Spybot 1.6 locking user registry hives
- Thread starter MrGreg
- Start date
1.6.1.37 now online 
Official 1.6.1?
We need feedback on TeaTimer still.
Official 1.6.1?
We need feedback on TeaTimer still.
Hi PepiMK,
I have just tested 1.6.1.37. The SID hive unloading still looks good on this release. I do not use TeaTimer so I can not help with any feedback. What I mean buy an official release is the non beta release that will be available for download on the main download page. When do think that will be available for all? Thanks for your support.
I have just tested 1.6.1.37. The SID hive unloading still looks good on this release. I do not use TeaTimer so I can not help with any feedback. What I mean buy an official release is the non beta release that will be available for download on the main download page. When do think that will be available for all? Thanks for your support.
Eureka! I've been struggling with User Profile problems for weeks, seeking help from techie friends and even from Microsoft Support (since the trouble started after updating to SP3 for XP, altho in retrospect that might have been coincidental.) I have SpyBot 1.6.0.30 and also AVG Free 8.0.175. Originally had 2 User accounts (both Administrative), neither of which had any problems for >3 yrs. After XP3 update and SpyBot download, one of the user account profiles was inaccessible, and Windows loaded that user with a default user profile. I then created a new user account to start fresh, but this morning after doing a SpyBot update, THAT user profile also wouldn't load its settings.
I've read this entire thread, and wonder what to do now - will downloading the new SpyBot patch (1.6.1.37 ?) fix everything? Where best to download it? Or, if I need to edit the registry using regedit, which PE_C keys should be deleted, and which saved?
Please help, this whole thing has been so very frustrating. I thought this was an XP SP3 problem all along and am surprised that SpyBot is involved. Maybe AVG is, too?
I've read this entire thread, and wonder what to do now - will downloading the new SpyBot patch (1.6.1.37 ?) fix everything? Where best to download it? Or, if I need to edit the registry using regedit, which PE_C keys should be deleted, and which saved?
Please help, this whole thing has been so very frustrating. I thought this was an XP SP3 problem all along and am surprised that SpyBot is involved. Maybe AVG is, too?
This happens wheneven Spybot closes "not normally", but the situatios should be solved after a reboot, just fast user switching and logoff/login situations should be affected when something has "killed" Spybot (like thep udate which forces Spybot a bit harsh to close).
Other applications, especially security/monitoring applications, might be "at fault" as well because they detect the loaded registry and look into it when Spybot tries to unload it again.
Please do not delete any PE_C_ keys. They should be no longer loaded after a reboot.
If you want to use this file, the archive includes just SpybotSD.exe, which needs to be extracted to C:\Program Files\Spybot - Search & Destroy\, replacing the SpybotSD.exe that is there. You probably need to make hidden and system files visible in Explorer to do that.
Other applications, especially security/monitoring applications, might be "at fault" as well because they detect the loaded registry and look into it when Spybot tries to unload it again.
Please do not delete any PE_C_ keys. They should be no longer loaded after a reboot.
If you want to use this file, the archive includes just SpybotSD.exe, which needs to be extracted to C:\Program Files\Spybot - Search & Destroy\, replacing the SpybotSD.exe that is there. You probably need to make hidden and system files visible in Explorer to do that.
Hi Madeline,
I just wanted to comment on your problem. I partially disagree with PepiMK about the PE_C keys. Under normal circumstances if the PE_C keys do not get unloaded when Spybot terminates, they will be removed after a reboot. However two of my clients that use Spybot, had the PE_C key get stuck in such a way that a reboot did not remove the stuck keys. Others that posted in this thread also experienced a stuck PE_C key that was not removed after reboot. In this case you will need to use Regedit to remove the stuck keys.
First reboot the machine. Log in to an account that has Administrative privileges (Not the account you are having trouble with). Do not run Spybot after reboot. Then run regedit and expand the HK_USERS hive. If you see any PE_C keys then these keys are stuck and need to be removed. Highlight the PE_C keys one at a time. The click on File in the menu bar and select Unload Hive. Click yes to the confirmation message and the hive will be unloaded. You will now be able to login to the account(s) that were inaccessible. Hope this helps...
I just wanted to comment on your problem. I partially disagree with PepiMK about the PE_C keys. Under normal circumstances if the PE_C keys do not get unloaded when Spybot terminates, they will be removed after a reboot. However two of my clients that use Spybot, had the PE_C key get stuck in such a way that a reboot did not remove the stuck keys. Others that posted in this thread also experienced a stuck PE_C key that was not removed after reboot. In this case you will need to use Regedit to remove the stuck keys.
