View Single Post
01 Feb 2013  
FloridaNative

Windows 7 Home Premium 64-bit SP1
 
 
Made Some Progress, Possibly

Here is what I have done, and at the moment the message Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D is not showing in the Event Viewer when I boot up.

1. Removed MSE and did a registry cleanup.

2. Rebooted, message Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D was still in Event Viewer. Plus there was the message that when I shut down the following occurred:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-2599493413-1845634037-364224823-1001:
Process 564 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001
Process 564 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001
Process 564 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001\Software\Microsoft\SystemCertificates\My
Process 564 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001\Software\Microsoft\SystemCertificates\CA
Process 564 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001\Software\Microsoft\SystemCertificates\Disallowed


3. Removed the EppOobe.etl file and rebooted.

4. Got the same dang message in the Event Viewer. But did not get the leak message.

5. I had recently installed and then uninstalled Malwarebytes so in an abundance of caution downloaded and ran their uninstaller tool to make sure the uninstall was totally clean.

6. Rebooted and got the leak message and that same dang message yet again.

7. Loaded Avast, that went fine.

8. Went to How to manually uninstall Microsoft Security Essentials 2.0.1963 if you cannot uninstall it by using the Add or Remove Programs item and first downloaded and ran the FixIt Wizard. No luck on reboot.

9. Went back to How to manually uninstall Microsoft Security Essentials 2.0.1963 if you cannot uninstall it by using the Add or Remove Programs item and went through their step by step process of removing MSE, but found none of the files indicated in the process. Removed the EppOobe.etl file one more time, and upon reboot EUREKA, the Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D did not show up in the Event Viewer. What did show was the Leak message again as follows:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-2599493413-1845634037-364224823-1001:
Process 560 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001
Process 560 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001
Process 560 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001\Software\Microsoft\SystemCertificates\My
Process 560 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001\Software\Microsoft\SystemCertificates\CA
Process 560 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2599493413-1845634037-364224823-1001\Software\Microsoft\SystemCertificates\Disallowed

Some websites say ignore this message, other say it should be investigated. I still have the Microsoft Security Client Folder/Support/and multiple files underneath. And DANGIT the wretched EppOobe.etl is back.

I am taking a break, and will be out all day tomorrow. Are these leak messages helpful, is there something else I can try based on this information?

Thank you!
My System SpecsSystem Spec