Windows 8 and 8.1 Forums


Win 8 Event Viewer - You finding yours to be "busier"?

  1. #1


    Posts : 9
    Windows 8 Pro

    Win 8 Event Viewer - You finding yours to be "busier"?


    Hi folks,

    Has anyone else noticed that their event viewer to be far more busy than in Windows 8?

    Got all sorts of strange errors in mine.

    Not sure whether it's drivers, app compatibility .... or what.

    Like this for instance....

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    50 user registry handles leaked from \Registry\User\S-1-5-21-2217591357-3541557252-3149719819-1001:
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
    Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings

    And some of these type ones...

    taskhostex (1768) An attempt to open the file "C:\Users\Damien\AppData\Local\Microsoft\Windows\W ebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    What the hell??

      My System SpecsSystem Spec

  2. #2


    Redmond
    Posts : 651
    Windows 8.1 x64


    Something is opening registry handles to your user's registry or files in your profile and isn't letting go. It's doing so as part of a svchost, which means it's probably a task running in task scheduler. Have you installed any software that would have added any scheduled tasks?
      My System SpecsSystem Spec

  3. #3


    Posts : 9
    Windows 8 Pro


    The only things I have installed as of right now are newer nvidia drivers and Google Chrome.

    Any idea how I can narrow down the culprit? Im not very good at reading this stuff.
      My System SpecsSystem Spec

  4. #4


    Posts : 9
    Windows 8 Pro


    Ok, i've managed to get the process IDs (PID) listed in the new task manager. (Great feature) So I will keep an eye on them and when I find the culprits I will post back.
      My System SpecsSystem Spec

  5. #5


    Posts : 9
    Windows 8 Pro


    Ok, the process IDs 700, 948, 1012 are all trying to 46 registry handles leaked DETAIL - 46 user registry handles leaked from \Registry\User\S-1-5-21-2443668506-689073690-3057848115-1001:

    Did a search in regedit and it relates to AllUserInstallAgent and AllUserStore

    Any ideas how to clean this up?
      My System SpecsSystem Spec

  6. #6


    Posts : 9
    Windows 8 Pro


    Back with a vengeance. What a mess this is. Im giving up on Windows 8.

    Ran a clean and tidy ship with Windows 7. Not entirely sure what benefits im enjoying with 8 in all honesty.

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.


    DETAIL -
    43 user registry handles leaked from \Registry\User\S-1-5-21-2443668506-689073690-3057848115-1001:
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
    Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
      My System SpecsSystem Spec

  7. #7


    Redmond
    Posts : 651
    Windows 8.1 x64


    Do what you will, but this isn't a Windows problem. By the way, Windows *is* fixing it, for what it's worth.
      My System SpecsSystem Spec

  8. #8


    Posts : 9
    Windows 8 Pro


    Quote Originally Posted by cluberti View Post
    Do what you will, but this isn't a Windows problem. By the way, Windows *is* fixing it, for what it's worth.
    I've noticed these only happen when I do a reboot, so it's something to do with how fast it shuts down.

    Could be worse I suppose, they could be happening during use. Just not sure why I never saw this behaviour in Windows 7 at all.

    EDIT: Thinking back, I have seen this before. In Vista , I eventually ended up with a corrupted user profile.

    I have absolutely no idea how to trace what is causing it. I am using the latest drivers and versions of my apps. There is little more I can do about it without knowing the steps to trace. I'm not getting any tangible information from using Procmon or Task Manager.
    Last edited by Damolee; 01 Nov 2012 at 02:45.
      My System SpecsSystem Spec

  9. #9


    USA, Idaho
    Posts : 1,062
    Win 8, (VM win7, XP, Vista)


    Try do a "Restore" of the system using the built in Restore feature. If you do decide to us this feature remember to back up all the files and documents you want to keep (just smart). Once all files you want are backed up run the Restore. This should rig you system of the problem. When you finishing restoring to new then start reinstalling you apps/programs and see what one is causing your problem. If you decide to do this good luck.
      My System SpecsSystem Spec

  10. #10


    Posts : 9
    Windows 8 Pro


    Quote Originally Posted by Lee View Post
    Try do a "Restore" of the system using the built in Restore feature. If you do decide to us this feature remember to back up all the files and documents you want to keep (just smart). Once all files you want are backed up run the Restore. This should rig you system of the problem. When you finishing restoring to new then start reinstalling you apps/programs and see what one is causing your problem. If you decide to do this good luck.
    Does this also clean out all the drivers?

    Reason I ask, after format I installed Intel Management Engine, Intel Chipset inf, Intel RST and Realtek drivers and wondering if the problem is relating to them somewhere.

    I always obtain the latest from each relevant site.
      My System SpecsSystem Spec

Win 8 Event Viewer - You finding yours to be "busier"?
Related Threads
Hello My Brand new Laptop: Lenovo g505 after upgrading it to windows 8.1 from MS Apps store now i am not able to connect to internet i get "limited" or "No Internet Access". i have tried to re install the driver no luck Lenovo support suggests to do factory rest but i dont want to go back...
So I need to a image viewer/editor with "Scroll to Zoom" feature. Basically when I scroll, the image should be zoomed instead of moving to the next picture. Irfanview had this feature but its not there anymore. Or maybe I am not able to find it. I know that Ctrl+Scroll will produce the result....
Error Event ID 3 Session "ReadyBoot" stopped in Performance & Maintenance
Hello All- I am getting this Error at every boot: "Session "ReadyBoot" stopped due to the following error: 0xC0000188." System Basics: > Dual-Boot Windows 7 and 8 (64 bit), each on its own hard drive (recent clean installs). > Boot Manager is on the Windows 7 disk.
Hi all, So I'm kind of stuck.. I currently have the problem where I am in an endless cycle of "loading files" -> "Windows Boot Manager" (see: How To Boot Into Safe Mode On Windows 8 (The Easy Way)). I have tried to load all of the options -- and none successfully load. I also end up at...
I have relatively new PC with Windows 8.1 but recently I am getting a message on start up that "Windows could not connect to Group Policy service" . This then asks me to look at the Event log. I notice that the Event log has " Special log on " every time I log on . Are theses messages related ?...
It just really me reminds me of one of the best parts of Mac, and the worst parts remind me nothing of a Mac. Sorry for the slam, just an observation. If Win 8 was 1/2 as user friendly as Apple products I wouldn't be bitching, but here I am, with a nice Win 8 laptop which I am unsure I even like...
So got windows 8 Dev installed so far so good, I thought I would like the left screen bump to go to last app or program used feature till I installed some games and tried to play them suddenly my left side of my screen is no good if needing to scroll to the side say in a game like Starcraft II,...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook