Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Event Viewer Warning - is this important ?


23 Mar 2011   #1

Windows 7 Pro 64bit SP1
 
 
Event Viewer Warning - is this important ?

While checking for a chkdsk /f report in Event Viewr...I noticed this Warning:

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 3/23/2011 1:34:39 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Home_Desktop
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-4108063887-3821183792-568571711-1001:
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\Disallowed
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\My
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\CA

Event XML:
<Event xmlns="Error">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guido="{BEEF-RAFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2011-03-23T20:34:39.741015800Z" />
<EventRecordID>31957</EventRecordID>
<Correlation />
<Execution ProcessID="1304" ThreadID="4488" />
<Channel>Application</Channel>
<Computer>Home_Desktop</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">5 user registry handles leaked from \Registry\User\S-1-5-21-4108063887-3821183792-568571711-1001:
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\My
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\CA
</Data>
</EventData>
</Event>


Is this an issue I shout address and how ?

Thanks...TRinAZ

My System SpecsSystem Spec
.

23 Mar 2011   #2

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

Seems something goofy was going on with the authentication server.
If it only occurred the one time I wouldn't be horribly concerned over it.

A scan for malware may be in order just to be on the safe side though.
My System SpecsSystem Spec
23 Mar 2011   #3

Windows Server 2008 R2
 
 

+1. If you reboot, those handles will get released - especially if it's lsass.exe, Maguscreed's assessment is likely spot on.
My System SpecsSystem Spec
.


24 Mar 2011   #4

Windows 7 Professional 32-bit (6.1, Build 7600)
 
 

I've always gotten this in event viewer when I log off and back on. No malware here.
My System SpecsSystem Spec
Reply

 Event Viewer Warning - is this important ?




Thread Tools



Similar help and support threads for2: Event Viewer Warning - is this important ?
Thread Forum
Standby Performance - Driver warning/errors in Event Viewer Drivers
Solved Event Viewer Warning - Source e1yexpress - Event ID 27 General Discussion
WHEA-Logger event 18/19 errors in Event Viewer (W7 Home Premium) Hardware & Devices
After Updating Drivers Event Viewer Warning Hardware & Devices
Event viewer error & warning during SP1 install Windows Updates & Activation
Event viewer warning Performance & Maintenance
Boot Up Event Viewer Warning Problem Performance & Maintenance

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:42 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33