Windows XP Profile Issue - Corruption Or Virus?

Posted on 2011-10-27
Last Modified: 2012-05-12
We have a Dell Inspiron 6000 with Windows XP.  We woke up to find the wallpaper changed to the default wallpaper (green pasture) and the my documents on the start menu pointed to the TEMP directory rather than the correct user folder so far.  Has anyone seen this before?  Is it some nefarious or a Windows XP bug?
Question by:gta2011
    LVL 5

    Expert Comment

    There might be a viral attack.
    Download and install HijacThis from the following link and send its Log

    LVL 2

    Expert Comment

    It could well be a virus. But 9 times out of 10 when I've seen this is a corrupt user profile. have you tried rebooting the machine since this has happened? what happened before this?

    Author Comment


    Rebooting doesn't fix it.
    LVL 7

    Accepted Solution

    It sounds like your profile loads in a "Temporary User Profile" - (Microsoft TechNet)
    A temporary profile is issued any time that an error condition prevents the users profile from being loaded. Temporary profiles are deleted at the end of each session - changes made by the user to their desktop settings and files are lost when the user logs off.
    The Microsoft solutions is to recreate it -
    Here is a link with instructions on how to copy your data from the corrupt profile to the new one.

    Best of luck
    LVL 2

    Expert Comment

    I agree with Moomin83 and was just about to suggest the same thing. :)
    LVL 66

    Expert Comment

    Look for the user's subkey here...

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    It will show a the actual profile in the ProfileImagePath. If the key has a .bak extension, remove the .bak, and remove the subkey that contains any TEMP profile.....

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now