registry handles leaked from
+
System
-
Provider
[ Name]
Microsoft-Windows-User Profiles Service
[ Guid]
{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}
[ EventSourceName]
profsvc
-
EventID
1530
[ Qualifiers]
32768
Version
0
Level
3
Task
0
Opcode
0
Keywords
0x80000000000000
-
TimeCreated
[ SystemTime]
2011-06-11T07:37:12.000Z
EventRecordID
127007
Correlation
-
Execution
[ ProcessID]
0
[ ThreadID]
0
Channel
Application
Computer
Panther-PC
-
Security
[ UserID]
S-1-5-18
-
EventData
Detail
16 user registry handles leaked from \Registry\User\S-1-5-21-1082989139-2594333343-3947924465-1001: Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001
Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft
shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001
Process 828 (\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\nTune\nTuneService.exe) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows
Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\My Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\CA Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\Root
Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2384 (\Device\HarddiskVolume1\Program
Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft
shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\trust Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE)
has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates
Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program
Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft
shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\Disallowed
should i be worried or can i get some help with this ?
June 11th, 2011 8:29am
Hi,
This is by design.
Please refer to http://support.microsoft.com/kb/947238.
Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 15th, 2011 5:11am