Ways and means...
You take your PC to a repair store, and describe the problem. OK. They should ask you (if you are nice to them) if you made a backup, and or/you request them to. By that, they are going to take a glimpse of (under windows) my documents, documents & settings (looking for the outlook / outlook express / thunderbird mailstores, address book & favorites), and have a cursory glance at the filesystem to see where else the user has hidden their files, especially as the system is probably going to get reformatted before being handed back to the customer.
Looking at the browser favorites is also a good trick of checking out the system health, as if it's filled with pr0n shortcuts, then there is a chance that the machine is contaminated with malware... (Oh, sorry, I did not know that you were into hamsters & duck tape, but I understand why you are getting a lot of wierd popup windows....)
On the other hand, running a potentially infested machine is not a good idea: Depending on what nasty was making the user bring the system in for repair may not be detectable / repairable from the user's OS (rootkit, infected system files...) - and that when operating, the nasties could be doing more evil on the system... oh, and certainly do not connect to your LAN, as then the system could be pumping spam or trying to infect the rest of your company while you are trying to find out WTF is happening...
Then suddenly...
God invented USB/IDE interface cables!
Take the drive out and connected to a diagnostic system, that can also be used to take a copy of all the users files off the system pending format & reinstall...
a) No customer software will be spying on you
b) No evilware can run
c) You have better access to the drives files (unless they encrypted their files...)
d) You can check the drive for errors & quick format before reinstalling...
e) While the format is running on your test system, you can do run memtes86 on their PC...