- Provider
- Microsoft-Windows-User Profiles Service
- Channel
- Application
- Level
- Warning
Message #
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
DETAIL -
%1
Example Event #
{
"system": {
"provider": "Microsoft-Windows-User Profiles Service",
"guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
"event_source_name": "",
"event_id": 1530,
"version": 0,
"level": 3,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2013-10-23T17:27:30.004750+00:00",
"event_record_id": 170,
"correlation": {},
"execution": {
"process_id": 916,
"thread_id": 928
},
"channel": "Application",
"computer": "IE8Win7",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Name": "EVENT_HIVE_LEAK",
"Data": {
"Name": "Detail",
"Value": "1 user registry handles leaked from \\Registry\\User\\S-1-5-21-3463664321-2923530833-3546627382-1000:\nProcess 432 (\\Device\\HarddiskVolume2\\Windows\\System32\\winlogon.exe) has opened key \\REGISTRY\\USER\\S-1-5-21-3463664321-2923530833-3546627382-1000\n"
}
},
"message": "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. \n\n DETAIL - \n EVENT_HIVE_LEAK"
}