Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Help trouble-shooting Event 1530

Posted on 2014-04-03
4
Medium Priority
?
1,840 Views
Last Modified: 2014-04-06
At shutdown I've been getting a registry leak.:

5 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\My
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\CA

1. Volume3 harddisk is the micro disk (SD) built-in reader. Why is that device holding the registry open when there is no micro-disk in it at shutdown? Is there a way to shut the volume down prior to shut down?

2. Note please: In other user profile warnings for Volume 3, various processes are listed: process 988, process 568, process 560 and, as show above, process 980. Again all involved HardiskVolume3 -- the micro disk reader I use to look at camera disks.

Thanks.
0
Comment
Question by:normanml
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Ryan Smith
ID: 39975685
Run all the firmware updates for your computer.  Not windows updates but firmware.
0
 
LVL 70

Accepted Solution

by:
Merete earned 2000 total points
ID: 39977165
It could be because it is internal is not optimised for quick removal
try this sourced from xp and Vista but should be the same"Optimize for quick removal "
This setting disables write caching on the device and in Windows, so the media can be removed without using the Safely Remove Hardware feature in the taskbar.
The card reader might experience a minor drop in device performance.
Source
In Device Manager, click the + sign next to Disk drives to display a list of the drive devices on your computer.
Memory card readers are seen as drive devices in Windows.
In the list of drive devices, right-click the device  to display a drop-down menu (for example, Generic USB CF Reader for CompactFlash media).
Click Properties in this menu.
Click the Policies tab in the Device Properties window.
Select Optimize for quick removal , and then click the OK button.

Using and Troubleshooting Memory Card Readers (Windows Vista and XP)
http://h10025.www1.hp.com/ewfrf/wc/document?cc=au&lc=en&docname=bph07910
0
 

Author Closing Comment

by:normanml
ID: 39981584
By accident deleted volume that had memory card reader software on it. Installed latest version of software (2.1), fixed a registry key pointing to the wrong place, and the leaks seemed to have stopped. Thanks. BTW none of the flash drives in DM had a policies tab, only the HDs internal and external.
0
 
LVL 70

Expert Comment

by:Merete
ID: 39981932
Deleting the  card reader software explains what was going on since it is an internal device.
Good to see it fixed normanml , thank you!
Regards Merete
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring Remote Assistance for use with SCCM
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question