none
Registry leak, event ID 1530 -- crashes all running apps

    Question

  •  

    Windows Vista Business SP1, 64-bit. Rather often (every other day, maybe; sometimes several times per day) I get event ID 1530 warning in the application log. After the registry file is closed, all applications, including Windows Explorer, stop working. Logging off and on (no reboot required) fixes the problem. I have not managed to find the offending application.  Here's the complete event; most users report 1-2 keys leaked from a single process, here I have 69 (!) keys from many different applications.

     

    This is REALLY irritating because I have to stop working, log off, and restart all applications to resume normal work.

     

    The only thing that I've changed in my configuration is that I boot into selective startup mode -- I have disabled startup of ONLY 3rd party software that came with the laptop, no windows components.

     

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -

    69 user registry handles leaked from \Registry\User\S-1-5-21-2053891651-412668094-3389808017-1001_Classes:

    Process 3724 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 3904 (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 3724 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 1292 (\Device\HarddiskVolume1\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 4088 (\Device\HarddiskVolume1\Program Files\Windows Defender\MSASCui.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 3624 (\Device\HarddiskVolume1\Windows\System32\dwm.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 3600 (\Device\HarddiskVolume1\Windows\System32\taskeng.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 3600 (\Device\HarddiskVolume1\Windows\System32\taskeng.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 312 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES

    Process 4680 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\CLSID

    Process 4064 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\CLSID

    Process 3956 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\CLSID

    Process 4088 (\Device\HarddiskVolume1\Program Files\Windows Defender\MSASCui.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\CLSID

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell

    Process 4472 (\Device\HarddiskVolume1\Program Files (x86)\Internet Explorer\ieuser.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

    Process 1584 (\Device\HarddiskVolume1\Program Files (x86)\Internet Explorer\iexplore.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\ComDlg

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\ComDlg

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\ComDlg

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\ComDlg

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\ComDlg

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\ComDlg

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\ComDlg

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\ComDlg

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\Shell

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\Shell

    Process 3724 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\Shell

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\208\Shell

    Process 3724 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\27\Shell

    Process 4088 (\Device\HarddiskVolume1\Program Files\Windows Defender\MSASCui.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\CLSID

    Process 3724 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\45\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg

    Process 3724 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

    Process 3724 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\45\Shell

    Process 3956 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4060 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4064 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 3956 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 1856 (\Device\HarddiskVolume1\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 3792 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4456 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4680 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4680 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4996 (\Device\HarddiskVolume1\Program Files (x86)\Opera\opera.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4472 (\Device\HarddiskVolume1\Program Files (x86)\Internet Explorer\ieuser.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4472 (\Device\HarddiskVolume1\Program Files (x86)\Internet Explorer\ieuser.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 1584 (\Device\HarddiskVolume1\Program Files (x86)\Internet Explorer\iexplore.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 5016 (\Device\HarddiskVolume1\Windows\SysWOW64\conime.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 3524 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 1584 (\Device\HarddiskVolume1\Program Files (x86)\Internet Explorer\iexplore.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 4380 (\Device\HarddiskVolume1\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 3696 (\Device\HarddiskVolume1\Program Files (x86)\Analog Devices\Core\smax4pnp.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 3688 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\IAM\Bin\asghost.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 3688 (\Device\HarddiskVolume1\Program Files (x86)\Hewlett-Packard\IAM\Bin\asghost.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Process 1856 (\Device\HarddiskVolume1\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-2053891651-412668094-3389808017-1001_CLASSES\Wow6432Node

    Sunday, October 05, 2008 8:05 AM