I agree with S0lo that it more than likely is a virus. If this indeed was from a script kiddie you have a couple pressing issues:
1. Security on users isn't locked down and not specific to job role/function.
2. Relating to the above plus the fact that somebody has far more access than they need and have decided to take advantage it.
I would definitely scan the box first and also check those registry entries. If the box turns up clean, let us know and we can start hunting down the childish script kiddie on your network; who apparently doesn't have any work to do.
*sigh* Dealing with children on the playground we all know as the enterprise network.