Win 8 Event Viewer - You finding yours to be "busier"?

Damolee

New Member
Messages
9
Hi folks,

Has anyone else noticed that their event viewer to be far more busy than in Windows 8?

Got all sorts of strange errors in mine.

Not sure whether it's drivers, app compatibility .... or what.

Like this for instance....

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
50 user registry handles leaked from \Registry\User\S-1-5-21-2217591357-3541557252-3149719819-1001:
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings

And some of these type ones...

taskhostex (1768) An attempt to open the file "C:\Users\Damien\AppData\Local\Microsoft\Windows\W ebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

What the hell??
 

My Computer

System One

  • OS
    Windows 8 Pro
Something is opening registry handles to your user's registry or files in your profile and isn't letting go. It's doing so as part of a svchost, which means it's probably a task running in task scheduler. Have you installed any software that would have added any scheduled tasks?
 

My Computer

System One

  • OS
    Windows 8.1 x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7 4790K @ 4.5GHz
    Motherboard
    Asus Maximus Hero VII
    Memory
    32GB DDR3
    Graphics Card(s)
    Nvidia GeForce GTX970
    Sound Card
    Realtek HD Audio
    Hard Drives
    1x Samsung 250GB SSD
    4x WD RE 2TB (RAIDZ)
    PSU
    Corsair AX760i
    Case
    Fractal Design Define R4
    Cooling
    Noctua NH-D15
The only things I have installed as of right now are newer nvidia drivers and Google Chrome.

Any idea how I can narrow down the culprit? Im not very good at reading this stuff.
 

My Computer

System One

  • OS
    Windows 8 Pro
Ok, i've managed to get the process IDs (PID) listed in the new task manager. (Great feature) So I will keep an eye on them and when I find the culprits I will post back.
 

My Computer

System One

  • OS
    Windows 8 Pro
Ok, the process IDs 700, 948, 1012 are all trying to 46 registry handles leaked DETAIL - 46 user registry handles leaked from \Registry\User\S-1-5-21-2443668506-689073690-3057848115-1001:

Did a search in regedit and it relates to AllUserInstallAgent and AllUserStore

Any ideas how to clean this up?
 

My Computer

System One

  • OS
    Windows 8 Pro
Back with a vengeance. What a mess this is. Im giving up on Windows 8.

Ran a clean and tidy ship with Windows 7. Not entirely sure what benefits im enjoying with 8 in all honesty.

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.


DETAIL -
43 user registry handles leaked from \Registry\User\S-1-5-21-2443668506-689073690-3057848115-1001:
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
 

My Computer

System One

  • OS
    Windows 8 Pro
Do what you will, but this isn't a Windows problem. By the way, Windows *is* fixing it, for what it's worth.
 

My Computer

System One

  • OS
    Windows 8.1 x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7 4790K @ 4.5GHz
    Motherboard
    Asus Maximus Hero VII
    Memory
    32GB DDR3
    Graphics Card(s)
    Nvidia GeForce GTX970
    Sound Card
    Realtek HD Audio
    Hard Drives
    1x Samsung 250GB SSD
    4x WD RE 2TB (RAIDZ)
    PSU
    Corsair AX760i
    Case
    Fractal Design Define R4
    Cooling
    Noctua NH-D15
Do what you will, but this isn't a Windows problem. By the way, Windows *is* fixing it, for what it's worth.

I've noticed these only happen when I do a reboot, so it's something to do with how fast it shuts down.

Could be worse I suppose, they could be happening during use. Just not sure why I never saw this behaviour in Windows 7 at all.

EDIT: Thinking back, I have seen this before. In Vista , I eventually ended up with a corrupted user profile.

I have absolutely no idea how to trace what is causing it. I am using the latest drivers and versions of my apps. There is little more I can do about it without knowing the steps to trace. I'm not getting any tangible information from using Procmon or Task Manager.
 
Last edited:

My Computer

System One

  • OS
    Windows 8 Pro
Try do a "Restore" of the system using the built in Restore feature. If you do decide to us this feature remember to back up all the files and documents you want to keep (just smart). Once all files you want are backed up run the Restore. This should rig you system of the problem. When you finishing restoring to new then start reinstalling you apps/programs and see what one is causing your problem. If you decide to do this good luck.
 

My Computer

System One

  • OS
    Win 8, (VM win7, XP, Vista)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion p1423w
    CPU
    Intel Core i5 3330 Ivy Bridge
    Motherboard
    Foxconn - 2ADA Ivy Brige
    Memory
    16 GB 1066MHz DDR3
    Graphics Card(s)
    ATI Radeon HD 5450
    Sound Card
    HD Realteck (Onboard)
    Monitor(s) Displays
    Mitsubishi LED TV/Montior HD, Dell 23 HD, Hanspree 25" HD
    Screen Resolution
    Mit. 1980-1080, Dell 2048-115, Hanspree 1920-10802
    Hard Drives
    1 SanDisk 240Gig SSD, 2 Samsung 512Gig SSDs
    Case
    Tower
    Cooling
    Original (Fans)
    Keyboard
    Microsoft Keyboard 2000
    Mouse
    Microsoft Optical Mouse 5000
    Internet Speed
    1.3 (350 to 1024 if lucky)
    Browser
    Firefox 19.1
    Antivirus
    MSE-Defender
Try do a "Restore" of the system using the built in Restore feature. If you do decide to us this feature remember to back up all the files and documents you want to keep (just smart). Once all files you want are backed up run the Restore. This should rig you system of the problem. When you finishing restoring to new then start reinstalling you apps/programs and see what one is causing your problem. If you decide to do this good luck.

Does this also clean out all the drivers?

Reason I ask, after format I installed Intel Management Engine, Intel Chipset inf, Intel RST and Realtek drivers and wondering if the problem is relating to them somewhere.

I always obtain the latest from each relevant site.
 

My Computer

System One

  • OS
    Windows 8 Pro
Back
Top