New
#1
Event Viewer Warning - is this important ?
While checking for a chkdsk /f report in Event Viewr...I noticed this Warning:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 3/23/2011 1:34:39 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Home_Desktop
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-4108063887-3821183792-568571711-1001:
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\Disallowed
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\My
Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\CA
Event XML:
<Event xmlns="Error">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guido="{BEEF-RAFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2011-03-23T20:34:39.741015800Z" />
<EventRecordID>31957</EventRecordID>
<Correlation />
<Execution ProcessID="1304" ThreadID="4488" />
<Channel>Application</Channel>
<Computer>Home_Desktop</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">5 user registry handles leaked from \Registry\User\S-1-5-21-4108063887-3821183792-568571711-1001:
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\My
Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\CA
</Data>
</EventData>
</Event>
Is this an issue I shout address and how ?
Thanks...TRinAZ