Okay, after three weeks I have a possible explanation, and a crude workaround. But I'd still like to know what's happening and how to fix it properly.
Possible cause: On MrGreg's thread about locked user hives, PepiMK mentions a command-line parameter, /nouserhives, apparently documented only in the OpenSBI wiki. PepiMK also mentions, "On machines with Terminal Services, this is even the default." The behavior /nouserhives is supposed to cause is exactly the behavior I'm complaining about.
Is it possible for /nouserhives to unintentionally become the default on a standard Windows XP machine? If so, is there a way to defeat it? BTW, I've tried the /allhives parameter, and Spybot still doesn't detect or load the user account hives.
Crude workaraound: Before I run Spybot 1.6 from an admin account, I run a batch file with the following single command. This manually loads all the user hives under keys named zzz-username:
Code:
for /f "usebackq tokens=1-4 delims=\" %%i in (`dir/s/a-d/b "c:\documents and settings\ntuser.dat"`) do reg load "hku\zzz-%%k" "%%i\%%j\%%k\%%l"
After I'm done with Spybot, I unload all the user hives by running another batch file with the command:
Code:
for /f "usebackq tokens=3 delims=\" %%i in (`dir/s/a-d/b "c:\documents and settings\ntuser.dat"`) do reg unload "HKU\ZZZ-%%i"
Once again, can anybody tell me why Spybot 1.6 is ignoring all of the user hives on some of my XP machines, and what else I can do about it?
Thanks!
Jay