Results 1 to 4 of 4
  1. #1
    Lounger
    Join Date
    Nov 2010
    Location
    NJ
    Posts
    26
    Thanks
    2
    Thanked 1 Time in 1 Post

    Updates leave registry leak

    After the most recent Win7 updates (8-9-16?), I get the same admin warning at EVERY shutdown.

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
    Process 760 (\Device\HarddiskVolume3\Windows\System32\winlogon .exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-
    1001"The first subkey is under Protected Storage System Provider" main key. The second is under InternetRegistry/Register/User.

    Any ideas on a solution to stop the leaks.
    Thanks.

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,621
    Thanks
    147
    Thanked 877 Times in 839 Posts
    Is that the error message you are getting or the details of a Warning Event ID1530 in Event Viewer ?

  3. #3
    Lounger
    Join Date
    Nov 2010
    Location
    NJ
    Posts
    26
    Thanks
    2
    Thanked 1 Time in 1 Post
    Correct Sudo 15. It's a 1530 in EV. I have doubled checked to make sure nothing is running at shutdown, double checked scheduled tasks to make sure there are no tasks queued up to run.

    Here's the XML, for what it's worth:
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
    <EventID>1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2016-08-13T15:11:09.779537500Z" />
    <EventRecordID>551947</EventRecordID>
    <Correlation />
    <Execution ProcessID="480" ThreadID="3132" />
    <Channel>Application</Channel>
    <Computer>MN-PC</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    - <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001: Process 760 (\Device\HarddiskVolume3\Windows\System32\winlogon .exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001</Data>
    </EventData>
    </Event>

    The "provider" is interesting: Microsoft-Windows-User Profiles Service.

    Thanks.

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,621
    Thanks
    147
    Thanked 877 Times in 839 Posts
    I tried to reply to this thread last night but whenever I hit Go Advanced or Post Quick Reply, I only got a blank page with just the forum header and it was only with this thread, but the forum has been playing up again for me this morning.

    I don't have any of those keys in my registry so it must be something you have installed on your machine.

    See if you still get the error message after performing a clean boot.

    Go Start - type msconfig and press enter.

    Under the Startup tab click on Disable all - Apply - OK - Restart

    If you still get the message then go back into msconfig and under the Services tab check the box to Hide all Microsoft services and this is a must before you hit Disable all - Apply - OK - Restart.

    If you no longer get the message after disabling all under the Startup tab then you will need to re-enable one at a time until it returns, then leave that unchecked.

    Do the same with non-MS services if it takes disabling those to get rid of the error message.

    To return to a normal boot, in msconfig check the radio button for Normal startup.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •