• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Modified user profile?

Joined
Oct 28, 2018
Messages
565 (1.48/day)
Location
Zadar, Croatia
System Name SloMo
Processor G4560
Motherboard MSi H110-PRO-D
Cooling LC-CC-95 @ Arctic Cooling fan
Memory 2X Crucial DDR4 2400 4GB
Video Card(s) Integrated HD 610
Storage WD 500 GB + Seagate 500 GB + Toshiba 3 TB
Display(s) Lenovo D221
Case Corsair Carbide 100R
Audio Device(s) Manhattan Flex BT Headphones, Encore P-801 stereo speakers
Power Supply Corsair CX450M
Mouse microsoft office mouse
Keyboard Modecom mc-800m
Software Windows 10 Pro x64
Benchmark Scores gorstak @ hwbot.org
Uhm, I've been using the builtin administrator account on my pc, and noticed something strange days after clean install. When I log out, there are two almost identical user profiles! Both are called administrator, however when I logon to the other one there is no sysprep window. Everything else is the same, desktop background, apps installed, however my programs settings are default, and not the way I have set them to be. This led me to beleive someone copied my account, modified it in some manner, possibly allowing remote access, then returned it to me to use. I don't Know what was originally in users folder, but I did find a folder called hidden, within roaming/Microsoft subfolder, and a file called rasphone.pbk. After googling, it seems this is a dial up phonebook used by rasphone.exe. I do have 2 phone lines in my apartment, and I don't normally use the other one. What am I dealing with here, and how do I solve the issue?
 

Solaris17

Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
20,963 (4.03/day)
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EK Custom
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Nvidia Titan RTX
Storage 2x 2TB Micron SSDs | 1x ADATA 128SSD | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Kone Aimo White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
This literally correlated to what I told you last week, that you were in sysprep mode. Windows as far as it is technically concerned has never been setup OOBE has been bypassed. I literally go into detail about this in my sysadmin channel on YouTube, and my link in my sig regarding diagnostic drives.

That account is not made up. That account will not be the same. Any account on that unit built in or created will pull from the “default” hidden profile, which is generally modified during sysprep phase. That is what windows copies default data from.
 
Last edited:

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
26,535 (5.20/day)
Location
Indiana, USA
Processor Intel Core i7 9900K@5.0GHz
Motherboard AsRock Z370 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB Corsair DDR4-3000
Video Card(s) ASUS Strix GTX 1080Ti
Storage 500GB Crucial MX500 + 8TB with 500GB MX500 SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
They probably broke in through the workgroup!
 
Joined
Oct 28, 2018
Messages
565 (1.48/day)
Location
Zadar, Croatia
System Name SloMo
Processor G4560
Motherboard MSi H110-PRO-D
Cooling LC-CC-95 @ Arctic Cooling fan
Memory 2X Crucial DDR4 2400 4GB
Video Card(s) Integrated HD 610
Storage WD 500 GB + Seagate 500 GB + Toshiba 3 TB
Display(s) Lenovo D221
Case Corsair Carbide 100R
Audio Device(s) Manhattan Flex BT Headphones, Encore P-801 stereo speakers
Power Supply Corsair CX450M
Mouse microsoft office mouse
Keyboard Modecom mc-800m
Software Windows 10 Pro x64
Benchmark Scores gorstak @ hwbot.org
I really feel like a zombie sometimes :D
 
Top