NTUSER.DAT Issues

Discussion in 'privacy problems' started by Mystik_TK, Jul 30, 2010.

Thread Status:
Not open for further replies.
  1. Mystik_TK

    Mystik_TK Registered Member

    Joined:
    May 29, 2004
    Posts:
    24
    Hi, everyone.

    I tried a search, but couldn't find quite what I was looking for.

    Basically, my NTUSER.DAT is becoming increasingly bloated with personal info (names, phone numbers etc) and I was wondering if there was any way to clean this sensitive information? Is there a software method or even a manual workaround to do this?

    Thanks. :)
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Only you know what you feel needs removing from the file which, of course,holds all your profile information. Each profile has a ntuser.dat file. How many profiles do you have set up and which one is bloated?

    If you need to get rid of one that's large and is a profile no longer used, be sure you don't delete simply the .dat file. Just delete the entire profile from profile settings.
     
  3. Mystik_TK

    Mystik_TK Registered Member

    Joined:
    May 29, 2004
    Posts:
    24
    I only have the one profile set up and it's my active profile, so unfortunately deleting the profile is not an option.

    Strangely enough, the personal info in the file only shows up when viewed in a text editor or something similar and does not appear. My understanding was that the NTUSER.DAT file was copy of HKEY_USERS registry hive, so it struck me as odd that I only see this data within the actual NTUSER.DAT file.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Mystik_TK

    Hi, yes you're quite right :thumb: This has been a Very serious issue for years, and i remember talking about even when i was on 98 !

    Why MS "CHOSE" to allow private etc and data NOT required to run the OS in there is VERY suspicious and stupid :thumbd:

    Please read this EXTREMELY CAREFULLY then take as much time as you like, then ONLY proceed at your own risk.

    I "believe" if we can copy NTUSER.DAT by some means, such as for eg, whilst the hard it is from is not running the OS, we can edit out, delete, that data then paste NTUSER.DAT back EXACTLY where we found it.

    Removing the HD and connecting to another comp as a Slave "might" be one way, and there must be other ways too. I have NOT tried this yet, but when i get the chance i think i will. If you do it, please post with your experiences :thumb:

    Make SURE you have FULL backup BEFORE proceeding !
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    who but you has access to that info? If nobody why is it an issue?
     
  6. Mystik_TK

    Mystik_TK Registered Member

    Joined:
    May 29, 2004
    Posts:
    24
    Clone Ranger, thanks very much. I'll give that a try? Just curious, are you suggesting to delete the data from within a text editor and if so, are you suggesting just to delete the personal info or delte the entire contents of the file?

    Cudni, no one else but me has access at the moment. However, I'm a very paranoid guy. If, for example, a hacker wound up with that file, he/she would have access to passwords, phone numbers, e-mail etc. The fact that MS allowed this data to be unknowingly collected simply bothers me and I want it removed.
     
  7. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    The data is there because you put there as and when you needed it in everyday use. If you are that paranoid then use some kind of virtual environment which you can wipe clean and reuse as you please.
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Anybody who is "able" to.

    1 - Another user/s possibly

    2 - If stolen

    3 - Forensic

    The point is, that info does NOT "NEED" to be stored in there in the first place. So why did MS make it do that, we have our suspicions and they are ALL :thumbd:

    @ Mystik_TK

    :thumb:

    NOT the entire contents of the file, otherwise it probably won't boot.

    Just the personal data, with a text editor etc.

    If you did make a mistake, as long as you have FULL backup BEFORE proceeding you should be fine.

    Looking forward to hearing how it goes :)
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Originally Posted by Cudni

    But we did NOT purposefully and knowingly put it, STORE it there, the OS does that all by itself.

    Sure good suggestion :thumb: but unless we install such software as soon as we switch on a BRAND NEW comp. then data starts mounting up from that second, and on and on day by day. So installing VTech after the fact, won't help previously stored data.
     
  10. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    The OS and software in general does what the user tells it. Imagine an OS that does not store data
     
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Yes i know what you mean, but the OS does NOT ask us if we want PERMANENT personal data stored in a file called NTUSER.DAT BEFORE it stores it. Nor does it inform us it has stored such data in there, and the implications of doing so.

    For eg, we might expect email addys to be stored in DBX etc files, and other data such as passwords to be stored in their appropriate area/s, but MS also duplicates and stores this kind of data in NTUSER.DAT :thumbd: How many people expect, or know about that, not many !
     
  12. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    I want it to store data otherwise I would use abacus. As for the things it does store then it is a matter of education for the user to access widely available information on what and how to control it.
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Originally Posted by Cudni

    :D

    That's just it though, MOST people would NOT even know about the data storage in NTUSER.DAT the first place, to then go and research etc :(
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
  15. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ LockBox

    Thanks for the link :thumb: = Nightmare = :thumbd:
     
  16. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    Whatever you do, DO NOT try to edit the NTUSER.DAT file manually. NTUSER.DAT is the binary file which stores the HKEY_CURRENT_USER branch of the registry. If Windows can't read it properly, it won't be able to load the registry into memory... which means your machine will roll back to factory settings... which will then wipe out all of your custom settings and you'll lose the functionality of your installed programs. You might as well reformat and reinstall the OS if you're going to do that. :eek:

    The solution is to go into REGEDIT and clean up the sensitive info under HKEY_CURRENT_USER, then run an app to compact/defragment the Windows registry.

    I would recommend deleting these keys in particular:

    HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
    HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags
    HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU
    HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags

    In my experience, those keys are 100% safe to delete. But depending on what programs you have installed, there's probably several more keys and/or values you will want to clean up as well. Search for words like "last" "recent" and "MRU" in the registry editor. Just be very careful about what you delete, or else you could really mess up the registry.

    Once the registry is cleaned up to your satisfaction, next you will want to run a registry optimizer such as NTREGOPT. This will synchronize your registry in memory with your physical registry hives (which includes NTUSER.DAT). The purpose is to clean up any orphaned entries or fragments of sensitive info that may still remain in your DAT hives after you've already cleaned your registry.

    After you've done all that, look at your NTUSER.DAT again, and now it should be much cleaner. However if you're still finding sensitive info in there, that means it's "spawning" from somewhere in memory (registry) so you'll need to go back into REGEDIT and find out where it's coming from. Ideally, you should try to tweak your OS and programs' settings so they don't write sensitive data into the registry in the first place, whenever possible.

    Hope this helps :)
     
  17. Mystik_TK

    Mystik_TK Registered Member

    Joined:
    May 29, 2004
    Posts:
    24
    Thanks very much for the tips. The only problem with what you suggested is that a search of the registry through regedit does not show any of this data. I don't know if there's a better way to search, but it appears that this data is exclusive to NTUSER.DAT.
     
  18. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    Mystik_TK,

    Since you couldn't find the sensitive data when searching the registry directly, most likely that means you have fragments of previously deleted registry data stuck in your NTUSER.DAT file that you need to get rid of. In that case, I would suggest just running the NTREGOPT app right away. Or if that's not compatible with your system, you could try Free Registry Defrag instead. You see, whenever you delete something from the registry, technically it just gets flagged for deletion but the actual data stays in your DAT file until it gets overwritten by something else. But if you defrag/compact the registry using the software, it will rebuild the registry tree from scratch and you'll end up with a nice clean NTUSER.DAT that is synchronized with the registry. Also just as an FYI, the NTREGOPT program automatically creates a backup of your NTUSER.DAT (as well as the other hives), so you'll probably want to delete those *.BAK files after you've rebooted successfully.
     
Thread Status:
Not open for further replies.