• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Modified user profile?

Joined
Oct 28, 2018
Messages
565 (0.23/day)
Location
Zadar, Croatia
System Name SloMo
Processor G4560
Motherboard MSi H110-PRO-D
Cooling LC-CC-95 @ Arctic Cooling fan
Memory 2X Crucial DDR4 2400 4GB
Video Card(s) Integrated HD 610
Storage WD 500 GB + Seagate 500 GB + Toshiba 3 TB
Display(s) Lenovo D221
Case Corsair Carbide 100R
Audio Device(s) Manhattan Flex BT Headphones, Encore P-801 stereo speakers
Power Supply Corsair CX450M
Mouse microsoft office mouse
Keyboard Modecom mc-800m
Software Windows 10 Pro x64
Benchmark Scores gorstak @ hwbot.org
Uhm, I've been using the builtin administrator account on my pc, and noticed something strange days after clean install. When I log out, there are two almost identical user profiles! Both are called administrator, however when I logon to the other one there is no sysprep window. Everything else is the same, desktop background, apps installed, however my programs settings are default, and not the way I have set them to be. This led me to beleive someone copied my account, modified it in some manner, possibly allowing remote access, then returned it to me to use. I don't Know what was originally in users folder, but I did find a folder called hidden, within roaming/Microsoft subfolder, and a file called rasphone.pbk. After googling, it seems this is a dial up phonebook used by rasphone.exe. I do have 2 phone lines in my apartment, and I don't normally use the other one. What am I dealing with here, and how do I solve the issue?
 
This literally correlated to what I told you last week, that you were in sysprep mode. Windows as far as it is technically concerned has never been setup OOBE has been bypassed. I literally go into detail about this in my sysadmin channel on YouTube, and my link in my sig regarding diagnostic drives.

That account is not made up. That account will not be the same. Any account on that unit built in or created will pull from the “default” hidden profile, which is generally modified during sysprep phase. That is what windows copies default data from.
 
Last edited:
They probably broke in through the workgroup!
 
I really feel like a zombie sometimes :D
 
Back
Top