This is what was found on a brand new computer that will not complete the
Vista Security pack 1 update. Module is missing for windows update and a
previous version of XP had problems with device drivers & administrative
privileges changing to start with. A clean format was not helping with an
embedded system. Also a security disc wipe clean was performed on the old
machine.
Vista says the download is corrupted. Any ideas what is up? Thank you. Donna
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 4/12/2008 11:08:34 AM
Event ID: 1530
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: ldmarcou-PC
Description:
Windows detected your registry file is still in use by other applications or
services. The file will be unloaded now. The applications or services that
hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from
\Registry\User\S-1-5-21-551187025-3693109612-1846477194-1001:
Process 960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has
opened key \REGISTRY\USER\S-1-5-21-551187025-3693109612-1846477194-1001
Process 188 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has
opened key \REGISTRY\USER\S-1-5-21-551187025-3693109612-1846477194-1001
Process 188 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has
opened key
\REGISTRY\USER\S-1-5-21-551187025-3693109612-1846477194-1001\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Event Xml:
<Event xmlns="
http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service"
Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="32768">1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-04-12T15:08:34.000Z" />
<EventRecordID>12333</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>name of computer here-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from
\Registry\User\S-1-5-21-551187025-3693109612-1846477194-1001:
Process 960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has
opened key \REGISTRY\USER\S-1-5-21-551187025-3693109612-1846477194-1001
Process 188 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has
opened key \REGISTRY\USER\S-1-5-21-551187025-3693109612-1846477194-1001
Process 188 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has
opened key
\REGISTRY\USER\S-1-5-21-551187025-3693109612-1846477194-1001\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
</Data>
</EventData>
</Event>
By the way, my daughter is an avid image surfer who has web overides on her
desktop to this comp. Botnet from a favorite site may be a clue. Changing
servers and local host access seems to be the event handlers and I've
noticed that logging gets disabled. I hope someone figures this out. Good
luck all.