First reboot the machine. Log in to an account that has Administrative privileges (Not the account you are having trouble with). Do not run Spybot after reboot. Then run regedit and expand the HK_USERS hive. If you see any PE_C keys then these keys are stuck and need to be removed. Highlight the PE_C keys one at a time. The click on File in the menu bar and select Unload Hive. Click yes to the confirmation message and the hive will be unloaded. You will now be able to login to the account(s) that were inaccessible. Hope this helps...
As for resources, MS says that XP etc. do not have a registry size limit any more. But I already wrote about that
Sorry for the slight thread jack, but at what point did you experience the problems. According to windows my profile is 2.39GB and the wifes is 1.98GB. I figured the two profiles would allow her to be able to install things she like without affecting my installs and settings very much. Also, maybe I missed it, seven pages of reading does that, but does the version that you download from the main download page have the /noprofile (or what ever it was) set or do I need to update my shortcuts untill the next version is out?
Could someone please take a look at the first half of another thread I started, Titled; Problems After Updating? Reading this thread here makes me think I may have a similar issue, but I'm not advanced enough to tell. Just the first half of the thread. I'm using version 1.6.0.31 WinXP home SP3. Here's the link;
http://forums.spybot.info/showthread.php?t=35866
Thanks
http://forums.spybot.info/showthread.php?t=35866
Thanks
User Profile trouble
Hi Mr. Greg,
Thanks for commenting. I agree that rebooting does not fix whatever problem I have, since I've rebooted and also completely shut down many times over the past few weeks. The new user account that I set up earlier is now working again, so that one might have been somehow repaired with a reboot. But my main (old) user account (which has 1.42 GB of important data) still won't let me open any files or programs.
Using the new user account, I could not find any PE_C keys under the HKEY_USERS section using Regedit - there were a bunch of different folders there, starting with ".DEFAULT" and then lots of folders with numbers similar to 5-1-5-18. All of these folders contained different folders, and I'm wondering if the PE_C keys might be somewhere inside one of those? (I'm not that familiar with registry folders, as you can tell). One question: If you adjust the registry using one (administrative) User account, does the change apply to all other user accounts on the computer?
I did finally get a suggestion from a MS Tech, to rename (in Safe Mode) the UsrClass.dat file (found in C:\Documents and Settings\problem user account\Local Settings\ApplicationData\Microsoft\Windows\for the problem user account to UsrClass.datold. For some reason, I could not rename the file in Safe Mode - my keyboard input was not recognized at the cursor in the file rename box. I rebooted and renamed the file in regular mode, but it didn't fix anything.
(Of course I changed the settings so that all the hidden files and system files are displayed.)
I'm wondering if Uninstalling Spybot might help, although I'm reluctant to do that, but I'm getting desperate. Also, what about AVG Free 8.0, maybe I should uninstall that? It gets so complicated, all in the name of security.....
Any ideas will be much appreciated!
Hi Mr. Greg,
Thanks for commenting. I agree that rebooting does not fix whatever problem I have, since I've rebooted and also completely shut down many times over the past few weeks. The new user account that I set up earlier is now working again, so that one might have been somehow repaired with a reboot. But my main (old) user account (which has 1.42 GB of important data) still won't let me open any files or programs.
Using the new user account, I could not find any PE_C keys under the HKEY_USERS section using Regedit - there were a bunch of different folders there, starting with ".DEFAULT" and then lots of folders with numbers similar to 5-1-5-18. All of these folders contained different folders, and I'm wondering if the PE_C keys might be somewhere inside one of those? (I'm not that familiar with registry folders, as you can tell). One question: If you adjust the registry using one (administrative) User account, does the change apply to all other user accounts on the computer?
I did finally get a suggestion from a MS Tech, to rename (in Safe Mode) the UsrClass.dat file (found in C:\Documents and Settings\problem user account\Local Settings\ApplicationData\Microsoft\Windows\for the problem user account to UsrClass.datold. For some reason, I could not rename the file in Safe Mode - my keyboard input was not recognized at the cursor in the file rename box. I rebooted and renamed the file in regular mode, but it didn't fix anything.
(Of course I changed the settings so that all the hidden files and system files are displayed.)
I'm wondering if Uninstalling Spybot might help, although I'm reluctant to do that, but I'm getting desperate. Also, what about AVG Free 8.0, maybe I should uninstall that? It gets so complicated, all in the name of security.....
