Admin login coming from "temp"

XP Pro SP3

Something has gone wrong and I can't figure out what. A few days ago this comp booted to some really stripped down desktop like the default desktop for a new user.

I found all of my regular Administrator files and folders intact but now when I log in (I'm the only user and guest account is off) everything for my Administrator account is coming from this location listed in the registry:

http://img641.imageshack.us/img641/1772/tempproblem.jpg

If I could obtain a list of all those default XP Pro Administrator locations I might could resolve this by editing the registry and rebooting. Knowing what caused this in the first place would be better.

I have run a plethora of software to try to find out if I may have picked up some badware but only Avast Free edition about an hour ago has picked up on anything. Two files can't be scanned but I haven't selected for Avast to take any action yet:

1. C:\Documents and Settings\Administrator\Application Data\Win Patrol\HOSTS
(I'm sure it's normal for Win Patrol to lock out it's copy of the Hosts file)

2. C:\winstart.bat

The error for both is ""File is offline - it is currently not available."

winstart.bat is empty.

 

Greetings, mysticide.

I'd strongly advise you to go through the Malware Forum's Read & Run Me First instructions, then open a thread in that forum with the required logs attached - "winstart.bat" is a well-known infection.

 

Do you know where I could obtain a list of all those default XP Pro Administrator locations? I can't find it in a search engine and I can find no Administrators running XP Pro SP3 to take a screen shot of this information.

Why is this such a secret thing?

 

This looks like your original User Profile became corrupt and at each boot, Windows creates a temporary profile for you to use.

Why does the profile become corrupt? Many reasons, I first suffered with it within a month of XP being released, it still happens occasionally with later versions, up to and including Windows 7.

 

Earlier today I saved a copy of that MS webpage you refer too but haven't done that yet because if I do that it looks like I am moving my corrupted profile that I have at the moment to the new profile that is being created.

Like this:

****************************
Right-click My Computer, and select Properties.
Select the Advanced tab.
Click the Settings button in the User Profiles section.

/////Select the user account that was corrupted./////
/////Click the Copy To button./////

Click Browse button and then browse For Folder dialog box to locate the Documents and Settings folder and select the new account.
****************************

Aren't I just moving the current corruption from this profile to the new one?

I believe this problem was originally caused by a power failure a few days ago.

 

... but copy over any files you need from the old Profile before you delete it - don't try to copy the dat files or any settings.

Consider buying a UPS or switching to a laptop if you have frequent power disruptions.

 

Will that log in profile contain all of my current targets to all of my stuff for my Admin account (the Admin account that isn't working at the moment)?

 

Yeah If I go that route, I would first, while on this temp account, pull all my stuff out of those locations and put it in a folder on C: that way with the new Admin I can just drag and drop all that into my new profile locations.

I think the power outage was my fault, lol.

 

Its fixed. I moved what I wanted to keep to an all user area on C: made a new Admin account and the old one disappeared so there was no chance to delete it. Being from temp it probably just died without deletion or there cannot be 2 administrator accounts. Now I'm not booting into temporary limbo.

That winstart.bat file was empty (a hollow threat, lol, some other cleaner of mine may have emptied it) so I deleted it and it hasn't come back and there's been no ill effects and all my vast assortment of badware weapons are coming up clean.

I only need to get all my desktop and quick launch conveniences back and change some Windows settings like windows animations, transitions and balloon tips. It's been so long since I had to change those I forgot where the controls were, lol.

Thanks for the help guys.

 

This will help ensure your profile stays good - but NOT if you pull the power cord out

Good to read you're up and running again