urgent computer help needed

Surfer

Surfer

Surfer

Soldato
Joined
31 Dec 2005
Posts
11,179
Location
Glasgow
:(Hi, i hope one of the ocuk computer geniuses can help here.

Basically at least 100 files have disappeared from my work computer.
Settings seem to have been reset e.g. internet saved favourites, homepage etc


They were all saved onto the desktop. Only 2 people use this pc during work. Myself and someone else. This other person is away on holiday

Our NHS it team say theres nothing that can be done to get them back.
And theres no way to tell who it was or what happened.
They basically dont know what happened.

Help - im sure there must be some kind of timestamp or log on a pc which will be able to tell me who accessed the pc last. Or a sort of electronic trail to find out what they were doing?

A lot of work has just disappeared. Last time i was on the pc was on friday and everything was fine. Basically over the weekend its theoretically possible for someone to come into the library and log in. More likely is that it was done via remote access. (Winvnc)

Any way to get these files back? and to find out who did this?
 
Get searching in Windows and Software forum for recovery software, you can get it back even if its a roaming profile on a domain.
 
ok thanks ill do that. I have heard of programs that recover lost data so i was surprised the IT person told me "nope cant do it"
 
Depending on how your files are stored and how your access is managed you might be able to do the following. If your tech team has already said it's not poss tho then you may be up a certain creek without a paddle.

Anyway, if you know when you logged on last, you could perhaps check the security log in Event Viewer to see if anyone else has been on there in the meantime. I think it will tell you the user account that logged in too.

As for the files, isn't there a Norton program that can recover files that have been emptied from the recycle bin as they're still recoverable to an extent aren't they? Sorry if that's a bit vague! Not used it for ages!
 
Google - 'getdataback ntfs' - should be first link, Think its about $20 but if the info is that important.... Is a top program :D
 
sist_si said:
Depending on how your files are stored and how your access is managed you might be able to do the following. If your tech team has already said it's not poss tho then you may be up a certain creek without a paddle.

Anyway, if you know when you logged on last, you could perhaps check the security log in Event Viewer to see if anyone else has been on there in the meantime. I think it will tell you the user account that logged in too.

As for the files, isn't there a Norton program that can recover files that have been emptied from the recycle bin as they're still recoverable to an extent aren't they? Sorry if that's a bit vague! Not used it for ages!
Click to expand...


OK - i think i know whats happened *embarrassed*

had a check of logs of event viewer for this morning
and found these:

from the APPLICATION folder (the system folder has some weird stuff)

0906am

Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

0907

Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.
DETAIL - The process cannot access the file because it is being used by another process.

0907am

The description for Event ID ( 1 ) in Source ( MBSA ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Security analysis complete.

0907

Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on

0907

Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

0908

Product: WebFldrs XP -- Configuration completed successfully.

0908am

Windows saved user XXXX registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


ill have a look at the system folder - it looks like for whatever reason it was unable to load my profile....

 
Login as Administrator then browse to C:\Documents and Settings\<USERNAME>\Desktop and see if your documents are there.
 
from the event viewer - system folder

the error messages are as follows:

0908am

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\SE.

0915

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WS2_32.DLL.

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\AEXPRCSSAP.

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\NLS\ENGLIS.

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\PROGRAM FILES\ADOBE\PHOTOSH.

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\NTDLL.DLL.

0949am

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\NOVNPNT.DL.

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\PROGRAM FILES\SOPHOS\REMOTE.

The InterCheck driver failed to scan the file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\NALDESK.EX.

0950 WARNING message

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

1019am

Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system.

Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80.DLL. Reference error message: The operation completed successfully.


going to log off and back on again - (yes tried this the first time)


 
Dano said:
Login as Administrator then browse to C:\Documents and Settings\<USERNAME>\Desktop and see if your documents are there.
Click to expand...

WOW - uhmm yep found em :D :o thanks a lot dude - saved me a LOT OF WORK.

I guess the reason they dont appear on the desktop is because its a temp profile? The IT person didnt suggest any of these things :confused:
 
Last edited:
bledd. said:
if you'd done a file search, it would have told you that they were there
Click to expand...

i couldnt remember the names of the files there were so many unfortunately.

But yeah if i had slowed down a bit and not just immediately phoned IT then the common sense thing is that its obvious my profile hadn't loaded properly DUH as the files dont just disappear lol....oh well live and learn :o

Thanks for the fast help OCUK :D Much much better than our IT Support (at one point IT were refusing to answer calls and asking us to call back later)

on a sidenote : if this was a test of our it helpdesk uhmm i dont really know what to say
 
Work should really be stored on a server not locally... But you would need a decent IT Team to have that ability. :o

Surfer said:
on a sidenote : if this was a test of our it helpdesk uhmm i dont really know what to say
Click to expand...

To be fair I take that attitude with anyone that rings up saying that they lost all the files off they're desktop. Everyone at the college here knows not to save anything locally. :o

Can you tell I'm having the best of days? :rolleyes:
 
You must log in or register to reply here.
Back
Top Bottom