TechSpot

Bad config info bsod - crash analysis

By apeiron83
Sep 19, 2013
Post New Reply
  1. Hello,

    I experience this error and successfully fixed using USB disk recovery tool and repair

    My specs:
    - win7 home premium, 64 bit, 6 GB RAM, intel i7, fujitsu lifebook A series , 500 GB
    - my laptop is constantly connected to fujitsu led tv
    - main screen is on LED TV
    - close lid option is sleep when plugged


    my case:
    date happened - sept. 18, 2013, 2:49 pm
    last I remember windows update was Windows Defender
    I checked in the event viewer, it says
    source: user profile service
    my partner close the lid while shutting down.


    question:
    1. what are the tools that will help me check my overall system after I repaired this, software and hardware and unnecessary software running and installed
    2. if registry was the problem, is it caused by updates, current software antivirus or improper shutdown

    my theory:
    causes are:
    1. shutting down while closing lid, not properly shutting down
    2. avira
    3. windows update
    4. bittorent
    5. vga connected constantly to led tv (primary screen)


    Event viewer reports:

    Log Name: Application
    Source: Microsoft-Windows-User Profiles Service
    Date: 18/09/2013 2:48:57 PM
    Event ID: 1530
    Task Category: None
    Level: Warning
    Keywords:
    User: SYSTEM
    Computer: ebola
    Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    3 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1012:
    Process 8384 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
    Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\SystemCertificates\MY

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
    <EventID>1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-09-18T10:48:57.318019100Z" />
    <EventRecordID>47910</EventRecordID>
    <Correlation ActivityID="{036F6C40-F800-0000-467F-D969B7B3CE01}" />
    <Execution ProcessID="1064" ThreadID="12988" />
    <Channel>Application</Channel>
    <Computer>ebola</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1012:
    Process 8384 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
    Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\SystemCertificates\MY
    </Data>
    </EventData>
    </Event>



    Log Name: Application
    Source: Microsoft-Windows-User Profiles Service
    Date: 18/09/2013 2:49:17 PM
    Event ID: 1530
    Task Category: None
    Level: Warning
    Keywords:
    User: SYSTEM
    Computer: ebola
    Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    2 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1001:
    Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\SystemCertificates\My

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
    <EventID>1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-09-18T10:49:17.482805500Z" />
    <EventRecordID>47912</EventRecordID>
    <Correlation ActivityID="{036F6C40-F800-0000-ED7E-D969B7B3CE01}" />
    <Execution ProcessID="1064" ThreadID="10188" />
    <Channel>Application</Channel>
    <Computer>ebola</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1001:
    Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\SystemCertificates\My
    </Data>
    </EventData>
    </Event>

    Hope you can help advise.

    Thanks to all! cheers!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...