AppData path changed!

In a very bizzare incident, the value of the AppData registry key at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders changed from %USERPROFILE%\Application Data to C:\Application Data.

As a result, Firefox lost all its settings as did uTorrent. I first noticed it because of uTorrent. uTorrent started up as if newly installed. I traced down the settings using ProcExp (didn’t find anything through that), RegMon (didn’t see anything with that either) and finally FileMon. FileMon showed me that uTorrent was accessing files in C:\Application Data. I know there shouldn’t be such a directory. I could see all the torrent files in the correct AppData directory. I checked the environment variables from the command prompt using set – they still showed the correct AppData. So, I restarted the computer. Now, I could see that AppData had been changed to the bizzare value above. I started up Firefox to check what the Google knows about AppData. That told me the registry location of the key. Sure enough, something had changed the value! I set it to the correct value and logged off and then on again. That set things straight.

There should be some way of auditing changes to registry values! Even the last change is helpful – maybe there could be an advanced feature that lets you track changes to certain branches or even leaves.

PS: If you know which software changed the AppData key, please leave a comment so others know what to look for to fix the issue.

Add a Comment

Your email address will not be published. Required fields are marked *