Solved

Help trouble-shooting Event 1530

Posted on 2014-04-03
4
1,713 Views
Last Modified: 2014-04-06
At shutdown I've been getting a registry leak.:

5 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\My
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\CA

1. Volume3 harddisk is the micro disk (SD) built-in reader. Why is that device holding the registry open when there is no micro-disk in it at shutdown? Is there a way to shut the volume down prior to shut down?

2. Note please: In other user profile warnings for Volume 3, various processes are listed: process 988, process 568, process 560 and, as show above, process 980. Again all involved HardiskVolume3 -- the micro disk reader I use to look at camera disks.

Thanks.
0
Comment
Question by:normanml
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Ryan Smith
ID: 39975685
Run all the firmware updates for your computer.  Not windows updates but firmware.
0
 
LVL 70

Accepted Solution

by:
Merete earned 500 total points
ID: 39977165
It could be because it is internal is not optimised for quick removal
try this sourced from xp and Vista but should be the same"Optimize for quick removal "
This setting disables write caching on the device and in Windows, so the media can be removed without using the Safely Remove Hardware feature in the taskbar.
The card reader might experience a minor drop in device performance.
Source
In Device Manager, click the + sign next to Disk drives to display a list of the drive devices on your computer.
Memory card readers are seen as drive devices in Windows.
In the list of drive devices, right-click the device  to display a drop-down menu (for example, Generic USB CF Reader for CompactFlash media).
Click Properties in this menu.
Click the Policies tab in the Device Properties window.
Select Optimize for quick removal , and then click the OK button.

Using and Troubleshooting Memory Card Readers (Windows Vista and XP)
http://h10025.www1.hp.com/ewfrf/wc/document?cc=au&lc=en&docname=bph07910
0
 

Author Closing Comment

by:normanml
ID: 39981584
By accident deleted volume that had memory card reader software on it. Installed latest version of software (2.1), fixed a registry key pointing to the wrong place, and the leaks seemed to have stopped. Thanks. BTW none of the flash drives in DM had a policies tab, only the HDs internal and external.
0
 
LVL 70

Expert Comment

by:Merete
ID: 39981932
Deleting the  card reader software explains what was going on since it is an internal device.
Good to see it fixed normanml , thank you!
Regards Merete
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question