Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is there any way to tell who is accessing the registry?

27 Aug 2009   #41
ben07

Windows 7 Pro x64 RTM
 
 

Quote   Quote: Originally Posted by squonksc View Post
When did you first see the yellow exclamations?
Hmmm, I don't remember...I had two originally, but got rid of one after deactivating Windows Defender.

I could go back to the 1st Ghost image, which was created immediately after the clean installation and not yet connected online.

I'm printing out the clean boot (Vista) and will post back....


My System SpecsSystem Spec
.
27 Aug 2009   #42
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by ben07 View Post
Hmmm, I don't remember...I had two originally, but got rid of one after deactivating Windows Defender.

I could go back to the 1st Ghost image, which was created immediately after the clean installation and not yet connected online.

I'm printing out the clean boot (Vista) and will post back....
Well, my first suggestion would be to take the disk that holds XP out of your computer and see what that brings.
My System SpecsSystem Spec
27 Aug 2009   #43
Delphin

windows 7
 
 

Quote   Quote: Originally Posted by squonksc View Post
Thanks for the suggestion, but it won't help since the problem is in windows itself, and a clean boot only excludes non OS services.

I think in this case it's leftovers from a user account that used to exist but no longer does. hence the S-1-5-21-783115880-3742272611-1246857717-1000 user.

Thanks
The problem is not with the leftovers from a user account.

S-1-5-21-783115880-3742272611-1246857717-1000 is not a leftover user id it the sid for his user id.

You cannot see user names in registry, it will only display the sid of the user name.

again the problem is not with the windows itself, it is caused by some other service or process which included itself into svchost process.

Its better to perform a clean boot
My System SpecsSystem Spec
.

27 Aug 2009   #44
Antman

 

It's me again - the guy that thinks you are chasing gossamer.

On my system, the error only presents itself on system shutdown. To date, this memory leak has created no undue harm to my unpowered machine.

Check it.
My System SpecsSystem Spec
27 Aug 2009   #45
Delphin

windows 7
 
 

@Antman

there is no assure that yours and his case are similar.

My System SpecsSystem Spec
27 Aug 2009   #46
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by Delphin View Post
The problem is not with the leftovers from a user account.

S-1-5-21-783115880-3742272611-1246857717-1000 is not a leftover user id it the sid for his user id.

You cannot see user names in registry, it will only display the sid of the user name.

again the problem is not with the windows itself, it is caused by some other service or process which included itself into svchost process.

Its better to perform a clean boot
Well, I'm open to suggestions, so it's worth giving clean boot a shot.

In the beginning of this thread I posted this:

Quote:
Nothing fishy about this.
S-1-5-21-783115880-3742272611-1246857717-1000 is a username used by svchost.exe
So I knew from the start it must have something to do with a service or process that is invoked by a process masked by svchost.exe.

The Sid doesn't necessarily have to be his user account.
It could well have been a left over of useraccount from previous installs.

That's why I asked him for the install history.

With the new info he provided, It seems indeed unlikely to be a left over.
But the thing I am puzzled about is that in the log the problem points to a system32 folder on the 7th volume.
That's not his Win7 partition, since he clean installed on 1 disk before adding the others.

If you ask me, it's pointing at the XP disks system32, but beats me why.


Your suggestions are very welcome.
The more brainpower the better.

Thanks.

Greetz
My System SpecsSystem Spec
27 Aug 2009   #47
ben07

Windows 7 Pro x64 RTM
 
 

OK, the clean boot is telling me neither the "startup items" nor "non- Microsoft services) is causing this, cause after performing step 4 and step 5, the yellow warning still returns and still pointing to the same user S-1-5-21-783115880-3742272611-1246857717-1000. To isolate which MS services is causing this will take a long...time, cause I need to deselect MS services one by one in step 6, which I think I might as well put back the 1st image, 2nd image, 3rd image...., but before I do that, let me remove the XP drive 1st!


Attached Images
Is there any way to tell who is accessing the registry?-11.jpg Is there any way to tell who is accessing the registry?-12.jpg 
My System SpecsSystem Spec
27 Aug 2009   #48
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by ben07 View Post
OK, the clean boot is telling me neither the "startup items" nor "non- Microsoft services) is causing this, cause after performing step 4 and step 5, the yellow warning still returns and still pointing to the same user S-1-5-21-783115880-3742272611-1246857717-1000. To isolate which MS services is causing this will take a long...time, cause I need to deselect MS services one by one in step 6, which I think I might as well put back the 1st image, 2nd image, 3rd image...., but before I do that, let me remove the XP drive 1st!
Good thinking.

And by the way, disabling services is not without danger, it might lead to non bootable system when you disable the wrong one(s).

Hope you have a ghost cd in case you can't boot.
My System SpecsSystem Spec
27 Aug 2009   #49
ben07

Windows 7 Pro x64 RTM
 
 

It's not the XP partition/drive....

