Results 1 to 3 of 3

Thread: Event 1530, User Profile Service

  1. #1
    mhajii210 Guest

    Event 1530, User Profile Service

    Soyo SY-P4I865PE Plus DRAGON 2 motherboard
    Intel Pentium 4 3.20 GHZ HT
    2×1024MB pc3200 PNY RAM
    Windows Vista Home Premium
    PNY GeForce 7800 GS 8x AGP, 256MB (97.46 ForceWare)
    PCI Creative X-Fi XtremeMusic
    LG Flatron L1920P lcd monitor

    Hey guys. I keep getting this warning since 3/16/07 after some Windows
    Updates. Happens each time I shut down my pc. Any ideas if they are
    anything to be worried about? I haven't made any system changes other than
    Vista downloading and installing some updates.


    Log Name: Application
    Source: Microsoft-Windows-User Profiles Service
    Date: 3/29/2007 2:56:52 AM
    Event ID: 1530
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: SYSTEM
    Computer: Morad-Haj
    Description:
    Windows detected your registry file is still in use by other applications or
    services. The file will be unloaded now. The applications or services that
    hold your registry file may not function properly afterwards.

    DETAIL -
    17 user registry handles leaked from
    \Registry\User\S-1-5-21-2641106361-2081730548-1607543625-1000:
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-User Profiles Service"
    Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
    <EventID Qualifiers="32768">1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2007-03-29T09:56:52.000Z" />
    <EventRecordID>6068</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Morad-Haj</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">17 user registry handles leaked from
    \Registry\User\S-1-5-21-2641106361-2081730548-1607543625-1000:
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    </Data>
    </EventData>
    </Event>

    mhajii210

  2. #2
    Guest

    Re: Event 1530, User Profile Service

    It says that there is a badly programmed service that isn't shutting down
    when told to. Process 896 is to blame. It will be a different number each
    boot. This will probably work but may not (depends which svchost process is
    896) Got a better way.

    Type cmd in Start Run (most have to contend with UAC do what you need to
    become a real admin - I don't use UAC because I ain't clicking through 50
    dialog boxes an hour to tell people what to do)

    Type

    tasklist /svc

    To save it to a file

    tasklist /svc /fo "table" /fi "imagename eq svchost.exe"
    >"%userprofile%\desktop\Svc Host Processes.txt"


    Above is one line.

    To get help

    Tasklist /?

    Then reboot. Then read the error again and get the pid and compare it to the
    list before we shutdown. That will narrow down which service is causing a
    problem from any to only a handful. It may be possible, if the services in
    that svchost aren't critical to booting up, to disable them one by one and
    bu a process of elimination, find the one.

    But try a shortcut first. Type in Start - Run

    msconfig

    Choose Diagnostic Startup and reboot, reboot again, did the error occur on
    the secobd reboot. If not, click Help in MSConfig as it has step by step
    instructions on turning individual services on or off. If the error still
    occurs you'll have to turn the smaller list on and off in msconfig. I
    suspect they'll be microsoft ones.

    This is not an error. This is a warning. It may be important but probably
    isn't.

    Microsoft had a UserProfile tool for this situation in XP and 2000. I can't
    find anyrthing but it could be the UserProfileCleanup in Window 2003 Server
    Resource Kit. I don't know I would run something like this on Vista unless
    it said it was going to work. Before using a program that tries to outthink
    another program to prevent unknown bugs in unknown programs from affecting
    the second program, I would like to know that Vista hasn't changed that part
    of XP first. As if it screws up it may bye bye your user profile (you lose
    all settings but your files survive but you have to move them to their new
    home on the disk).


