I need some help here guys, I dont know if this is a Windows thing?

OK, im currently in China studying abroad. I left for a weekend to go climb a mountain and left my laptop in my hotel while i was gone. Here's what happened.
I came back and took my computer out of the case i had it in (Zeroshock). Immediately i noticed that it was in standby mode. This is VERY unlike me to leave it in standby, especially when i know im going to be leaving it in a sealed case with no ventelation. My first concern was heat. I felt the bottom and all around and there was absolutely no heat anywhere. OK... that was a relief.
Then i opened it and pressed the power button, it opened to my login screen very quickly... the only problem was that there was no where to enter my password. I always keep it password protected, and now the password was gone... i just clicked on the button to log into windows.
Now- All of my desktop icons were aligned to the left of the screen. "My recent documents" under the start menu were cleared out. No programs had any "recently viewed documents" under their "file" tab, etc. All of my programs and files seem to be in place on the hard drive, but its like all of windows settings or history was turned back to default or something.

So... could leaving it in standby for a couple days in a sealed case on its side cause anything like this? or any other physical damage to components such as my hard drive. I ran a ScanDisk, but fell asleep while it was running, when i woke up the computer was started back up to windows. Can i assume it found no errors if it started normally after the scan finished? Again... the computer was not hot at all when i found it and took it out of the case.

Is there any way i can check to see what specific activities went on with the computer while i was gone, because i am really baffeled and quite concerned that someone may have used it while i was gone. I could have sworn i had the laptop Shut Off before i left. I looked under My computer> manage> system events and it shows dates of activity 1 day after i left... but i dont know what any of the events are- anything specific i should look for? Can i find out if it was actually turned on from the off position?

I am here with other students but my roomate staying in the hotelroom with me also came with me to the mountain, and he is hardly the type to bypass windows password to login. And i find it hard to believe that a Chinese hotel attendant that speaks no enlish can get into my english layout computer... but then again, i guess you never know.

Whats your take on this guys? what else should i check for to make sure everyhting is ok? this is really bugging me.

Thanks everyone for any input

 

Unless you are running XP Pro and you have enabled auditing, you can't track any activities. You could do a search of your C drive and search by most recently modified to see what files were changed recently.

Have you checked your user data? Manage -> Local users and groups. See if your account has been changed and if any new groups were created. Have you done a virus scan and a trojan scan?

I'm guessing you always log in as an administrator. You should create a non-admin user and use that account for day-to-day tasks. If a process happens to go rogue (or someone gains access to your account), that account won't have the ability to make system-wide changes, which will protect you from the type of changes you describe. Only minor changes would be allowed (clearing recent documents list, etc).

 

I do have XP pro. is auditing enabled by default? how can i check?

Do you think there is a possibility that this was just a "process going rogue"?

Any other opinions or input would be great.

 

Audits are not enabled by default. Auditing processes isn't just a quick "turn it on" action, it's pretty indepth. I don't know of a single home user that would require auditing. Auditing would only identify the login that did the action and the time the action was done (plus a few other things).

You should definitely consider not using your admin account for daily tasks.

Without having the machine to look at, I can't really say what the cause was. Trojans/viruses are a possibility.