Windows XP Profile Issue - Corruption Or Virus?

We have a Dell Inspiron 6000 with Windows XP.  We woke up to find the wallpaper changed to the default wallpaper (green pasture) and the my documents on the start menu pointed to the TEMP directory rather than the correct user folder so far.  Has anyone seen this before?  Is it some nefarious or a Windows XP bug?
gta2011Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Moomin83Connect With a Mentor Commented:
It sounds like your profile loads in a "Temporary User Profile" - (Microsoft TechNet)
A temporary profile is issued any time that an error condition prevents the users profile from being loaded. Temporary profiles are deleted at the end of each session - changes made by the user to their desktop settings and files are lost when the user logs off.
The Microsoft solutions is to recreate it - http://support.microsoft.com/kb/318011
Here is a link with instructions on how to copy your data from the corrupt profile to the new one.
http://support.microsoft.com/kb/811151

Best of luck
0
 
mcs0506Commented:
Hi,
There might be a viral attack.
Download and install HijacThis from the following link and send its Log
www.filehippo.com/download_hijackthis/


Regards,
Dani
0
 
greg-hawkinsCommented:
It could well be a virus. But 9 times out of 10 when I've seen this is a corrupt user profile. have you tried rebooting the machine since this has happened? what happened before this?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
gta2011Author Commented:
Greg:

Rebooting doesn't fix it.
0
 
greg-hawkinsCommented:
I agree with Moomin83 and was just about to suggest the same thing. :)
0
 
johnb6767Commented:
Look for the user's subkey here...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

It will show a the actual profile in the ProfileImagePath. If the key has a .bak extension, remove the .bak, and remove the subkey that contains any TEMP profile.....
0
All Courses

From novice to tech pro — start learning today.