    "mhajii210" <mhajii210@discussions.microsoft.com> wrote in message
    news:09E90E88-E146-4B77-BA25-A2228BEDDE50@microsoft.com...
    > Soyo SY-P4I865PE Plus DRAGON 2 motherboard
    > Intel Pentium 4 3.20 GHZ HT
    > 2×1024MB pc3200 PNY RAM
    > Windows Vista Home Premium
    > PNY GeForce 7800 GS 8x AGP, 256MB (97.46 ForceWare)
    > PCI Creative X-Fi XtremeMusic
    > LG Flatron L1920P lcd monitor
    >
    > Hey guys. I keep getting this warning since 3/16/07 after some Windows
    > Updates. Happens each time I shut down my pc. Any ideas if they are
    > anything to be worried about? I haven't made any system changes other
    > than
    > Vista downloading and installing some updates.
    >
    >
    > Log Name: Application
    > Source: Microsoft-Windows-User Profiles Service
    > Date: 3/29/2007 2:56:52 AM
    > Event ID: 1530
    > Task Category: None
    > Level: Warning
    > Keywords: Classic
    > User: SYSTEM
    > Computer: Morad-Haj
    > Description:
    > Windows detected your registry file is still in use by other applications
    > or
    > services. The file will be unloaded now. The applications or services that
    > hold your registry file may not function properly afterwards.
    >
    > DETAIL -
    > 17 user registry handles leaked from
    > \Registry\User\S-1-5-21-2641106361-2081730548-1607543625-1000:
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    >
    > Event Xml:
    > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    > <System>
    > <Provider Name="Microsoft-Windows-User Profiles Service"
    > Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
    > <EventID Qualifiers="32768">1530</EventID>
    > <Version>0</Version>
    > <Level>3</Level>
    > <Task>0</Task>
    > <Opcode>0</Opcode>
    > <Keywords>0x80000000000000</Keywords>
    > <TimeCreated SystemTime="2007-03-29T09:56:52.000Z" />
    > <EventRecordID>6068</EventRecordID>
    > <Correlation />
    > <Execution ProcessID="0" ThreadID="0" />
    > <Channel>Application</Channel>
    > <Computer>Morad-Haj</Computer>
    > <Security UserID="S-1-5-18" />
    > </System>
    > <EventData Name="EVENT_HIVE_LEAK">
    > <Data Name="Detail">17 user registry handles leaked from
    > \Registry\User\S-1-5-21-2641106361-2081730548-1607543625-1000:
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > </Data>
    > </EventData>
    > </Event>
    >
    > mhajii210



  3. #3
    mhajii210 Guest

    Re: Event 1530, User Profile Service

    Here's what I found out thanks to you! See below for details but as it turns
    out it is WinDefend that is causing the problem. I guess I will have to
    report this to Microsoft as a bug. Thanks again for your help!

    mhajii210

    Microsoft Windows [Version 6.0.6000]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:\Users\Morad>TASKLIST /SVC /FI "IMAGENAME EQ SVCHOST.EXE"

    Image Name PID Services
    ========================= ========
    ============================================
    svchost.exe 796 DcomLaunch, PlugPlay
    svchost.exe 852 RpcSs
    svchost.exe 888 WinDefend
    svchost.exe 972 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
    svchost.exe 1064 AudioEndpointBuilder, EMDMgmt, hidserv,
    Netman, PcaSvc, SysMain,
    TabletInputService, TrkWks, UxSms,
    WdiSystemHost, WPDBusEnum
    svchost.exe 1080 AeLookupSvc, Appinfo, BITS, gpsvc, IKEEXT,
    iphlpsvc, LanmanServer, MMCSS, ProfSvc,
    RasMan, Schedule, seclogon, SENS,
    ShellHWDetection, Themes, Winmgmt, wuauserv
    svchost.exe 1248 EventSystem, LanmanWorkstation, netprofm,
    nsi, SSDPSRV, W32Time, WebClient
    svchost.exe 1352 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
    TermService
    svchost.exe 1620 BFE, DPS, MpsSvc
    svchost.exe 2432 PolicyAgent
    svchost.exe 2464 WerSvc

    Log Name: Application
    Source: Microsoft-Windows-User Profiles Service
    Date: 4/2/2007 1:22:51 AM
    Event ID: 1530
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: SYSTEM
    Computer: Morad-Haj
    Description:
    Windows detected your registry file is still in use by other applications or
    services. The file will be unloaded now. The applications or services that
    hold your registry file may not function properly afterwards.

    DETAIL -
    24 user registry handles leaked from
    \Registry\User\S-1-5-21-2641106361-2081730548-1607543625-1000:
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-User Profiles Service"
    Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
    <EventID Qualifiers="32768">1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2007-04-02T08:22:51.000Z" />
    <EventRecordID>6316</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Morad-Haj</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">24 user registry handles leaked from
    \Registry\User\S-1-5-21-2641106361-2081730548-1607543625-1000:
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    Process 888 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    </Data>
    </EventData>
    </Event>


    "." wrote:

    > It says that there is a badly programmed service that isn't shutting down
    > when told to. Process 896 is to blame. It will be a different number each
    > boot. This will probably work but may not (depends which svchost process is
    > 896) Got a better way.
    >
    > Type cmd in Start Run (most have to contend with UAC do what you need to
    > become a real admin - I don't use UAC because I ain't clicking through 50
    > dialog boxes an hour to tell people what to do)
    >
    > Type
    >
    > tasklist /svc
    >
    > To save it to a file
    >
    > tasklist /svc /fo "table" /fi "imagename eq svchost.exe"
    > >"%userprofile%\desktop\Svc Host Processes.txt"

