Malware Infection Cause Cannot Load Locally Stored Profile?

My sister came home yesterday to find the error message appear

"Windows cannot load locally stored profile."

I booted into safe mode, created a New user and transferred all her data to the new account.

My question is does this error occur from a malware infection?

Secondly could I get the logs from her computer scanned for problems.


Thx
Steve

 

Other logs...

 

Hi Steve!
Welcome to MajorGeeks!

Someone's reading your logs and will get back to you. This can take awhile so thanks for your patience.

abri

 

OK I don't see the instructions I received by email here, hopefully I was supposed to still do them.

I ran Cleanup and it freed 40Megs.

I than ran COmbofix & HJT.

Here are the 4 logs you requested me to post after I did the scans...

 

Other 2 files.

 

Hi Steve

The problem you refer to isn't a malware problem. Please see the following Microsoft article for how to correct the problem with the User Profile. It would be a good idea to do this after you've cleaned up your computer as per the instructions below. Your sister's computer has one infected restore point. We keep an infected restore point while we're working, because on a very few occasions an infected restore point can be better than no restore point at all. Therefore, please do NOT set a clean restore point, until you are no longer in a position to have to rely on a previous restore point. When you disable and enable your restore point, you can no longer go back even to the infected one if you need to.
How to copy data from a corrupted user profile to a new profile



The instructions below are to clean up some problems unrelated to the warning you mentioned, which make the computer vulnerable to malware. After you've completed these instructions, we'll post one other set of instructions which do a final cleaning and provide tips on how to protect your computer from malware. For one thing, your sister should be using CCleaner regularly, which I'm not sure was done when you ran the READ & RUN ME. This will regularly purge the computer of temporary internet files and cookies which give adware access to the computer. At the last step in this post, we'll use another cleaner called ATF which will do much the same thing for now.


1) Please go to add/remove programs and uninstall the following:

- Viewpoint Media Player
- J2SE Runtime Environment 5.0

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run
Disable/Remove Windows Messenger


3) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

4) NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

5) Please post the following new logs:

- newfiles (from Shownew)
- runkeys (from GetRunKeys)
- hijackthis

abri

 

OK. I have done as requested. Here are my updated logs.

Thanks for the help!

 

Hi swalsh!

Everything looks good in your logs. I would like for you to follow the instructions below, but before you do step 4 in the quotes box, if you haven't already done so, please go to the Microsoft article (the link's just below the quotes box: "How to copy data..."), and work out the user profile problems you were having before you perform step 4 of the instructions in the box. Toggling the system restore can wait that long.

How to copy data from a corrupted user profile to a new profile


Let me know how everything goes!
abri

 

Thanks Abri,

Everything seems to be running smoothly. So if a malware/virus doesn't cause the corrupted userfile what does? Is it just one of those things you chalk up to be a Windows thing?

 

Your welcome, swalsh!
You had an infected restore point along with something Nortons put into the quarantine folder, so it's possible one of the files was corrupted that way. Sometimes if a program is not uninstalled correctly, but simply deleted, it takes shared files with it and results in missing files. Also, physical problems on the disk can lead to file problems. Nortons has a great Disk Doctor tool that I like to use that looks over the disk for bad spots and then reroutes things around them. XP itself is a wonder at redundancy. I've found its capacity for recovery continues to astonish me, however, the fact that there's a Microsoft website to show you how to fix the problem along with an actual name for the error indicates that it does hsppen sometimes. I hope it will not be a recurring problem and that you and your sister will have many carefree computer hours.
abri