Any ideas will be much appreciated!
User Profile trouble
Thanks for commenting. What happened to the beta "hot fix" for user profile problems mentioned earlier, is that no longer available? Rebooting does not help. (Yes, all hidden and system files are visible.) Do you think a complete Uninstall of Spybot might help?
Thank you!
Thanks for commenting. What happened to the beta "hot fix" for user profile problems mentioned earlier, is that no longer available? Rebooting does not help. (Yes, all hidden and system files are visible.) Do you think a complete Uninstall of Spybot might help?
Thank you!
Hi Madeline,
Does this mean that when you log into the old account it is creating a temporary profile or you are able to log in without Windows creating a temporary profile and you can not access files or programs?
No the PE_C keys are located at the same level as .DEFAULT and the other S-15- keys. So if you did not see any then your account(s) should not be locked.
That depends on which section of the registy you are changing. The HKEY_CLASSES_ROOT and HKEY_LOCAL_MACHINE are used by all accounts on the machine. HKEY_CURRENT_USER only applies to the account that is current logged in. In HKEY_USERS each folder applies to to a different account.
No uninstalling Spybot and AVG will not solve your problem. Please let me no the answer to my first question about can you log in to your old account or is it creating a temporary profile when you try to login. With this answer I can help you proceed.
The link to the latest beta version is here 1.6.1.37 is here http://forums.spybot.info/downloads.php?id=37
This version will keep the accounts from ever getting locked but will not solve your immediate problem of getting you old account going.
Does this mean that when you log into the old account it is creating a temporary profile or you are able to log in without Windows creating a temporary profile and you can not access files or programs?
No the PE_C keys are located at the same level as .DEFAULT and the other S-15- keys. So if you did not see any then your account(s) should not be locked.
That depends on which section of the registy you are changing. The HKEY_CLASSES_ROOT and HKEY_LOCAL_MACHINE are used by all accounts on the machine. HKEY_CURRENT_USER only applies to the account that is current logged in. In HKEY_USERS each folder applies to to a different account.
No uninstalling Spybot and AVG will not solve your problem. Please let me no the answer to my first question about can you log in to your old account or is it creating a temporary profile when you try to login. With this answer I can help you proceed.
The link to the latest beta version is here 1.6.1.37 is here http://forums.spybot.info/downloads.php?id=37
This version will keep the accounts from ever getting locked but will not solve your immediate problem of getting you old account going.
Last edited:
Hi K-Rock,
The /nouserhives is in the release that you download from the main download page. This switch is not enabled by default you must update your shortcuts if you wish to use it. Here is a link to the explanation of the switch. http://wiki.spybot.info/index.php//nouserhives
An alternative would be to download the latest beta SpybotSD.exe and replace it. You may find it here. http://forums.spybot.info/downloads.php?id=37
The /nouserhives is in the release that you download from the main download page. This switch is not enabled by default you must update your shortcuts if you wish to use it. Here is a link to the explanation of the switch. http://wiki.spybot.info/index.php//nouserhives
An alternative would be to download the latest beta SpybotSD.exe and replace it. You may find it here. http://forums.spybot.info/downloads.php?id=37
The "which should I delete" made me extra-careful there, so I just shouted "stop"
You pointed at unloading, which would be the correct description and action, thanks
The "profile" does not equal the registry. What counts in regards to the registry size is the ntuser.dat file inside the profile, which might be around 1 to 2 MB on a standard installation without too many "experiments". Ever the time, while Windows is used over the years and you try this and that, it might grow to 5 to 10 MB based on the amount of things you do. The limits I eperienced where somewhere around 120 MB, which would mean quite a lot of user accounts over quite a lot of time.
But: the extension to which software uses the registry varies.
I think we need some more error details now. Since below you wrote that you do not see any PE_(drive letter)_ keys in HKEY_USERS, the problem might be something else.
You wrote that you old iser account does not let you open programs or files. Does that mean you can login using it? Previously you wrote that it was inaccessible or would not load settings. Could you let us know which error message you receive exactly at which point? Error during login? When starting programs? ...
S-1-5-18, S-1-5-19 and S-1-5-20 are system accounts which are used internally by Windows; please do not touch them! .DEFAULT is, well, a default settins template, please do not touch that either.
S-1-5-21-...-...-500 is the system administrator account. S-1-5-21-...-...-501 usually the "Guest" account.
