Somehow msiexec.exe always starts and if I stop it, it starts again.
The service is set as manual and the field is greyed out, so I can't change it.
It doesn't use CPU, just sitting on the memory.
Here are what I've tried so far with no luck.
1. Disable system restore.
2. Turn off fast startup.
3. Cleaned out Temp folder.
4. Virus and malware scan. Nothing found.
5. Unregister and reregister Windows Installer.
6. SFC Scan. No problem found.
7. Clean registry using jetclean.
Any idea? Thanks.
BTW, I don't know if this is related: I've notice this warning.
Log Name: ApplicationSource: Microsoft-Windows-User Profiles Service
Date: 2/3/2013 6:29:46 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Desktop-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
The service is set as manual and the field is greyed out, so I can't change it.
It doesn't use CPU, just sitting on the memory.
Here are what I've tried so far with no luck.
1. Disable system restore.
2. Turn off fast startup.
3. Cleaned out Temp folder.
4. Virus and malware scan. Nothing found.
5. Unregister and reregister Windows Installer.
6. SFC Scan. No problem found.
7. Clean registry using jetclean.
Any idea? Thanks.
BTW, I don't know if this is related: I've notice this warning.
Log Name: ApplicationSource: Microsoft-Windows-User Profiles Service
Date: 2/3/2013 6:29:46 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Desktop-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
Code:
DETAIL -
17 user registry handles leaked from \Registry\User\S-1-5-21-3241246610-606297703-3174275145-1001:
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\CA
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 1164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Policies\Microsoft\SystemCertificates
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Policies\Microsoft\SystemCertificates
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Policies\Microsoft\SystemCertificates
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Policies\Microsoft\SystemCertificates
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\Root
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\trust
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\Disallowed
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-02-04T02:29:46.638442500Z" />
<EventRecordID>2974</EventRecordID>
<Correlation ActivityID="{FB126B5E-0279-0000-7E6B-12FB7902CE01}" />
<Execution ProcessID="1164" ThreadID="1868" />
<Channel>Application</Channel>
<Computer>Desktop-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">17 user registry handles leaked from \Registry\User\S-1-5-21-3241246610-606297703-3174275145-1001:
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\CA
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 1164 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Policies\Microsoft\SystemCertificates
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Policies\Microsoft\SystemCertificates
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Policies\Microsoft\SystemCertificates
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Policies\Microsoft\SystemCertificates
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\Root
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\trust
Process 1276 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3241246610-606297703-3174275145-1001\Software\Microsoft\SystemCertificates\Disallowed
</Data>
</EventData>
</Event>
Last edited by a moderator:
My Computer
System One
-
- OS
- Windows 8
- System Manufacturer/Model
- Dell
- CPU
- Core 2 Quad Q6600
- Memory
- 6 GB
- Graphics Card(s)
- ATI Radeon™ HD 5450