Guest jjjdavidson Posted September 26, 2008 Posted September 26, 2008 (Please note: This isn't a job for UPHClean. It's not a problem with users logging off.) Does anybody know how a user hive can remain loaded in HKEY_USERS even AFTER a Windows reboot (and before users have logged on)? A program running with admin privilege, a spyware scanner, directly loads all the user hives into HKEY_USERS to check registry settings for spyware. Occasionally it fails to unload the hives, and users logging on get the "Windows cannot load the locally stored profile" message. A reboot normally frees up the hives. But I am hearing scattered reports--which I haven't witnessed personally--that user hives are still loaded into HKEY_USERS even AFTER the system is rebooted. AFTER a reboot, an admin has to manually delete keys from HKEY_USERS that the spyware scanner created BEFORE the reboot. Report is that the key names in HKEY_USERS are obviously created by the spyware scanner, not the SID keys from when a user logs on. Any idea what can cause this? Thanks! Jay
Recommended Posts