Regularly created user accounts start at S-1-5-21-...-...-1000.
user account problem
Hi Mr.Greg & PepiMK,
Thanks for commenting on my user account problems. Yes, now I can log on to my (old, corrupted) administrator user account, but cannot access any of my programs (i.e., MS Office, Photoshop, Dreamweaver, FileZilla, Adobe Reader). The pop-up error message is always the same: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I can open .txt and .jpg files, yipee.
I also cannot access the internet from this user account, since IE 7 appears to be stuck in a loop trying to access "http://runonce.msn.com/runonce.3aspx." (This seems to be associated with a "Customize Your Settings" page.) I can connect if I run IE without browser add-ons (by right-clicking on the IE desktop shortcut and selecting "Start without Add-ons"). Then going to "Tools > Manage Add-ons > Add-ons currently loaded in IE", there are 10 listed. I don't know much about these, but 3 look questionable to me, and I figured I could disable one at a time and see if that helped the IE7 situation. Unless you have some better ideas!
All programs and IE7 work normally in the other original administrator account on this PC (my better half's), AND in the new administrator account I set up for myself when the troubles began with my original (3 yr. old) account. Something just messed up my own account - whether it was the XP SP3 download combined with Spybot update, and maybe even AVG 8, who knows?
I guess transferring all my old files to the new administrator account is a solution, though tedious, but being burdened with a scientific mind, remaining questions are always troublesome.
I will completely understand if you guys want to bow out - it is so frustrating, and boring, and life is too short. (I'm thinking a Mac, and Safari, next time.)
Hope you're all having a good weekend, in this great weather (in DE anyway).
Hi Mr.Greg & PepiMK,
Thanks for commenting on my user account problems. Yes, now I can log on to my (old, corrupted) administrator user account, but cannot access any of my programs (i.e., MS Office, Photoshop, Dreamweaver, FileZilla, Adobe Reader). The pop-up error message is always the same: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I can open .txt and .jpg files, yipee.
I also cannot access the internet from this user account, since IE 7 appears to be stuck in a loop trying to access "http://runonce.msn.com/runonce.3aspx." (This seems to be associated with a "Customize Your Settings" page.) I can connect if I run IE without browser add-ons (by right-clicking on the IE desktop shortcut and selecting "Start without Add-ons"). Then going to "Tools > Manage Add-ons > Add-ons currently loaded in IE", there are 10 listed. I don't know much about these, but 3 look questionable to me, and I figured I could disable one at a time and see if that helped the IE7 situation. Unless you have some better ideas!
All programs and IE7 work normally in the other original administrator account on this PC (my better half's), AND in the new administrator account I set up for myself when the troubles began with my original (3 yr. old) account. Something just messed up my own account - whether it was the XP SP3 download combined with Spybot update, and maybe even AVG 8, who knows?
I guess transferring all my old files to the new administrator account is a solution, though tedious, but being burdened with a scientific mind, remaining questions are always troublesome.
I will completely understand if you guys want to bow out - it is so frustrating, and boring, and life is too short. (I'm thinking a Mac, and Safari, next time.)
Hope you're all having a good weekend, in this great weather (in DE anyway).
Some more of my two cents on this....my issue of a Lost Local Profile ( on Limited User Account ) started after the last updates I obtained for SBS&D, on 10/27.
Have never had this problem before this date. I was going to do a System Restore back prior to the updates, but then my Spybot defs would be outdated hence forth. It sounds like I'm lucky here, that a reboot unlocked whatever was (to my untrained eye, sounds like Sbybot was ) holding my Local Profile in limbo.
I have not tried to recreate the problem, since reading this thread, it all sounds dicey. One of the odd things about the last list of updates (from 10/27), was an IE plugin update-SDHelper and a TeaTimer update-TeaTimer, both dated 9/24(Sept. 24th).
Is this worth noting.....that this problem ONLY started after the last updates?
Thanks...still way over my head......
Have never had this problem before this date. I was going to do a System Restore back prior to the updates, but then my Spybot defs would be outdated hence forth. It sounds like I'm lucky here, that a reboot unlocked whatever was (to my untrained eye, sounds like Sbybot was ) holding my Local Profile in limbo.
I have not tried to recreate the problem, since reading this thread, it all sounds dicey. One of the odd things about the last list of updates (from 10/27), was an IE plugin update-SDHelper and a TeaTimer update-TeaTimer, both dated 9/24(Sept. 24th).
Is this worth noting.....that this problem ONLY started after the last updates?
