Hi there,
I am recently having problems with BSOD. I can find a few things in my event logger which look potentially bad, can you point me in the right direction?
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1876342947-3578868759-1975656353-1000:
Process 5600 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.ex e) has opened key \REGISTRY\USER\S-1-5-21-1876342947-3578868759-1975656353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-01-31T09:21:59.985054100Z" />
<EventRecordID>44711</EventRecordID>
<Correlation ActivityID="{00000100-0000-0003-0355-390B631ECF01}" />
<Execution ProcessID="1352" ThreadID="4084" />
<Channel>Application</Channel>
<Computer>mothership-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-1876342947-3578868759-1975656353-1000: Process 5600 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.ex e) has opened key \REGISTRY\USER\S-1-5-21-1876342947-3578868759-1975656353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts</Data>
</EventData>
</Event>
This is the first event which had !
This is the second:
The description for Event ID 1000 from source CltMngSvc cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
CltMngSvc
ServiceMain Version 2. (Error: 87)
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="CltMngSvc" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-01-31T09:02:24.000000000Z" />
<EventRecordID>44642</EventRecordID>
<Channel>Application</Channel>
<Computer>mothership-PC</Computer>
<Security />
</System>
- <EventData>
<Data>CltMngSvc</Data>
<Data>ServiceMain Version 2. (Error: 87)</Data>
</EventData>
</Event>
==================================================
Dump File : 013114-25474-01.dmp
Crash Time : 31/01/2014 08:07:10
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050031
Parameter 3 : 00000000`000406f8
Parameter 4 : fffff800`03293d30
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6f880
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.17273 (win7_gdr.130318-1532)
Processor : x64
Crash Address : ntoskrnl.exe+6f880
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\013114-25474-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 309,418
Dump File Time : 31/01/2014 08:16:11
==================================================
==================================================
Dump File : 012114-41636-01.dmp
Crash Time : 21/01/2014 11:32:38
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`00275c62
Parameter 3 : fffff880`0fb46d70
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+225c62
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+6f880
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\012114-41636-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 317,674
Dump File Time : 21/01/2014 13:00:09
==================================================
From what I'm seeing I think it may be a piece of malware that was removed and caused a registry error? Is there anyway to fix this as I don't have a windows disc.
Thanks
I am recently having problems with BSOD. I can find a few things in my event logger which look potentially bad, can you point me in the right direction?
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1876342947-3578868759-1975656353-1000:
Process 5600 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.ex e) has opened key \REGISTRY\USER\S-1-5-21-1876342947-3578868759-1975656353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-01-31T09:21:59.985054100Z" />
<EventRecordID>44711</EventRecordID>
<Correlation ActivityID="{00000100-0000-0003-0355-390B631ECF01}" />
<Execution ProcessID="1352" ThreadID="4084" />
<Channel>Application</Channel>
<Computer>mothership-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-1876342947-3578868759-1975656353-1000: Process 5600 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.ex e) has opened key \REGISTRY\USER\S-1-5-21-1876342947-3578868759-1975656353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts</Data>
</EventData>
</Event>
This is the first event which had !
This is the second:
The description for Event ID 1000 from source CltMngSvc cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
CltMngSvc
ServiceMain Version 2. (Error: 87)
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="CltMngSvc" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-01-31T09:02:24.000000000Z" />
<EventRecordID>44642</EventRecordID>
<Channel>Application</Channel>
<Computer>mothership-PC</Computer>
<Security />
</System>
- <EventData>
<Data>CltMngSvc</Data>
<Data>ServiceMain Version 2. (Error: 87)</Data>
</EventData>
</Event>
==================================================
Dump File : 013114-25474-01.dmp
Crash Time : 31/01/2014 08:07:10
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050031
Parameter 3 : 00000000`000406f8
Parameter 4 : fffff800`03293d30
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6f880
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.17273 (win7_gdr.130318-1532)
Processor : x64
Crash Address : ntoskrnl.exe+6f880
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\013114-25474-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 309,418
Dump File Time : 31/01/2014 08:16:11
==================================================
==================================================
Dump File : 012114-41636-01.dmp
Crash Time : 21/01/2014 11:32:38
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`00275c62
Parameter 3 : fffff880`0fb46d70
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+225c62
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+6f880
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\012114-41636-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 317,674
Dump File Time : 21/01/2014 13:00:09
==================================================
From what I'm seeing I think it may be a piece of malware that was removed and caused a registry error? Is there anyway to fix this as I don't have a windows disc.
Thanks