I have a Windows XP machine with 2 accounts:
- "User" – limited acc
- "Admin" – has strong password
User got a virus, that blocked access. I logined as Admin and launched regedit. I tried to load HKEY_CURRENT_USER for "User", using these instructions:
-
Highlight HKEY_USERS and then select Load Hive from the Registry menu.
-
Browse to their profile directory and select ntuser.dat or if you are editing a mandatory profile the file will be called ntuser.man
-
When prompted for Key Name, input their Username. The editor will insert the user's Registry data into HKEY_USERS under the user's name.
-
Make your changes to the registry located under this new key.
-
After you are finished making all of the registry changes, highlight key corresponding to the username and select the Unload Hive option from the Registry menu.
http://scilnet.fortlewis.edu/tech/Users/load_HKEY_USERS.htm
But it failed:
It says: "Can't load ntuser.dat.LOG: error while loading the hive". This file really exists and has 0 size. There is no User subtree under HKEY_USERS, so I presume, that Users hive is not loaded for Admin:
Then I started from Live CD, and launched regedit there. I was able to load ntuser.dat
correctly and delete the virus from autoload for User.
- How could I do it from Admin account?
- Why did the error emerge?
Best Answer
The problem is that you are attempting to mount the LOG file. You need to mount
ntuser.dat
, notntuser.dat.log
.Like you said above, you were able to mount the hive successfully, so there’s no problem; there is no problem with the log file being empty, it just means that pending registry changes were flushed to the hive when you last shut down. [1][2][3][4]
Also, I prefer the command-line tool for mounting registry hives: