Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is there any way to tell who is accessing the registry?

26 Aug 2009   #1
ben07

Windows 7 Pro x64 RTM
 
 
Is there any way to tell who is accessing the registry?

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 8/26/2009 6:00:03 AM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Home01
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-783115880-3742272611-1246857717-1000_Classes:
Process 2164 (\Device\HarddiskVolume7\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-783115880-3742272611-1246857717-1000_CLASSES

Event Xml:

1530
0
3
0
0
0x8000000000000000

1111

Application
Home01

1 user registry handles leaked from \Registry\User\S-1-5-21-783115880-3742272611-1246857717-1000_Classes:
Process 2164 (\Device\HarddiskVolume7\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-783115880-3742272611-1246857717-1000_CLASSES

I'm getting two of these yellow warnings everyday and according to MS it's OK or it's well expected to get these type of warnings in Event Viewer....but just for the sake of it, is there anyway to tell which program/software is causing these yellow warnings?

Thanks.


My System SpecsSystem Spec
.
26 Aug 2009   #2
TGSoldier

 
 

edit


...
My System SpecsSystem Spec
26 Aug 2009   #3
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by ben07 View Post
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 8/26/2009 6:00:03 AM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Home01
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-783115880-3742272611-1246857717-1000_Classes:
Process 2164 (\Device\HarddiskVolume7\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-783115880-3742272611-1246857717-1000_CLASSES
1 user registry handles leaked from \Registry\User\S-1-5-21-783115880-3742272611-1246857717-1000_Classes:
Process 2164 (\Device\HarddiskVolume7\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-783115880-3742272611-1246857717-1000_CLASSES
Hi

Nothing fishy about this.

S-1-5-21-783115880-3742272611-1246857717-1000 is a username used by svchost.exe

There is a problem though according to this part of the message:

Quote:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
One of your programs is causing a conflict by not releasing a certain service that is using the registry.

Which program we can not tell from this, because several programs that connect to the internet are masked by svchost.exe which is kind of a container for multiple processes.


Try to think back to when it started.
Then uninstall the program's that were installed since then.

A windows repair from DVD might also help.

Greetz
My System SpecsSystem Spec
.

26 Aug 2009   #4
ben07

Windows 7 Pro x64 RTM
 
 

Thanks squonksc, TGSoldier.

I really can't think of anything that would cause this...it's a new fresh installation...according to MS, it OK/accepted, but then MS won't tell you why it's OK/accepted,lol

On a Windows Vista-based client computer, the following event may be logged in the Application log:Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: Date
Event ID: 1530
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: ComputerName

Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3112862306-1016156048-4130204762-1000: Process 932 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3112862306-1016156048-4130204762-1000


This behavior occurs because Windows Vista automatically closes any registry handle to a user profile that is left open by an application. Windows Vista does this when Windows Vista tries to close a user profile.

In versions of the Windows operating system that are earlier than Windows Vista, you must install the User Profile Hive Cleanup Service (UPHClean) utility to have the same functionality. However, the UPHClean utility is incompatible with Windows Vista. Additionally, the UPHClean utility is not needed because this functionality is built into Windows Vista.

Note Event ID 1530 is logged as a Warning event. However, this behavior is expected. Usually, you can safely ignore this event.
My System SpecsSystem Spec
26 Aug 2009   #5
SquonkSC

Win7 Build 7600 x86
 
 

Ben, I'm on to something.

Would you humor me and uninstall your virusscanner/security suite?

Post back the results.

greetz
My System SpecsSystem Spec
26 Aug 2009   #6
ben07

Windows 7 Pro x64 RTM
 
 

Hi squonksc, I will and I'll post back.

1) I had MS Security Essentials Beta/updated to the latest version few days ago, but had it uninstalled 2 days ago. (NO longer using)

2) Windows 7's built in Windows Defender (ON)

3) AntiVir (ON)


I'll deactivate the above two, reboot and post back.
My System SpecsSystem Spec
26 Aug 2009   #7
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by ben07 View Post
Hi squonksc, I will and I'll post back.

1) I had MS Security Essentials Beta/updated to the latest version few days ago, but had it uninstalled 2 days ago. (NO longer using)

2) Windows 7's built in Windows Defender (ON)

3) AntiVir (ON)


I'll deactivate the above two, reboot and post back.
Uninstall Antivir, not deactivate please.

Defender can stay as is for now.

greetz
My System SpecsSystem Spec
26 Aug 2009   #8
Antman

 

This pseudo problem dates back across multiple OS. Unless you are attempting to isolate a known real problem, I would not bother.
My System SpecsSystem Spec
26 Aug 2009   #9
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by Antman View Post
This pseudo problem dates back across multiple OS. Unless you are attempting to isolate a known real problem, I would not bother.
Hi Antman

Sounds intriguing, can you direct me to an article about this issue?

Thanks.
My System SpecsSystem Spec
26 Aug 2009   #10
ben07

Windows 7 Pro x64 RTM
 
 

Well, after deactivated both Windows Defender and AntiVir, I got only one yellow warnings instead of two.

Reactivated Only Windows Defender and immediately got back two yellow warnings.

Deactivated Windows Defender and reactivated AntiVir, I got only one yellow warnings.

My conclusion, nothing to do with AntiVir, but definitely Windows Defender is causing one of the yellow warnings Event ID 1530.

I think maybe this has something to do with my blocking all Outbound Connections/Traffics in Windows built in Firewall, as I only created rules to allow IE, FireFox, ThunderBird and Windows Updates to pass thru.


Attached Images
Is there any way to tell who is accessing the registry?-ff1.jpg 
My System SpecsSystem Spec
Reply

 Is there any way to tell who is accessing the registry?




Thread Tools




Similar help and support threads
Thread Forum
.bat reg import gives error accessing the registry
Hello everyone, im new here! now, ive got a .reg file that id like to import automatically via .bat file to the registry. if i type the code myself in CMD it does work, but the same code via the .bat file refuses to add and get the error of: error accessing the registry im using the code :...
General Discussion
Error Accessing the Registry in regedit.
Running .reg file gives this error. In Regedit I also cannot create a new key (to add the contents of the .reg file manually.) I have Full Control in permissions for HKEY_USERS.
General Discussion
Registry problem after windows update and registry optimization tool
Hello sevenforum, I've already spend some time on this forum today but I can't find the solution to a particular registry problem I'm having. While windows was uploading some updates yesterday, I cleaned my registry using Iolo's system mechanic tool and that's where the problems started. (I...
Backup and Restore
BSOD On Startup / Accessing New HD / Accessing Internet
Hello all, I'm running on a relatively new install of Windows 7 64bit Ultimate. I recently (about 2-3 weeks ago) installed a new HD and decided to have a fresh start so everything was formatted followed by win 7 install. Everything has been running great up until mid day yesterday. Out of what...
BSOD Help and Support
Error accessing the registry
Hi all and merry hollidays. I got a problem you may be able to help me... Yesterday I did a fresh installation of my W7 professional. Before that I backup the things I know I need. One ot them was to backup a branch from the registry to keep some details for a program I have. Today I...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:03.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App