Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All File transfers hang. No virus!


  • Please log in to reply

#106
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000]
"DevLoader"="*NTKERN"
"USDClass"="{511F3F20-732C-41f3-B413-07DA0EC825C5}"
"HardwareConfig"=hex:04
"InfPath"="oem45.inf"
"IncludedInfs"=hex(7):73,00,74,00,69,00,2e,00,69,00,6e,00,66,00,00,00,00,00
"InfSection"="USB.ESNT6.x64"
"ProviderName"="EPSON"
"DriverDateData"=hex:00,c0,e1,99,d8,82,d0,01
"DriverDate"="4-30-2015"
"DriverVersion"="1.0.0.3"
"MatchingDeviceId"="usb\\vid_04b8&pid_013d"
"DriverDesc"="EPSON Perfection V39"
"SubClass"="StillImage"
"Capabilities"=dword:00000013
"DeviceType"=dword:00000001
"DeviceSubType"=dword:00000011
"FriendlyName"="EPSON Perfection V39"
"DeviceID"="{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\\0000"
"Vendor"="EPSON"
"IsPnP"=dword:00000001
"CreateFileName"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\DeviceData]
"TwainDS"="EPSON Perfection V39"
"Model"="EPSON Perfection V39"
"ExtCmdModule"="esxi010c.dll"
"ExtBinModule"="esfw010c.bin"
"NumButtons"=dword:00000004
"HOptRes"=dword:000012c0
"VOptRes"=dword:000012c0
"ModelCode"="ES010D"
"OptionCaps"=dword:00000100

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events\Button0]
@="Start Button"
"GUID"="{A6C5A715-8C6E-11D2-977A-0000F87A926F}"
"LaunchApplications"="*"
"DefaultHandler"="{D3812C85-1F40-4E27-B977-58F21383DC60}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events\Button0\{D3812C85-1F40-4E27-B977-58F21383DC60}]
"Name"="Epson Event Manager"
"Desc"="Epson Event Manager"
"Icon"="C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe,0"
"Cmdline"="C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events\Button1]
@="Copy Button"
"GUID"="{FC4767C1-C8B3-48A2-9CFA-2E90CB3D3590}"
"LaunchApplications"="*"
"DefaultHandler"="{D3812C85-1F40-4E27-B977-58F21383DC60}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events\Button1\{D3812C85-1F40-4E27-B977-58F21383DC60}]
"Name"="Epson Event Manager"
"Desc"="Epson Event Manager"
"Icon"="C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe,0"
"Cmdline"="C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events\Button2]
@="Send Button"
"GUID"="{154E27BE-B617-4653-ACC5-0FD7BD4C65CE}"
"LaunchApplications"="*"
"DefaultHandler"="{D3812C85-1F40-4E27-B977-58F21383DC60}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events\Button2\{D3812C85-1F40-4E27-B977-58F21383DC60}]
"Name"="Epson Event Manager"
"Desc"="Epson Event Manager"
"Icon"="C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe,0"
"Cmdline"="C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events\Button3]
@="PDF Button"
"GUID"="{A65B704A-7F3C-4447-A75D-8A26DFCA1FDF}"
"LaunchApplications"="*"
"DefaultHandler"="{D3812C85-1F40-4E27-B977-58F21383DC60}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\Events\Button3\{D3812C85-1F40-4E27-B977-58F21383DC60}]
"Name"="Epson Event Manager"
"Desc"="Epson Event Manager"
"Icon"="C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe,0"
"Cmdline"="C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe"

 


  • 0

Advertisements


#107
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,530 posts
  • MVP

Are you able to see the 0000 key and its contents?


  • 0

#108
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

Are you able to see the 0000 key and its contents?

 

Yes


  • 0

#109
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,530 posts
  • MVP

OK.  Then let's try a new process monitor log.


  • 0

#110
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

OK.  Then let's try a new process monitor log.

 

I'd be happy to but the previous log was produced after I set permissions.

Since then, I didn't have to set more permissions.

I simply downloaded the .reg file and pasted its entries in this thread.


Edited by phickspc, 18 March 2018 - 10:45 AM.

  • 0

#111
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,530 posts
  • MVP

Missed the log but we are still getting:

 

High Resolution Date & Time:    3/18/2018 10:37:15.8474459 AM
Event Class:    Registry
Operation:    RegOpenKey
Result:    ACCESS DENIED
Path:    HKLM\System\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}\0000
TID:    1588
Duration:    0.0000969
Desired Access:    Read/Write

 

 

I think we need to try
Windows Repair all in one

http://www.tweaking....all_in_one.html

Download it and save it then run it.

You can skip to step 4 or 5 where it gives you the same picture as in the above link.
They now offer several canned options but we just want one:

Make sure only the following is checked before hitting Start:

Reset Registry Permissions


Reboot when done

then try the scanner again.


  • 0

#112
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

Here's a Tweaking.com - Windows Repair 2018 - Pre-Scan log:

Attached File  Tweaking.com - Windows Repair 2018 - Pre-Scan.txt   9.42KB   24 downloads

I then reset Registry permissions. Restarted.

Scanner still showed error.

Here's the new Process Monitor log


Edited by phickspc, 18 March 2018 - 08:07 PM.

