Can a user folder be created in the C:\User folder if they were doing some updates over the network?
I suppose anything is possible. Do you see ntuser.dat? If so then someone logged on and the file timestamp should tell you when they last logged on.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--