Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: bad config info bsod - crash analysis

19 Sep 2013   #1
kanoy83

Windows 7 64 bit
 
 
bad config info bsod - crash analysis

hello,

i experience this error and successfully fixed using USB disk recovery tool and repair

My specs:
- win7 home premium, 64 bit, 6 GB RAM, intel i7, fujitsu lifebook A series , 500 GB
- my laptop is constantly connected to fujitsu led tv
- main screen is on LED TV
- close lid option is sleep when plugged


my case:
date happened - sept. 18, 2013, 2:49 pm
last i remember windows update was Windows Defender
i checked in the event viewer, it says
source: user profile service
my partner close the lid while shutting down.


question:
1. what are the tools that will help me check my overall system after i repaired this, software and hardware and unnecessary software running and installed
2. if registry was the problem, is it caused by updates, current software antivirus or improper shutdown

my theory:
causes are:
1. shutting down while closing lid, not properly shutting down
2. avira
3. windows update
4. bittorent
5. vga connected constantly to led tv (primary screen)


Event viewer reports:

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 18/09/2013 2:48:57 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: ebola
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1012:
Process 8384 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\SystemCertificates\MY

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-09-18T10:48:57.318019100Z" />
<EventRecordID>47910</EventRecordID>
<Correlation ActivityID="{036F6C40-F800-0000-467F-D969B7B3CE01}" />
<Execution ProcessID="1064" ThreadID="12988" />
<Channel>Application</Channel>
<Computer>ebola</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1012:
Process 8384 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\SystemCertificates\MY
</Data>
</EventData>
</Event>



Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 18/09/2013 2:49:17 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: ebola
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1001:
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\SystemCertificates\My

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-09-18T10:49:17.482805500Z" />
<EventRecordID>47912</EventRecordID>
<Correlation ActivityID="{036F6C40-F800-0000-ED7E-D969B7B3CE01}" />
<Execution ProcessID="1064" ThreadID="10188" />
<Channel>Application</Channel>
<Computer>ebola</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1001:
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\SystemCertificates\My
</Data>
</EventData>
</Event>

Hope you can help advise.

Thanks to all! cheers!


My System SpecsSystem Spec
.
21 Sep 2013   #2
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

Event ID: 1530 may be logged in the Application log on a Windows Vista or newer computer

And it is not any BSOD.
Attachment 286730

Had I been there, I would have uninstall Avira. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.
My System SpecsSystem Spec
Reply

 bad config info bsod - crash analysis




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD after changing to one core, bad system config info
hej bud I get a bsod on every boot, even in safe mode. changed from 4 cores to 1 through msconfig, restarted, bsod. startup repair can't repair my PC automatically, blah blah blah last known configuration doesn't work either. can anyone help me get it running again?? edit: i will kiss you...
BSOD Help and Support
BSOD and screen freezes frequently - help Decoding crash dump analysis
I have frequent crashes and freezes so I decided to get whocrashed software to analyze the crash dump files and now have no idea what to do next. I would greatly appreciate help in decoding the analysts so I can investigate this further to hopefully fix this problem. I have a Dell Inspiron One...
BSOD Help and Support
BSOD crash usbport.sys suspected, please help with dump file analysis
I have an Asus G53JW notebook that has BSOD failures. Tried updating all drivers with Driver Reviver, run memtest86+ to check ram and checked disk with SeaTools for Windows but no faults so far. The notebook has no USB devices connected externally when the BSOD occurs, on most occasions the BSOD...
BSOD Help and Support
First BSOD watching YouTube. Crash info and dumpfile help required.
Just registered after finding it very difficult to link symbols with the WDK. I'm hoping someone will be kind enough to help me with this problem. I was watching YouTube this evening and just after I scaled the video up to 720p I received the BSOD. I'm not sure if this is linked to the crash or...
BSOD Help and Support
BSOD (Crash info included)
I've had several BSODs over the past month or so, and I don't believe I've installed anything out of the ordinary. Attached is my perfmon and BSOD file per the BSOD posting thread. My hard drive and CPU may be under load as I'm running a full system scan with MSE right now.
BSOD Help and Support
BSOD, Crash Dump Analysis
Hello, For some time now, I have been having a lot of BSODs. Like up to 5 times a day. Sometimes it happens after a long time idling, sometimes when I stress the CPU. It can happen when I close my session, try to close the computer or restart it. I had an overclock on everything, but for the...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:02.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App