mystery profiles for Temp and TEMP.NT AUTHORITY went away on their own after a reboot once I fixed all the permisssions, I did not need to manually delete the temporary profiles. If you have XP Pro you could follow the screenshots but for Home you would have to either reboot to safemode (so the normally missing security tab can appear on the property sheet), or (to view the current settings) use the command line to enter cd c:\Documents and Settings cacls LocalService "NT AUTHORITY\LOCAL SERVICE" cacls NetworkService "NT AUTHORITY\NETWORK SERVICE" or to actually do the fix: cd c:\Documents and Settings cacls LocalService /t /e /g "NT AUTHORITY\LOCAL SERVICE":F cacls NetworkService /t /e /g "NT AUTHORITY\NETWORK SERVICE":F then for either way, version of the fix, reboot. This worked for me.