Event Viewer Warning - is this important ?


  1. trinaz
    Posts : 477
    Windows 7 Pro 64bit SP1
       New #1

    Event Viewer Warning - is this important ?


    While checking for a chkdsk /f report in Event Viewr...I noticed this Warning:

    Log Name: Application
    Source: Microsoft-Windows-User Profiles Service
    Date: 3/23/2011 1:34:39 PM
    Event ID: 1530
    Task Category: None
    Level: Warning
    Keywords:
    User: SYSTEM
    Computer: Home_Desktop
    Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
    DETAIL -
    5 user registry handles leaked from \Registry\User\S-1-5-21-4108063887-3821183792-568571711-1001:
    Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
    Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
    Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\Disallowed
    Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\My
    Process 968 (\Device\Disclaimer\Windows\System\lass's.exec) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\System Certificates\CA
    Event XML:
    <Event xmlns="Error">
    <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guido="{BEEF-RAFF-44A6-9B44-0A07A7CE5845}" />
    <EventID>1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2011-03-23T20:34:39.741015800Z" />
    <EventRecordID>31957</EventRecordID>
    <Correlation />
    <Execution ProcessID="1304" ThreadID="4488" />
    <Channel>Application</Channel>
    <Computer>Home_Desktop</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">5 user registry handles leaked from \Registry\User\S-1-5-21-4108063887-3821183792-568571711-1001:
    Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
    Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001
    Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\My
    Process 968 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-4108063887-3821183792-568571711-1001\Software\Microsoft\SystemCertificates\CA
    </Data>
    </EventData>
    </Event>

    Is this an issue I shout address and how ?

    Thanks...TRinAZ
      My Computer
    Quote Quote

  3. Maguscreed
    Posts : 6,668
    Windows 7 x64
       New #2

    Seems something goofy was going on with the authentication server.
    If it only occurred the one time I wouldn't be horribly concerned over it.

    A scan for malware may be in order just to be on the safe side though.
      My Computer
    Quote Quote

  4. cluberti
    Posts : 2,528
    Windows 10 Pro x64
       New #3

    +1. If you reboot, those handles will get released - especially if it's lsass.exe, Maguscreed's assessment is likely spot on.
      My Computer
    Quote Quote

  6. Greg S
    Posts : 824
    Windows 7 Professional 32-bit (6.1, Build 7600)
       New #4

    I've always gotten this in event viewer when I log off and back on. No malware here.
      My Computer
    Quote Quote

 

  Related Discussions
Event Viewer Warning BTHUSB
in Hardware & Devices

I just noticed that my computer is registering thousands of warnings in the Event Viewer. It started about 6.5 hours ago when I wasn't at the computer. The Event ID is 7 and the text is &quot;A hardware error occurred. The event contains the vendor-specific error code.&quot; The Source is &quot;BTHUSB&quot;. I've...
A week ago I started getting this warning errors logged three to six times or more per day in Event Viewer. Event Viewer Warning - Source is e1yexpress - Event ID is 27 Intel(R) 82567V-2 Gigabit Network Connection Link has been disconnected. Every time Event Viewer logs the e1yexpress...
After updating my drivers today I am now getting the following Warning in Event Viewer: 'An error was detected on device \Device\Harddisk0\DR0 during a paging operation.' I formatted my hd and did a clean install on Sunday and the warning wasn't there then or soon after. It didn't start to appear...
Event viewer warning
in Performance & Maintenance

what is the meaning of this message? what happens during this period is that my laptop becomes unresponsive for 20 sec and high HDD activity.how do I resolve this problem?
Boot Up Event Viewer Warning Problem
in Performance & Maintenance

I have a Dell Studio XPS 9100 computer with Windows 7 Prof (64 bit) installed. The computer appears to run okay but I notice that there is an event viewer warning each time I bootup the computer. The event viewer warning is as listed below. Any help in understanding and/or resolving the warning...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:17.
Find Us