Could it be Windows 7 is constantly trying to connect the HP printer which couldn't be connected/shared by the other XP PC on the same router? I've these Errors since day 1, but I know what's causing them, so I let them be:

Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 8/27/2009 6:53:49 AM
Event ID: 315
Task Category: Sharing a printer
Level: Error
Keywords: Classic Spooler Event,Printer
User: SYSTEM
Computer: C2Q-01
Description:
The print spooler failed to share printer HP LaserJet 6L with shared resource name HP LaserJet 6L. Error 2114. The printer cannot be used by others on the network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>315</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000820</Keywords>
<TimeCreated SystemTime="2009-08-27T13:53:49.263636500Z" />
<EventRecordID>7</EventRecordID>
<Correlation />
<Execution ProcessID="1204" ThreadID="932" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>C2Q-01</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<ShareFailed xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Param1>2114</Param1>
<Param2>HP LaserJet 6L</Param2>
<Param3>HP LaserJet 6L</Param3>
</ShareFailed>
</UserData>
</Event>


Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 8/23/2009 2:13:21 AM
Event ID: 512
Task Category: Initializing a print provider
Level: Error
Keywords: Router,Classic Spooler Event
User: SYSTEM
Computer: 37L4247E29-32
Description:
InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>512</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000002800</Keywords>
<TimeCreated SystemTime="2009-08-23T09:13:21.751090300Z" />
<EventRecordID>1</EventRecordID>
<Correlation />
<Execution ProcessID="328" ThreadID="1048" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>37L4247E29-32</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<RouterError xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Name>inetpp.dll</Name>
<Error>0x0</Error>
</RouterError>
</UserData>
</Event>

I will remove/disconnect my printer.
My System SpecsSystem Spec
27 Aug 2009   #50
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by ben07 View Post
It's not the XP partition/drive....

Could it be Windows 7 is constantly trying to connect the HP printer which couldn't be connected/shared by the other XP PC on the same router? I've these Errors since day 1, but I know what's causing them, so I let them be:

Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 8/27/2009 6:53:49 AM
Event ID: 315
Task Category: Sharing a printer
Level: Error
Keywords: Classic Spooler Event,Printer
User: SYSTEM
Computer: C2Q-01
Description:
The print spooler failed to share printer HP LaserJet 6L with shared resource name HP LaserJet 6L. Error 2114. The printer cannot be used by others on the network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>315</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000820</Keywords>
<TimeCreated SystemTime="2009-08-27T13:53:49.263636500Z" />
<EventRecordID>7</EventRecordID>
<Correlation />
<Execution ProcessID="1204" ThreadID="932" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>C2Q-01</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<ShareFailed xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Param1>2114</Param1>
<Param2>HP LaserJet 6L</Param2>
<Param3>HP LaserJet 6L</Param3>
</ShareFailed>
</UserData>
</Event>


Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 8/23/2009 2:13:21 AM
Event ID: 512
Task Category: Initializing a print provider
Level: Error
Keywords: Router,Classic Spooler Event
User: SYSTEM
Computer: 37L4247E29-32
Description:
InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>512</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000002800</Keywords>
<TimeCreated SystemTime="2009-08-23T09:13:21.751090300Z" />
<EventRecordID>1</EventRecordID>
<Correlation />
<Execution ProcessID="328" ThreadID="1048" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>37L4247E29-32</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<RouterError xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Name>inetpp.dll</Name>
<Error>0x0</Error>
</RouterError>
</UserData>
</Event>

I will remove/disconnect my printer.
Man, you're getting good at this.
My System SpecsSystem Spec
Reply

 Is there any way to tell who is accessing the registry?




Thread Tools




Similar help and support threads
Thread Forum
.bat reg import gives error accessing the registry
Hello everyone, im new here! now, ive got a .reg file that id like to import automatically via .bat file to the registry. if i type the code myself in CMD it does work, but the same code via the .bat file refuses to add and get the error of: error accessing the registry im using the code :...
General Discussion
Error Accessing the Registry in regedit.
Running .reg file gives this error. In Regedit I also cannot create a new key (to add the contents of the .reg file manually.) I have Full Control in permissions for HKEY_USERS.
General Discussion
Registry problem after windows update and registry optimization tool
Hello sevenforum, I've already spend some time on this forum today but I can't find the solution to a particular registry problem I'm having. While windows was uploading some updates yesterday, I cleaned my registry using Iolo's system mechanic tool and that's where the problems started. (I...
Backup and Restore
BSOD On Startup / Accessing New HD / Accessing Internet
Hello all, I'm running on a relatively new install of Windows 7 64bit Ultimate. I recently (about 2-3 weeks ago) installed a new HD and decided to have a fresh start so everything was formatted followed by win 7 install. Everything has been running great up until mid day yesterday. Out of what...
BSOD Help and Support
Error accessing the registry
Hi all and merry hollidays. I got a problem you may be able to help me... Yesterday I did a fresh installation of my W7 professional. Before that I backup the things I know I need. One ot them was to backup a branch from the registry to keep some details for a program I have. Today I...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:14.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App