Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What are these unknown processes doing? Is this normal?


  • Please log in to reply
1 reply to this topic

#1 Sunbread1

Sunbread1

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 08 June 2017 - 12:14 PM

In event viewer, i have alot of these event id 1530 things. It is concerning that there are multiple "unknown" processes.

 

For an example:

 

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.  

 DETAIL -
 25 user registry handles leaked from \Registry\User\S-1-5-21-1776908731-2155016529-3854037204-1001:
Process 848 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001
Process 988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\System\GameConfigStore\Parents
Process 988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\System\GameConfigStore
Process 904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\CloudContent
Process 2912 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 2892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2656 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
Process 2656 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 4384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 904 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\DataCollection
Process 2656 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\DOMStorage
Process 2892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2656 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main
Process 4384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main
Process 2656 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main
Process 672 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 988 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\System\GameConfigStore\Children
Process 2892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Security
Process 4384 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Security
Process 2656 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Security
Process 2656 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Zoom



BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:26 PM

Posted 08 June 2017 - 11:34 PM

Normal.

 

https://support.microsoft.com/en-us/help/947238/event-id-1530-may-be-logged-in-the-application-log-on-a-windows-vista-or-newer-computer






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users