Lost user profile, winlogon value changed

M

mriggins

New member
I recently updated spybot sd and my fiance's user profile was completely wiped out. Her files are no longer there (though I was able to recover them) and all of her preferences are lost.

Also, I restarted the computer and got a popup from spybot sd that reads:
Category: Winlogon
Change: Value Changed
Entry: Default User Name
Old Data: <my profile name>
New Data: <my fiance's profile name>

Is this a result of spybot or a virus? Any help would be appreciated.
 
mriggins:

mriggins said:
I recently updated spybot sd and my fiance's user profile was completely wiped out. Her files are no longer there (though I was able to recover them) and all of her preferences are lost. ...
Click to expand...
There is a problem with Spybot and corrupted user profiles. According to Patrick Kolla the problem only occurs under a very limited set of circumstances.
If you had rebooted the system at this point everything most likely would have returned to normal. See:
PepiMK said:
There is an issue when you kill the Spybot-S&D process and then switch users, or switch users while it is still running, since it's trying to scan those and locking them. After a reboot (or closing Spybot-S&D) it'll be ok again.

That has nothing to do with uninstalling (except that uninstalling will terminate a running Spybot-S&D as well of course).

See also:
Fast User Switching during a scan
Terminal Services & user profiles
Click to expand...
In other words when running a scan or if you have aborted a scan don't log onto another user.

__________

mriggins said:
... Also, I restarted the computer and got a popup from spybot sd that reads:
Category: Winlogon
Change: Value Changed
Entry: Default User Name
Old Data: <my profile name>
New Data: <my fiance's profile name>

Is this a result of spybot or a virus? Any help would be appreciated.
Click to expand...
In a multiple users system Windows changes the DefaultUserName in the following registry key when you log off of one account and log onto another.

Code: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
As long as both names are actual usernames on the system, particularly the "New data" name, just allow the registry change.

I don't know the intent of having TeaTimer monitor this particular registry key unless it is to alert you that someone else has logged onto the system since your last logon.
 
You must log in or register to reply here.
Back
Top