Hello,
I experience this error and successfully fixed using USB disk recovery tool and repair
My specs:
- win7 home premium, 64 bit, 6 GB RAM, intel i7, fujitsu lifebook A series , 500 GB
- my laptop is constantly connected to fujitsu led tv
- main screen is on LED TV
- close lid option is sleep when plugged
my case:
date happened - sept. 18, 2013, 2:49 pm
last I remember windows update was Windows Defender
I checked in the event viewer, it says
source: user profile service
my partner close the lid while shutting down.
question:
1. what are the tools that will help me check my overall system after I repaired this, software and hardware and unnecessary software running and installed
2. if registry was the problem, is it caused by updates, current software antivirus or improper shutdown
my theory:
causes are:
1. shutting down while closing lid, not properly shutting down
2. avira
3. windows update
4. bittorent
5. vga connected constantly to led tv (primary screen)
Event viewer reports:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 18/09/2013 2:48:57 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: ebola
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1012:
Process 8384 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\SystemCertificates\MY
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-09-18T10:48:57.318019100Z" />
<EventRecordID>47910</EventRecordID>
<Correlation ActivityID="{036F6C40-F800-0000-467F-D969B7B3CE01}" />
<Execution ProcessID="1064" ThreadID="12988" />
<Channel>Application</Channel>
<Computer>ebola</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1012:
Process 8384 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\SystemCertificates\MY
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 18/09/2013 2:49:17 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: ebola
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1001:
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\SystemCertificates\My
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-09-18T10:49:17.482805500Z" />
<EventRecordID>47912</EventRecordID>
<Correlation ActivityID="{036F6C40-F800-0000-ED7E-D969B7B3CE01}" />
<Execution ProcessID="1064" ThreadID="10188" />
<Channel>Application</Channel>
<Computer>ebola</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1001:
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\SystemCertificates\My
</Data>
</EventData>
</Event>
Hope you can help advise.
Thanks to all! cheers!
I experience this error and successfully fixed using USB disk recovery tool and repair
My specs:
- win7 home premium, 64 bit, 6 GB RAM, intel i7, fujitsu lifebook A series , 500 GB
- my laptop is constantly connected to fujitsu led tv
- main screen is on LED TV
- close lid option is sleep when plugged
my case:
date happened - sept. 18, 2013, 2:49 pm
last I remember windows update was Windows Defender
I checked in the event viewer, it says
source: user profile service
my partner close the lid while shutting down.
question:
1. what are the tools that will help me check my overall system after I repaired this, software and hardware and unnecessary software running and installed
2. if registry was the problem, is it caused by updates, current software antivirus or improper shutdown
my theory:
causes are:
1. shutting down while closing lid, not properly shutting down
2. avira
3. windows update
4. bittorent
5. vga connected constantly to led tv (primary screen)
Event viewer reports:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 18/09/2013 2:48:57 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: ebola
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1012:
Process 8384 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\SystemCertificates\MY
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-09-18T10:48:57.318019100Z" />
<EventRecordID>47910</EventRecordID>
<Correlation ActivityID="{036F6C40-F800-0000-467F-D969B7B3CE01}" />
<Execution ProcessID="1064" ThreadID="12988" />
<Channel>Application</Channel>
<Computer>ebola</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1012:
Process 8384 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1012\Software\Microsoft\SystemCertificates\MY
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 18/09/2013 2:49:17 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: ebola
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1001:
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\SystemCertificates\My
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-09-18T10:49:17.482805500Z" />
<EventRecordID>47912</EventRecordID>
<Correlation ActivityID="{036F6C40-F800-0000-ED7E-D969B7B3CE01}" />
<Execution ProcessID="1064" ThreadID="10188" />
<Channel>Application</Channel>
<Computer>ebola</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-237345294-1873431115-1471935305-1001:
Process 1984 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6228 (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) has opened key \REGISTRY\USER\S-1-5-21-237345294-1873431115-1471935305-1001\Software\Microsoft\SystemCertificates\My
</Data>
</EventData>
</Event>
Hope you can help advise.
Thanks to all! cheers!
