Julcard

Member
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Julcard

  • Rank
    Member
  1. Can i send it in PM, i dont know if it contains sensitive information. Also i checked the Security tab in event viewer, i can see long list of account log on and giving priviledges to account, the interval between these logons is few minutes.
  2. If I copied the whole application event log, could you deduce atleast something about whats going on with these? There are timestamps in these event ids that match to others related to some security thing. I am honestly REALLY stressed about these considering ive been experiencing alot of weird stuff going on with my pc for like a year, especially when at some point definitely was spying on me based on whats has happened to me. If this is malware, this is something really serious and high level intrusion. You are my only hope at this point.
  3. Yeah but since its unknown, we should really investigate what it is, it could be malware. Also those unknown process things have happened even when Zemana was not installed.
  4. I am using emsisoft and malwarebytes, zemana is for on demand scan Also what are those entries of unknown process doing registry changes??
  5. This is not your typical infected pc-problem, as no virus scan can find anything but still I keep experiences all kinds of weird things, few months ago someone tried to log in to my email even though no virus scans showed nothing for an example. Something always seems to come regardless of how many times i secure erase my ssd and reinstall windows. I am not irresponsible pc user, i have my antivirus and antimalware programs running and up todate, and scan with supplementary softwares all the time. I dont even surf around in the web that much, i mostly use sites like youtube, reddit, and other well reputable sites.
  6. Here is another example Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1776908731-2155016529-3854037204-1001_Classes: Process 2444 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.sechealthui_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust Process 2444 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.sechealthui_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA Process 2444 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.sechealthui_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root Process 2444 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.sechealthui_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople Process 2444 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.sechealthui_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed
  7. Event log has lots of event ID 1530 things, one of them has following details: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. DETAIL - 33 user registry handles leaked from \Registry\User\S-1-5-21-1776908731-2155016529-3854037204-1001: Process 820 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001 Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001 Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001 Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001 Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001 Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\SystemCertificates\CA Process 92 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\System\GameConfigStore\Parents Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\SystemCertificates Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\SystemCertificates Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\SystemCertificates Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\SystemCertificates Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\SystemCertificates\trust Process 92 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\System\GameConfigStore Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\CloudContent Process 2856 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 2940 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 4700 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows\CurrentVersion\Privacy Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2940 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 4700 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\DataCollection Process 2940 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 4700 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 2940 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main Process 4700 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Main Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\SystemCertificates\Root Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\SystemCertificates\Disallowed Process 708 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts Process 92 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\System\GameConfigStore\Children Process 2940 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Security Process 4700 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\Internet Explorer\Security Process 2980 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1776908731-2155016529-3854037204-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
  8. For months ive been wiping my ssd and reinstalled windows, because I keep experiencing something weird with my pc constantly. Now latest was some black box flashing in lower right corner in browser when i was looking at emsisoft webpage, the site is reputable so thats not issue. Also I noticed that my downloads folder had changed its view settings to "large icon", previously it was set to "details" which is the default, and I have not changed that myself. I cant find anything from various virus scanners. Also I noticed some weird event logs in the event viewer, where unknown process does some registry changes. Here are also farbar logs for analyzing. Shortcut.txt Addition.txt FRST.txt
  9. I mean problems such, when emsisofts behavior blocker or file guard is trying to analyze stuff, if at the same time malwarebytes real time layers are doing the same things, do these processes interfere each other making me actually less secure?
  10. I have malwarebytes installed but disabled the protection layers (web protection, malware protection, exploit protection, ransomware protection), because i feared it would cause issues with Emsisofts own real time protections. So are you absolutely sure they work well together? Because it is said everywhere that running two real time malware protections causes issues.
  11. Is there any problems? Since emsisoft antimalware works as both antivirus and antimalware, could malwarebytes real time layers cause issues? Generally its advised to only have 1 real time antivirus and 1 real time antimalware protections. In emsisofts case this gets tricky, so how is the deal?