Results 1 to 6 of 6

Thread: 2 down and 1 to go

  1. #1
    Chewie's Avatar Chew E. Bakke
    Join Date
    Feb 2004
    Posts
    4,008
    It's been busy here at chez chewie...

    The black one is done and the sliver one just needs stability testing but the diddy little beige one has surprised me...

    Got a phone call on Thursday about it. Seems there was an ambiguous system notification telling the owner that there had been a serious problem and the system needed rebooting.
    Once rebooted they found shortcuts and personal files missing.

    A thorough browse of the XP Pro installation reveals that nothing is really missing, but the user folder has been changed.
    The files all appear to be where youd expect them..
    Code:
    C:\Documents and Settings\<user>\
    ...but the system is using something else...
    Code:
    C:\Documents and Settings\TEMP\
    Obviously the short solution would be to either set the user's directory to what it should be or create a new user and move everything over, but I want to find out what caused this to happen.
    The system is protected by KAV v5 & Outpost v3, the owner has installed Super Antispyware (an honest program) and I can't see anything unusual in the HJT output (apart from a logon notification to Super Antispyware) so I don't think it's a malicious process. I think Windows had a fit.

    Any ideas?
    There isn't a bargepole long enough for me to work on [a Sony Viao] - clocker 2008

  2. Software & Hardware   -   #2
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,547
    Is this a friends computer or something you do on the side for money ? Looks like my place tho . I'd wipe it out and reinstall just to be sure , you can't win if its a friends computer anyway Chewie .

  3. Software & Hardware   -   #3
    Chewie's Avatar Chew E. Bakke
    Join Date
    Feb 2004
    Posts
    4,008
    The black one is the CPU-less one
    The silver one is owned by the son of one of the owners of the £multimillion company I work for.
    They're both paying

    The beige one is for a friend I've known nearly 25 years. She's a single mum with 3 teenage sons and although I always tell her I'll never charge her, she always gives me baccy or something so she doesn't feel guilty.

    I did think of formatting but wanted to leave as much intact as I could for her. I've already hooked up another drive to which I was gong to recover lost files before I found they weren't actually lost () so I could do it anyway.
    :undecided:
    There isn't a bargepole long enough for me to work on [a Sony Viao] - clocker 2008

  4. Software & Hardware   -   #4
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,547
    Ya your a good person Chewie , but sometimes we try too hard when a reinstall is so much easier I guess ? I'v burnt pics or documents to disk for them then just give them the puter back all freshly installed with new drivers and updated programs .

    I don't think they know the effort that went in to but that's our secret ?

  5. Software & Hardware   -   #5
    clocker's Avatar Shovel Ready
    Join Date
    Mar 2003
    Posts
    15,305
    Quote Originally Posted by Chewie UK View Post
    I think Windows had a fit.

    Any ideas?
    I'd recertify the drive.
    This usually happens when Windows finds a corrupted "user.dat" file which can be the result of an infection (which you seem to have ruled out) or bad/corrupted sectors.
    What OS is the PC running?
    In XP, finding temp folders like that means the OS recovered the folder/file from a bad sector...not a good sign.

    I think.
    "I am the one who knocks."- Heisenberg

  6. Software & Hardware   -   #6
    Chewie's Avatar Chew E. Bakke
    Join Date
    Feb 2004
    Posts
    4,008
    I'd still prefer to avoid a complete reinstall if at all possible, peat, so I'll try creating another user based on the original's files/settings and see if it works.


    It's XP Pro with only the IE7 update waiting to be installed, clocker.
    I thought XP created Found.xxx folders in the root when it 'recovered' (never seen anything usable in them!) file fragments etc.

    I think you may be right about the corrupt user.dat.
    This could be the result of something malicious though; coincidentally, this woman was the victim of malware that reset the user.dat entry so it loaded itself and a bug in AdAware at the time would not fix the reference and she couldn't get to the desktop... I wonder if something similar happened again.

    I'll give the drive a surface scan through BartPE (so the results are there to see in the morning!) and if nothing shows, try the copy user thing mentioned above.

    Thanks guys. As always your input is most welcome.
    There isn't a bargepole long enough for me to work on [a Sony Viao] - clocker 2008

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •