Hi, my first post here, so please be gentle with me!
I work for an organisation which has for many months been using delprof.exe on 7000+ Windows XP workstations to routinely clean up old profiles (>120 days unused). Now suddenly we have two devices where delprof appears to have deleted a contemporary profile, ie one that was used the previous day, resulting in some fairly disasterous data loss (thankfully we have centrally managed software deployment, so we have been able to turn delprof off across all devices whilst we investigate, to limit further damage).
Despite one of the devices being shut down the instant the problem was noticed, I have spent hours attempting data recovery on both hard drives with pretty poor results. It's as if delprof has 'shredded' the files - ie deliberately overwritten the sectors from which data was deleted.
I can find no other postings documenting this issue. My main concern is getting the data back, although having tried 5 or 6 free recovery tools I am beginning to lose hope. Second issue is to discover why this happened. It seems delprof may have been confused about the datestamp on the ntuser.dat file (I am assuming that is what it looks at?). This was not an issue of the PC clocks being wrongly set - we can see the timestamps in the event log were correct at the time it ran.