Windows 7 User registry handles leaked when shutting down Win 7 Ultimate

C

cherrio

Extraordinary Member
I have over 630 events logged in less than a year on my Win 7 Ultimate (64bit) which is basically turned one and off twice per day, all stating that my registry is leaking. Each shut down produces a 1530 event message like this below...
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
Which is then followed by the number of leaks (from 3 to 45) but all relate to REGISTRY\USER\S-1-5-21-2504074074-2207754458-538734185-1000. When I seach for this reference on the C:\ drive it returns me three Roaming folders under App Data. There is only one user on this machine (excluding the administrator). If there is a guest user, it doesn't show up - it boots right to my desktop.

Question - can I somehow turn off this roaming?
I am not storing any destop or user profile on a network, why is this roaming thing needed?

I do not know where to find user profiles, I can only find user accounts in the control panel.
 
A user does not have to be a physical person. It might be the system or some utility that has installed its own user to complete certain tasks.

If you check the following Registry entry, the number you list show be listed and show what/who this user is. Maybe you....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

If the Event shows any particulars as to the process number (PID) or thread (TID) it might be helpful.

Event ID: 1530 may be logged in the Application log on a Windows Vista or newer computer

I suppose you may need to shut something down before you shut down the system, or at least that what it looks like. The folders you see in AppData might be involved.
 
Saltgrass said:
A user does not have to be a physical person. It might be the system or some utility that has installed its own user to complete certain tasks.

If you check the following Registry entry, the number you list show be listed and show what/who this user is. Maybe you....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

If the Event shows any particulars as to the process number (PID) or thread (TID) it might be helpful.

Event ID: 1530 may be logged in the Application log on a Windows Vista or newer computer

I suppose you may need to shut something down before you shut down the system, or at least that what it looks like. The folders you see in AppData might be involved.
Click to expand...

I ran the process monitor and used a filter to look at the path that inclued that user profile number USER\S-1-5-21-2504074074-2207754458-538734185-1000. and found a number of entries of the file being created. I cannot figure out a way to print that filter result so I could post it. It was PID 1028 (if that means anything)

The best I could do is to post a screen capture, perhaps you can zoom into to read it???
proc monitor screen(012112).jpg

As for that Microsoft article you reference it really does not say anything about fixing it - reads like a programmer writing notes to himself.
 
Here is the profile list from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
reg editor, NT profile list.jpg
 
If you expand the last key, it will list all the user numbers. Select the one you reference and on the right side, in the third line on the Profile Image Path, it should name the user.

The process monitor log does not seem to help much since the actual thread in inside of a svchost.

Edit: When you shut the computer down, do you shut each open application down prior to doing so?
 
Last edited:
Saltgrass said:
If you expand the last key, it will list all the user numbers. Select the one you reference and on the right side, in the third line on the Profile Image Path, it should name the user.

The process monitor log does not seem to help much since the actual thread in inside of a svchost.

Edit: When you shut the computer down, do you shut each open application down prior to doing so?
Click to expand...

I pretty much try to close all apps when shutting down, but this thing seems to generate a log warning event at the exact clock time I press shut down. When I have problems with an app and end up restarting, it will list the open apps and I just force the shutdown.

Here is the profile list in question and sure enough it is me - the only user on the machine.
nt_profile list expanded, details of __1000.jpg
 
If something is running in that svchost that is not shutting down and you have closed everything you can, you may have to do a trial and error process to find out what.

If you are running Process Monitor, you can right click the process in question and go to properties and look at the processes tab. There may be quite a few, but maybe one will look familiar as belonging to a program you have installed.

If you can't find anything, I would probably open Task Manager just before the shutdown and try stopping a service just prior to shutting down to see if the warning still occurs. This would be, of course, hit or miss. If you want someone to look at what is running, you could use the snipping tool to take a picture and attach the Task Manager window.

You have not mentioned anything about sleep problems, but something you might try is to run the Powercfg -energy command in an Administrative command window. If you have everything shut down, it might highlight some program that is still running. After it finishes, look for the .html file and copy it to the desktop to open. Don't get too concerned about the USB error, they seem to show up often.
 
OK, I ran the "powercfg -energy" in an admin cmd black screen and it produced the file "energy-report.html", but this file will not open in IE8, MS Office Word, or Adobe reader 9. The Win 7 Explorer preview screen shows the report (hard to read), but I cannot get any other program to open it when I use "open with" and select other programs.TRI39D8.jpg
 
It is an .html file. If you copied it to the Desktop, you can open it from there.
 
I don't see anything in the report that might be involved. Looks like you'll have to check the other way.
 
You must log in or register to reply here.

Similar threads

R
Why are Credentials never working properly on Win 10 Pro?
Replies
2
Views
385
ussnorway
ussnorway
SupramanTT
Windows 10 BCD Error 0xc000000e, 0xc0000225 and More issues. Late night computer update and woke up to Recovery Screen
Replies
4
Views
4K
SupramanTT
SupramanTT
News
Inspired by challenges in your workday: latest innovations and updates from Microsoft Edge
Replies
0
Views
1K
News
News
K
Windows 10 WEIRD battery drains when shut down
Replies
6
Views
627
ussnorway
ussnorway
News
Announcing Windows 11 Insider Preview Build 22621.1037 and 22623.1037
Replies
0
Views
2K
News
News
Back
Top