Has anyone else noticed that their event viewer to be far more busy than in Windows 8?
Got all sorts of strange errors in mine.
Not sure whether it's drivers, app compatibility .... or what.
Like this for instance....
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
50 user registry handles leaked from \Registry\User\S-1-5-21-2217591357-3541557252-3149719819-1001:
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.ex e) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001
Process 628 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2217591357-3541557252-3149719819-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings
And some of these type ones...
taskhostex (1768) An attempt to open the file "C:\Users\Damien\AppData\Local\Microsoft\Windows\W ebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Something is opening registry handles to your user's registry or files in your profile and isn't letting go. It's doing so as part of a svchost, which means it's probably a task running in task scheduler. Have you installed any software that would have added any scheduled tasks?
Ok, i've managed to get the process IDs (PID) listed in the new task manager. (Great feature) So I will keep an eye on them and when I find the culprits I will post back.
Ok, the process IDs 700, 948, 1012 are all trying to 46 registry handles leaked DETAIL - 46 user registry handles leaked from \Registry\User\S-1-5-21-2443668506-689073690-3057848115-1001:
Did a search in regedit and it relates to AllUserInstallAgent and AllUserStore
Back with a vengeance. What a mess this is. Im giving up on Windows 8.
Ran a clean and tidy ship with Windows 7. Not entirely sure what benefits im enjoying with 8 in all honesty.
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
43 user registry handles leaked from \Registry\User\S-1-5-21-2443668506-689073690-3057848115-1001:
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Policies\Microsoft\SystemCertificates
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\CA
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Root
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\trust
Process 684 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2443668506-689073690-3057848115-1001\Software\Microsoft\SystemCertificates\Disallowed
I've noticed these only happen when I do a reboot, so it's something to do with how fast it shuts down.
Could be worse I suppose, they could be happening during use. Just not sure why I never saw this behaviour in Windows 7 at all.
EDIT: Thinking back, I have seen this before. In Vista , I eventually ended up with a corrupted user profile.
I have absolutely no idea how to trace what is causing it. I am using the latest drivers and versions of my apps. There is little more I can do about it without knowing the steps to trace. I'm not getting any tangible information from using Procmon or Task Manager.
Try do a "Restore" of the system using the built in Restore feature. If you do decide to us this feature remember to back up all the files and documents you want to keep (just smart). Once all files you want are backed up run the Restore. This should rig you system of the problem. When you finishing restoring to new then start reinstalling you apps/programs and see what one is causing your problem. If you decide to do this good luck.
Try do a "Restore" of the system using the built in Restore feature. If you do decide to us this feature remember to back up all the files and documents you want to keep (just smart). Once all files you want are backed up run the Restore. This should rig you system of the problem. When you finishing restoring to new then start reinstalling you apps/programs and see what one is causing your problem. If you decide to do this good luck.
Reason I ask, after format I installed Intel Management Engine, Intel Chipset inf, Intel RST and Realtek drivers and wondering if the problem is relating to them somewhere.
I always obtain the latest from each relevant site.