Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1884
  • Last Modified:

Help trouble-shooting Event 1530

At shutdown I've been getting a registry leak.:

5 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\My
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\CA

1. Volume3 harddisk is the micro disk (SD) built-in reader. Why is that device holding the registry open when there is no micro-disk in it at shutdown? Is there a way to shut the volume down prior to shut down?

2. Note please: In other user profile warnings for Volume 3, various processes are listed: process 988, process 568, process 560 and, as show above, process 980. Again all involved HardiskVolume3 -- the micro disk reader I use to look at camera disks.

Thanks.
0
normanml
Asked:
normanml
  • 2
1 Solution
 
Ryan SmithCommented:
Run all the firmware updates for your computer.  Not windows updates but firmware.
0
 
MereteCommented:
It could be because it is internal is not optimised for quick removal
try this sourced from xp and Vista but should be the same"Optimize for quick removal "
This setting disables write caching on the device and in Windows, so the media can be removed without using the Safely Remove Hardware feature in the taskbar.
The card reader might experience a minor drop in device performance.
Source
In Device Manager, click the + sign next to Disk drives to display a list of the drive devices on your computer.
Memory card readers are seen as drive devices in Windows.
In the list of drive devices, right-click the device  to display a drop-down menu (for example, Generic USB CF Reader for CompactFlash media).
Click Properties in this menu.
Click the Policies tab in the Device Properties window.
Select Optimize for quick removal , and then click the OK button.

Using and Troubleshooting Memory Card Readers (Windows Vista and XP)
http://h10025.www1.hp.com/ewfrf/wc/document?cc=au&lc=en&docname=bph07910
0
 
normanmlAuthor Commented:
By accident deleted volume that had memory card reader software on it. Installed latest version of software (2.1), fixed a registry key pointing to the wrong place, and the leaks seemed to have stopped. Thanks. BTW none of the flash drives in DM had a policies tab, only the HDs internal and external.
0
 
MereteCommented:
Deleting the  card reader software explains what was going on since it is an internal device.
Good to see it fixed normanml , thank you!
Regards Merete
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now