registry handles leaked from
+ System - Provider [ Name] Microsoft-Windows-User Profiles Service [ Guid] {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845} [ EventSourceName] profsvc - EventID 1530 [ Qualifiers] 32768 Version 0 Level 3 Task 0 Opcode 0 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2011-06-11T07:37:12.000Z EventRecordID 127007 Correlation - Execution [ ProcessID] 0 [ ThreadID] 0 Channel Application Computer Panther-PC - Security [ UserID] S-1-5-18 - EventData Detail 16 user registry handles leaked from \Registry\User\S-1-5-21-1082989139-2594333343-3947924465-1001: Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 828 (\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\nTune\nTuneService.exe) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\My Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\CA Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\Root Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\trust Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\Disallowed should i be worried or can i get some help with this ?
June 11th, 2011 8:24am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics