Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: Rick on October 01, 2016, 11:34:58 pm
-
any help/ideas?
thanks in advance.
-
A bit more info please like when does this occur, like straight after you have booted up or all of the time.
Which antivirus program are you using and have you tried bringing it up to date before using any of your programs or are they the same after a reboot ?
-
it happens all the time;
Office,Firefox etc...
No addons, no addins detected;
Not using any Anti-Virus programs.
I believe its related to a malware, but none found that can cause such an issue all the time
It might be hidden in the automation servers in excel.
-
It's possible that the icon cache has become corrupt.
Read through Option 1 in http://www.sevenforums.com/tutorials/49819-icon-cache-rebuild.html to see if it resolves.
-
found this program, it helps see whats running and going on inside;
http://www.bleepingcomputer.com/download/dds/
refer to attached; note that CCCleaner is not the issue as it was installed today...
have rebuilt the icon database over the last month or so already
Should add; sfc scan can not fix;
2016-10-02 21:56:48, Info CSI 00000193 [SR] Cannot repair member file [l:32{16}]"mmcshext.dll.mui" of Microsoft-Windows-Microsoft-Management-Console.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-CN", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-10-02 21:56:56, Info CSI 00000194 [SR] Cannot repair member file [l:32{16}]"mmcshext.dll.mui" of Microsoft-Windows-Microsoft-Management-Console.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-CN", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-10-02 21:56:56, Info CSI 00000195 [SR] This component was referenced by [l:262{131}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.1.7601.17514.Windows Foundation Language Pack"
2016-10-02 21:56:56, Info CSI 00000196 [SR] This component was referenced by [l:228{114}]"Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~x86~zh-CN~6.1.7601.17514.ScanManagementConsole"
-
Removed;
RegistryKey : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EsgScanner
Image Path : C:\Windows\System32\DRIVERS\EsgScanner.sys
-
reset the apple charger like this;
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppleCharger]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,41,00,70,00,70,00,6c,00,65,00,43,\
00,68,00,61,00,72,00,67,00,65,00,72,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="AppleCharger"
"Description"="Apple mobile devices charging program"
"DebugFlags"=dword:00000000
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppleChargerSrv]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,41,00,\
70,00,70,00,6c,00,65,00,43,00,68,00,61,00,72,00,67,00,65,00,72,00,53,00,72,\
00,76,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="AppleChargerSrv"
"Description"="Apple mobile devices charging service"
"ObjectName"="localSystem"
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbCharger]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,73,00,62,00,43,00,68,00,61,\
00,72,00,67,00,65,00,72,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="UsbCharger"
"Description"="BC compliant mobile device (Android phone/tablet) charging program"
"DebugFlags"=dword:00000000
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\usbflags\05AC13900218]
"osvc"=hex:00,00
"SkipBOSDescriptorQuery"=dword:00000001
"DisableOnSoftRemove"=dword:00000000
-
Why have you been deleting registry keys ?
Perform another sfc /scannow and if that still reports it is unable to repair some files then run SFCFix.exe to see what that reports.
http://www.majorgeeks.com/files/details/sfcfix.html
-
Good program to use, no effect for mui cases though;
sfcfix scan can not fix;
2016-10-02 21:56:48, Info CSI 00000193 [SR] Cannot repair member file [l:32{16}]"mmcshext.dll.mui" of Microsoft-Windows-Microsoft-Management-Console.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-CN", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-10-02 21:56:56, Info CSI 00000194 [SR] Cannot repair member file [l:32{16}]"mmcshext.dll.mui" of Microsoft-Windows-Microsoft-Management-Console.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-CN", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-10-02 21:56:56, Info CSI 00000195 [SR] This component was referenced by [l:262{131}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.1.7601.17514.Windows Foundation Language Pack"
2016-10-02 21:56:56, Info CSI 00000196 [SR] This component was referenced by [l:228{114}]"Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~x86~zh-CN~6.1.7601.17514.ScanManagementConsole"
-
You have Microsoft Security Essentials installed as your antivirus program and that is not receiving any updates.
Why do you suspect an infection and in Excel ?
Boot up into Safe Mode with Networking and download the ESET Free Online Scanner - https://www.eset.com/us/online-scanner/
Check the two boxes for PuPs and PuMs then click on Advanced and check those boxes, although Archives and Proxy are optional depending how deep you think the infection has gone.
-
Have tried eset online twice; both times it crashed;
serious problem with the program is that theirs a function to auto delete just wonder if it did and what!!!!!
any chance can read the file somewhere of what it did and found?
-
Did you run it in Safe Mode with Networking ?
-
yes, ran in safe mode. changed the system screen and power modes to on... it may have something to do with it.
also o nly checked drive c finally can review the report, there system is flawed because it does not capture this event so people can review what it did prior. does it add/keep all instances of what it does in one file?
why can it not be captured in text mode on saved on the desktop for further review?
it would be wise not to run any other programs like opening a webpage during running
it also captured and quarantined cccleaner...
where is the quarantine file kept?
once i close the program how to open it and restore if i need too?
if it quarantined the files wont they still exist in the registry?
another problem is it should point to where the program is in the registry, after-all a wise virus can grow back if it can not find itself locally right?
-
It's been a while since I ran it and it found anything on mine, but I thought it told you if it found anything in running.
Has there been any change to being able to access your programs in normal mode and do they work in Safe Mode ?
-
I will review getting another faster IC processor
-
I don't see how that relates to you not being able to open your programs if you were able to before.
Can you answer what I asked in my last post ?
-
Boggin,
sure safe mode is fine...
I had changed one setting; will get back here to report. this setting will probably solve many issues and need to make a fixit...
One setting I changed;
Right click on the program view compatibility change to your current system. restart the computer.
Only do this for programs causing the "not responding" delay.
Checking root certificate store to also showed some expired certificates in the UAC ...
"Not funny MSFT" please fix your systems.
and NO; DO NOT TURN OFF UAC notifications!
regards
-
So far so good!
-
So far so good!
so far so good
suggest a fix-it for this solution;
-
Bigger question remains, why; if running windows 7, why need change it? my other computer says no need change as it is using this version already...
Did something cause the registry setting to change?
Dear MSFT, please fix the system version settings