Posts Photos Archives About

So I came home and stumbled upon a bit of a mystery. When I got home my brother was using my desktop PC that was running Windows 7 (I have accounts for my 2 brothers and my mom on the machine, but mine is the only admin account). After he finished his game he logged out and I logged in to my account, but found only strangeness.

My windows account seems to have been somewhat "reset", meaning:

  • my quick launch shortcuts were gone
  • my dropbox account did not automatically login
  • my pidgin accounts were no longer there
  • I had to relogin Steam
  • iTunes could not launch (I had hooked up my iDevice before logging in)
  • The Documents/Pictures/Music shortcuts in the start menu no longer work

However, despite that:

  • my desktop wallpaper was still correct
  • my documents folder was still there in c:\Users\my account name\My Documents as expected
  • Google Chrome settings seem to have been retained
  • other accounts on the same machine seem to be fine

I asked my brother if he had installed anything strange during the day, he only installed Yahoo Messenger. I last used the machine around 24 hours ago and it was fine then.

I'm not sure what else has been affected. I'm inclined to just create a new admin user for me to use, but I'd like to have some idea of what actually happened.


Moab said...

I cannot speak to what happened, but you could use Windows System Restore, pick a date before the problem started. It should restore it to the way it was.



If you suspect an infection:

Follow the order given below to properly disinfect your PC

1.) Make a boot AV disc then boot from the disc and scan the hard drive, remove any infections it finds, I prefer the Kaspersky disc myself. The New 2010 Kaspersky disc can update the AV dat files if you are connected to the internet at the time of scan and is suggested to update before the scan.

2.) Then: Install free MBAM, run the program and go to the Update tab and update it, then go to the Scanner Tab and do a quick scan, select and remove anything it finds.

3.) When MBAM is done install SAS free version, run a quick scan, remove what it automatically selects.

These last 2 are not AV softwares like Norton, AVG etc, they are on demand scanners that only scan for nasties when you run the program and will not interfere with your installed AV, these can be run once a day or week to ensure you are not infected. Be sure you update them before each daily-weekly scan.

paradroid said...

Open a CMD prompt and try this:

cd /d %systemdrive%\users\

I think what you will see is that your old user profile is there, along with your current one, with the directory name being the user account name followed by something like .001.

If this is the case, Windows has automatically recovered the account after user registry hive corruption, so you would have lost most of your user settings. You may be able to retrieve some program settings from %APPDATA%, but I think they may already be copied over.

System Restore may be able to roll things back for you.