  • 0

#113
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,530 posts
  • MVP

Not seeing any more access denied so the repair did its thing.

 

Can you navigate to

 

HKLM\System\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}

and right click and export it like you did the other key?

 

 


  • 0

#114
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\##?#USB#VID_0BB4&PID_0C81#FA54CYJ12521#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}]
"DeviceInstance"="USB\\VID_0BB4&PID_0C81\\FA54CYJ12521"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\##?#USB#VID_0BB4&PID_0C81#FA54CYJ12521#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\#]
"SymbolicLink"="\\\\?\\USB#VID_0BB4&PID_0C81#FA54CYJ12521#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\##?#USB#VID_0BB4&PID_0CA8&MI_01#6&3e00f27&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}]
"DeviceInstance"="USB\\VID_0BB4&PID_0CA8&MI_01\\6&3e00f27&0&0001"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\##?#USB#VID_0BB4&PID_0CA8&MI_01#6&3e00f27&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\#]
"SymbolicLink"="\\\\?\\USB#VID_0BB4&PID_0CA8&MI_01#6&3e00f27&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\##?#USB#VID_0BB4&PID_0F0E&MI_01#6&20c0cb3b&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}]
"DeviceInstance"="USB\\VID_0BB4&PID_0F0E&MI_01\\6&20c0cb3b&0&0001"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\##?#USB#VID_0BB4&PID_0F0E&MI_01#6&20c0cb3b&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\#]
"SymbolicLink"="\\\\?\\USB#VID_0BB4&PID_0F0E&MI_01#6&20c0cb3b&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\##?#USB#VID_0BB4&PID_0F87&MI_01#6&11c12a65&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}]
"DeviceInstance"="USB\\VID_0BB4&PID_0F87&MI_01\\6&11c12a65&0&0001"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\##?#USB#VID_0BB4&PID_0F87&MI_01#6&11c12a65&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}\#]
"SymbolicLink"="\\\\?\\USB#VID_0BB4&PID_0F87&MI_01#6&11c12a65&0&0001#{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}"

 


  • 0

#115
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,530 posts
  • MVP

Can you export:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}


  • 0

Advertisements


#116
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

It's attached here:

Attached File  36fc9e60-c465-11cf-8056-444553540000.txt   46.31KB   24 downloads
 


  • 0

#117
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,530 posts
  • MVP

Go in to Device Manager and open the section on Universal Serial Bus Controllers.  Right click on each and Uninstall.

 

Reboot, wait for it to finish reinstalling the devices and then go into regedit and export the same key again.


  • 0

#118
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

I uninstalled everything under Universal Serial Bus Section until the category itself disappeared.
Restarted.
Driver software reinstalled for about 5minutes (last four devices took the longest).

I received the warning: 'Your generic usb hub can perform faster if it is plugged into a high-speed port.'
Despite this error, the driver for that item did display 'Ready to use' like the others.
Later, the warning window came up again listing the USB Root Hub under 3A3A & 3A3C enhanced host contrllers in bold.
Then the same window popped up about six more times 'Alcor Micro USB 2 card reader' (3 times) and 'Generic USB Hub'(6 times).

I restarted my PC again because HID-compliant consumer control device displayed 'Finished, restart required.'

Then I exported the regedit key you wanted: Attached File  36FC9E60-C465-11CF-8056-444553540000 (Version 2).txt   45.87KB   96 downloads

Then I looked in Device manager to notice that the two devices that displayed the warnings above are the first items that show up under the Universal Serial Bus Category in Device Manager.
Then I right clicked on both items and noticed that both devices are apparently running at full-speed.
I then realised that my speechware 9in1 USB TableMike which has a card reader and a usb port on the device might in fact be a usb hub.

Even though that port wa unplugged and there was no card in the reader, I disconnected the speechware item and restarted.

The scanner still showed the warning when I plugged it in. Click here for Process monitor log.


  • 0

#119
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,530 posts
  • MVP

Go in to regedit and  right click on the

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}]
Export.  Save the key in case things go South.  Now right click on the same key

and delete.  You may get an error but it should remove all of the 0000 etc entries.  Now go back in to Device Manager and uninstall the USB stuff again like we just did and reboot.  Do you still get the warning?


  • 0

#120
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts

Exported [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}].

Deleted key successfully despite warnings.

But it wouldn't allow me to delete the file in the root directory of that folder or the properties folder.

Unplugged 9in1 Speechware device.

Restarted.

All the devices drivers finished reinstalling.

No speed warnings.

Plugged in Scanner and the speed warning showed up again as usual (3A3A & 3A3C).

Click here for Process Monitor log.

Plugged in speechware device and scanned hardware as it installed its drivers.

*Whilst in device manager, noticed that the category now has a cartwheel symbol and it is now called Unknown instead of Universal Serial Bus. And all the newly installed drivers within this category show question marks in their icons.*

The speed warning showed up again for only Alcor Micro SD under 3A3A & 3A3C.

Restarted as one of the drivers requested (like before when I performed this procedure the first time around).

*After restart, Universal Serial Bus category is still labelled Unknown and has cartwheel symbol, and all items within it display question mark icons.*

Btw, noticed that MMC.exe also hangs during dialog windows e.g. when searching for driver updates on internet.


Edited by phickspc, 20 March 2018 - 03:22 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP