# [SOLVED] Event Log Help



## Fusion-7 (Jan 14, 2011)

Can someone help me with this. (The applications or services that hold your registry file may not function properly afterwards) 
I'm curious what this means
I crashed while on line gaming and went directly to my event log and found this
Thanks in advance

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 1/13/2011 8:48:07 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords: 
User: SYSTEM
Computer: GamePC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 
DETAIL - 
1 user registry handles leaked from \Registry\User\S-1-5-21-2439421239-1113823465-3972144524-1001:
Process 1648 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2439421239-1113823465-3972144524-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Event Xml:
<Event xmlns="[URL]http://schemas.microsoft.com/win/2004/08/events/event[/URL]">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2011-01-14T01:48:07.013987400Z" />
<EventRecordID>1286</EventRecordID>
<Correlation />
<Execution ProcessID="520" ThreadID="2780" />
<Channel>Application</Channel>
<Computer>GamePC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-2439421239-1113823465-3972144524-1001:
Process 1648 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2439421239-1113823465-3972144524-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
</Data>
</EventData>
</Event>


----------



## jcgriff2 (Sep 30, 2007)

*Re: Event Log Help*

*Date: 1/13/2011 8:48:07 PM* - was this when the game crashed?
Was there an entry for the game appcrash itself?
What anti-virus, firewall do you have installed?

2 other places to look for game crash info - 

WERCON - 
START | type* view * | "View all Problem Reports" | 2x-click on line item for additional crash info

Reliability Monitor - 
START | type *perfmon /rel*

Regards. . .

jcgriff2

`


----------



## jenae (Jun 17, 2008)

*Re: Event Log Help*

Hi, the game crash most likely produced this warning, it is not the cause and is normal behavior in Vista and Seven. When a program crashes the registry user hive may be deemed to be available to other users and is unloaded by the OS, this is a security issue and will not cause you any performance problems a restart reloads the hive. Normally a legacy program (ie written for an earlier version) is the cause, you should look to update drivers or a version made for your OS. 

From MS :-

This warning event indicates that the Windows Vista system closed the handle that is left by an application for a user's profile in order to make this profile unload. To close this handle many critical system components on the hard drive such as svchost.exe will be called and then the warning "1530" will be added by event identification system because of this. Therefore, this warning notice is created by the profile unloading system and is a normal behavior. Please be assured that it will not cause any system performance problem. Instead, it is designed for the stability consideration when a user profile attempts to log off".


----------



## Fusion-7 (Jan 14, 2011)

*Re: Event Log Help*

Thank you both It sounds like this is a normal OS responce, I'll try to learn more about what you are telling me Jenae so I'll understand better But it sounds like its nothing to worry about 
Thanks for helping me


----------



## CEM (Jan 5, 2011)

If your anti-virus has gamer mode swicth you can turn on. but it's depend which anti-virus on computer.


----------

