Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User Registry Handles Leaked and Slight Delay when Windows is starting.


  • Please log in to reply
1 reply to this topic

#1 RazzMaTazz007

RazzMaTazz007

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 23 March 2018 - 09:06 AM

9l9lmy6.png

 

This are the warning logs i found:

 

Event 1530, User Profile Service

 

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-849658563-1948834262-4279570332-1000:
Process 984 (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) has opened key \REGISTRY\USER\S-1-5-21-849658563-1948834262-4279570332-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness

 

Process 984 (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) has opened key \REGISTRY\USER\S-1-5-21-849658563-1948834262-4279570332-1000\Software\ESET\ESET Security\CurrentVersion\Config\gui\UI_CONFIG

 


  <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
  <EventID>1530</EventID>
  <Version>0</Version>
  <Level>3</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000000</Keywords>
  <TimeCreated SystemTime="2018-03-23T11:03:57.659460900Z" />
  <EventRecordID>188</EventRecordID>
  <Correlation />
  <Execution ProcessID="1096" ThreadID="3216" />
  <Channel>Application</Channel>
  <Computer>Steven</Computer>
  <Security UserID="S-1-5-18" />
  </System>
- <EventData Name="EVENT_HIVE_LEAK">
  <Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-849658563-1948834262-4279570332-1000: Process 984 (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) has opened key \REGISTRY\USER\S-1-5-21-849658563-1948834262-4279570332-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness Process 984 (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) has opened key \REGISTRY\USER\S-1-5-21-849658563-1948834262-4279570332-1000\Software\ESET\ESET Security\CurrentVersion\Config\gui\UI_CONFIG</Data>
  </EventData>
  </Event>
 

Event 4001, WLAN Auto-Config

 

WLAN AutoConfig service has successfully stopped.

 

 
  <Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580D7DD-0379-4658-9870-D5BE7D52D6DE}" />
  <EventID>4001</EventID>
  <Version>0</Version>
  <Level>3</Level>
  <Task>0</Task>
  <Opcode>2</Opcode>
  <Keywords>0x4000000000000000</Keywords>
  <TimeCreated SystemTime="2018-03-23T11:03:59.344263800Z" />
  <EventRecordID>1144</EventRecordID>
  <Correlation />
  <Execution ProcessID="748" ThreadID="1932" />
  <Channel>System</Channel>
  <Computer>Steven</Computer>
  <Security UserID="S-1-5-18" />
  </System>
  <EventData />
  </Event>
 
This started when i restarted my laptop but then it failed to boot up (I'm not sure why this happened i didn't make any major changes in my system) so then it proceeded to use the auto repair feature after a while it successfully boot-up to desktop.
 

Since yesterday the repair somehow made starting-up delay a bit usually it gives me the "Welcome" Message which only lasts a few seconds but now every time it starts. It gives "Please Wait" message which lasts around 1min+ followed by the "Welcome" message.

​Other than that everything else works fine.


Edited by RazzMaTazz007, 23 March 2018 - 09:07 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,299 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:09 PM

Posted 23 March 2018 - 09:59 AM

From what I see...these messages are strictly administrative notes by Windows re operation...I don't believe any correctve action by users is necessary.  Anything in Event Viewer which classifies itself as a "warning"...well, I've never seen any such message that required user action.  Errors...are items of possible concern, as distinguished from "warnings".

 

https://support.microsoft.com/en-us/help/942910/error-warning-or-critical-events-are-logged-in-the-diagnostic-performa .  I know that this applies to Vista, but the same is true for Win 7.

 

But...I would run the chkdsk /r command on the Windows partition...and follow that with the sfc /scannow command.

 

Louis






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users