S
Steve
System is XP Pro XP2, all patches are up to day. Running on dynamic IP
DSL with Windows Firewall, Windows Defender and up to date AVG
anti-virus.
There are 2 user accounts, mine (strong password protected and an
admin), and my wife (no password, not admin level), along with the
admin account (strong password protected).
My wife logged on this morning as normal, checked e-mail and went to
get ready for work. When she came back to the PC, it was back at the
user login screen and started to ask her for a password. Nothing she
tried worked. I came down and tried to log into my account - and my
password no longer worked. Obviously checked caps lock and such -
nothing - couldn't log in.
When to shut it down and was prompted with an alert that another user
was logged in. The alert box didn't "look" quite right - not sure if
that was my imagination or not though - it seemed the font or something
about the type wasn't quite right.
Rebooted in safe mode and was able to log in as administrator fine and
changed my account password to a new one. Rebooted and I could get
into my account fine. I also noticed I had the "green shield" icon
stating that updates were recently done and an automatic reboot was
necessary (perhaps this is why my wife's desktop was back to a login
screen?)
In examining my tasklist, the only process running that didn't seem
familiar was uphclean.exe. When I google it, I see it's "User Profile
Hive Cleanup Service". When I searched for the physical file, I found
it in c:\Program Files\uphclean\ and the only other file in that
folder was a readme.txt. To the best of my recollection, I can't
recall ever seeing this in the tasklist before, and I know it's the
first time I've googled it.
When I had to leave for work, I went to shut down and was again given
the dialog box that said other users were logged onto the system.
Part of me thinks (hopes) this was an automatic reboot that didn't
check to see if uphclean.exe was running, and it somehow slightly
corrupted the user hive. Another part of me fears that uphclean.exe is
some sort of trojan and all hell is breaking loose in my machine.
Anyone see this happen before? What can I do to further investigate
and / or mitigate any damage short of a paranoid reformat?
DSL with Windows Firewall, Windows Defender and up to date AVG
anti-virus.
There are 2 user accounts, mine (strong password protected and an
admin), and my wife (no password, not admin level), along with the
admin account (strong password protected).
My wife logged on this morning as normal, checked e-mail and went to
get ready for work. When she came back to the PC, it was back at the
user login screen and started to ask her for a password. Nothing she
tried worked. I came down and tried to log into my account - and my
password no longer worked. Obviously checked caps lock and such -
nothing - couldn't log in.
When to shut it down and was prompted with an alert that another user
was logged in. The alert box didn't "look" quite right - not sure if
that was my imagination or not though - it seemed the font or something
about the type wasn't quite right.
Rebooted in safe mode and was able to log in as administrator fine and
changed my account password to a new one. Rebooted and I could get
into my account fine. I also noticed I had the "green shield" icon
stating that updates were recently done and an automatic reboot was
necessary (perhaps this is why my wife's desktop was back to a login
screen?)
In examining my tasklist, the only process running that didn't seem
familiar was uphclean.exe. When I google it, I see it's "User Profile
Hive Cleanup Service". When I searched for the physical file, I found
it in c:\Program Files\uphclean\ and the only other file in that
folder was a readme.txt. To the best of my recollection, I can't
recall ever seeing this in the tasklist before, and I know it's the
first time I've googled it.
When I had to leave for work, I went to shut down and was again given
the dialog box that said other users were logged onto the system.
Part of me thinks (hopes) this was an automatic reboot that didn't
check to see if uphclean.exe was running, and it somehow slightly
corrupted the user hive. Another part of me fears that uphclean.exe is
some sort of trojan and all hell is breaking loose in my machine.
Anyone see this happen before? What can I do to further investigate
and / or mitigate any damage short of a paranoid reformat?