    >
    > Above is one line.
    >
    > To get help
    >
    > Tasklist /?
    >
    > Then reboot. Then read the error again and get the pid and compare it to the
    > list before we shutdown. That will narrow down which service is causing a
    > problem from any to only a handful. It may be possible, if the services in
    > that svchost aren't critical to booting up, to disable them one by one and
    > bu a process of elimination, find the one.
    >
    > But try a shortcut first. Type in Start - Run
    >
    > msconfig
    >
    > Choose Diagnostic Startup and reboot, reboot again, did the error occur on
    > the secobd reboot. If not, click Help in MSConfig as it has step by step
    > instructions on turning individual services on or off. If the error still
    > occurs you'll have to turn the smaller list on and off in msconfig. I
    > suspect they'll be microsoft ones.
    >
    > This is not an error. This is a warning. It may be important but probably
    > isn't.
    >
    > Microsoft had a UserProfile tool for this situation in XP and 2000. I can't
    > find anyrthing but it could be the UserProfileCleanup in Window 2003 Server
    > Resource Kit. I don't know I would run something like this on Vista unless
    > it said it was going to work. Before using a program that tries to outthink
    > another program to prevent unknown bugs in unknown programs from affecting
    > the second program, I would like to know that Vista hasn't changed that part
    > of XP first. As if it screws up it may bye bye your user profile (you lose
    > all settings but your files survive but you have to move them to their new
    > home on the disk).
    >
    >
    > "mhajii210" <mhajii210@discussions.microsoft.com> wrote in message
    > news:09E90E88-E146-4B77-BA25-A2228BEDDE50@microsoft.com...
    > > Soyo SY-P4I865PE Plus DRAGON 2 motherboard
    > > Intel Pentium 4 3.20 GHZ HT
    > > 2×1024MB pc3200 PNY RAM
    > > Windows Vista Home Premium
    > > PNY GeForce 7800 GS 8x AGP, 256MB (97.46 ForceWare)
    > > PCI Creative X-Fi XtremeMusic
    > > LG Flatron L1920P lcd monitor
    > >
    > > Hey guys. I keep getting this warning since 3/16/07 after some Windows
    > > Updates. Happens each time I shut down my pc. Any ideas if they are
    > > anything to be worried about? I haven't made any system changes other
    > > than
    > > Vista downloading and installing some updates.
    > >
    > >
    > > Log Name: Application
    > > Source: Microsoft-Windows-User Profiles Service
    > > Date: 3/29/2007 2:56:52 AM
    > > Event ID: 1530
    > > Task Category: None
    > > Level: Warning
    > > Keywords: Classic
    > > User: SYSTEM
    > > Computer: Morad-Haj
    > > Description:
    > > Windows detected your registry file is still in use by other applications
    > > or
    > > services. The file will be unloaded now. The applications or services that
    > > hold your registry file may not function properly afterwards.
    > >
    > > DETAIL -
    > > 17 user registry handles leaked from
    > > \Registry\User\S-1-5-21-2641106361-2081730548-1607543625-1000:
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > >
    > > Event Xml:
    > > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    > > <System>
    > > <Provider Name="Microsoft-Windows-User Profiles Service"
    > > Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
    > > <EventID Qualifiers="32768">1530</EventID>
    > > <Version>0</Version>
    > > <Level>3</Level>
    > > <Task>0</Task>
    > > <Opcode>0</Opcode>
    > > <Keywords>0x80000000000000</Keywords>
    > > <TimeCreated SystemTime="2007-03-29T09:56:52.000Z" />
    > > <EventRecordID>6068</EventRecordID>
    > > <Correlation />
    > > <Execution ProcessID="0" ThreadID="0" />
    > > <Channel>Application</Channel>
    > > <Computer>Morad-Haj</Computer>
    > > <Security UserID="S-1-5-18" />
    > > </System>
    > > <EventData Name="EVENT_HIVE_LEAK">
    > > <Data Name="Detail">17 user registry handles leaked from
    > > \Registry\User\S-1-5-21-2641106361-2081730548-1607543625-1000:
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has
    > > opened key \REGISTRY\USER\S-1-5-21-2641106361-2081730548-1607543625-1000
    > > </Data>
    > > </EventData>
    > > </Event>
    > >
    > > mhajii210

    >
    >


Similar Threads

  1. Replies: 5
    Last Post: 28-12-2010, 07:53 PM
  2. Replies: 10
    Last Post: 30-08-2010, 07:46 PM
  3. Replies: 16
    Last Post: 05-08-2010, 10:50 AM
  4. Replies: 3
    Last Post: 25-05-2009, 02:01 AM
  5. User profile service warning EVENT ID 1530
    By Daji!Ram in forum Vista Help
    Replies: 1
    Last Post: 28-05-2008, 04:45 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,719,911.50838 seconds with 17 queries