Thanks...still way over my head......
Hi Madeline,
It sounds like you have a permissions problem. It could either be file or registry permissions. Since you can access programs from your new account, I am guessing that it is registry permissions. I am uncomfortable in directing you to change registry permissions. If you make a mistake you could render your system useless. I think the best course of action is to copy your files over into your new account. Please let me no how it goes and if I can further assist you...
It sounds like you have a permissions problem. It could either be file or registry permissions. Since you can access programs from your new account, I am guessing that it is registry permissions. I am uncomfortable in directing you to change registry permissions. If you make a mistake you could render your system useless. I think the best course of action is to copy your files over into your new account. Please let me no how it goes and if I can further assist you...
Hi Patmac,
The updates and your user profile locking are coinsidental. I say this because I was able to lock my profile in testing without ever running a scan.
In this case the definitions did not come into play. I just ran Spybot and then exited without scanning. It does not happend everytime so it may not lock your other account profiles. Hope this helps...
The updates and your user profile locking are coinsidental. I say this because I was able to lock my profile in testing without ever running a scan.
In this case the definitions did not come into play. I just ran Spybot and then exited without scanning. It does not happend everytime so it may not lock your other account profiles. Hope this helps...
Is this issue dead?
I'm respectively struggling with why my situation is "coincidental":red:
I always follow the same routine....log out of the Limted User account, log onto the Admin account, download any updates, disable the network connection, run the scans, if all is clean I create a system restore point, enable the network connection, log out of the Admin account, then into the Limited User account to face the web.
Never, until last week(after SBS&D up dates, then scan) have I had a "lost or corrupt local profile" issue.
Today I changed things up alittle, and checked after scanning with AVG, MalwareBytes, and Ad-Aware...logging out of the Admin account, into the Limited User account successfully after each. It wasn't until after SBS&D's scan does it happen.
I checked Task Manager on the Admin account, while the local profile was locked/lost, and found TeaTimer was using 100% of the CPU. Once I rebooted the system, that stopped, even while TeaTimer was enabled...
Does this mean, if I want to continue using SBS&D, I need to kill TeaTimer after everytime I scan with Spybot? Sorry, but that's nuts.
That's why I'm revisiting this thread, hoping, the MANY people smarter than me(that's not hard) here can help....
As you can tell from my posts, I have very limited knowledge here, that said, I need an app that I don't have to try and figure out too many things, I do enough of that at work.
Thanks again for your time...
I'm respectively struggling with why my situation is "coincidental":red:
I always follow the same routine....log out of the Limted User account, log onto the Admin account, download any updates, disable the network connection, run the scans, if all is clean I create a system restore point, enable the network connection, log out of the Admin account, then into the Limited User account to face the web.
Never, until last week(after SBS&D up dates, then scan) have I had a "lost or corrupt local profile" issue.
Today I changed things up alittle, and checked after scanning with AVG, MalwareBytes, and Ad-Aware...logging out of the Admin account, into the Limited User account successfully after each. It wasn't until after SBS&D's scan does it happen.
I checked Task Manager on the Admin account, while the local profile was locked/lost, and found TeaTimer was using 100% of the CPU. Once I rebooted the system, that stopped, even while TeaTimer was enabled...
Does this mean, if I want to continue using SBS&D, I need to kill TeaTimer after everytime I scan with Spybot? Sorry, but that's nuts.
That's why I'm revisiting this thread, hoping, the MANY people smarter than me(that's not hard) here can help....
As you can tell from my posts, I have very limited knowledge here, that said, I need an app that I don't have to try and figure out too many things, I do enough of that at work.
Thanks again for your time...
Have same problem
I have been reading these posts and have to join in. I had the same problem. After upgrading to 1.6.0 and running Spybot S&D as Administrator (with no one else logged in) I was not able to access my settings when logging in as a Limited user, even after rebooting. This happened on two PCs. I 'uninstalled' Spybot using Windows Restore to go back to the day before and all was well.
I did not install Tea Timer.
Windows XP Home SP3
Avast antivirus installed.
I have been reading these posts and have to join in. I had the same problem. After upgrading to 1.6.0 and running Spybot S&D as Administrator (with no one else logged in) I was not able to access my settings when logging in as a Limited user, even after rebooting. This happened on two PCs. I 'uninstalled' Spybot using Windows Restore to go back to the day before and all was well.
I did not install Tea Timer.
Windows XP Home SP3
Avast antivirus installed.