Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Event Viewer's Warnings RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Good evening,

    While searching through the Event Viewer for an answer to another problem, I came across several warnings regarding the following:

    Log Name: Application

    Source: Microsoft-Windows-User Profiles Service

    Date: 6/1/2009 7:52:46 AM

    Event ID: 1530

    Task Category: None

    Level: Warning

    Keywords: Classic

    User: SYSTEM

    Computer:

    Description:

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -

    1 user registry handles leaked from \Registry\User\S-1-5-21-3728476250-1701664626-1355148271-1001_Classes:

    Process 920 (\Device\HarddiskVolume3\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe) has opened key \REGISTRY\USER\S-1-5-21-3728476250-1701664626-1355148271-1001_CLASSES

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

    <System>

    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />

    <EventID Qualifiers="32768">1530</EventID>

    EventData Name="EVENT_HIVE_LEAK">


    and

    Description:

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -

    2 user registry handles leaked from \Registry\User\S-1-5-21-3728476250-1701664626-1355148271-1001:

    Process 920 (\Device\HarddiskVolume3\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe) has opened key \REGISTRY\USER\S-1-5-21-3728476250-1701664626-1355148271-1001

    Process 2468 (\Device\HarddiskVolume3\Program Files\Microsoft Windows OneCare Live\winss.exe) has opened key \REGISTRY\USER\S-1-5-21-3728476250-1701664626-1355148271-1001\Software\Microsoft\Internet Explorer\PhishingFilter


    All the instances of these warnings are in pairs as the one above.  Although I noticed, in my novice eye, the Phishing Filter is mentioned.  I have checked and the Phishing Filter is enabled.




    Thank you,

    Camiele

    Monday, June 1, 2009 11:24 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Looks to me like this is just complaining that these registry handles aren't being released properly, possibly at system shutdown, since the Source is "Microsoft-Windows-User Profiles Service".  If this is happening on system shutdiown/restart, it should coincide with a warning in the Events relating to the User Profile not being released, I believe this would be found in the System Events.

    If this happens only on shutdown/restart and the Phishing Filter itself appears to operate properly, I wouldn't be concerned.  If there are actually some issues with Phishing Filter operation, you might want to contact OneCare Support about it.

    OneCareBear
    Windows OneCare Forum Moderator
    Tuesday, June 2, 2009 5:26 AM
    Moderator