Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Registry Console Window pops up several times / File System Error -214

malware virus error windows10 Filesystemerror registryconsole

  • Please log in to reply

#31
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I created a new user with admin rights and the error is also found there...  :smashcomp:


  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP

OK.  Bring up FRST and put

 

26EE0668-A00A-44D7-9371-BEB064C98683

 

in the box then hit registry search or whatever it is called.  It should give you a txt file.  Please copy and paste it into a reply.

 

Then repeat the search for the second number

 

7881be6a-ce28-4676-a29e-eb907a5126c5

 

and post its results too.


  • 0

#33
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

First registry search result:

 

Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Kassem (28-01-2017 22:22:07)
Running from C:\Users\Kassem\Desktop
Boot Mode: Normal
 
================== Search Registry: "26EE0668-A00A-44D7-9371-BEB064C98683" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DeviceUpdateLocations]
"::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{289A9A43-BE44-4057-A41B-587A76D7E7F9}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{43668BF8-C14E-49B2-97C9-747784D784B7}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{E413D040-6788-4C22-957E-175D1C513A34},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}]
"ParsingName"="shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{df7266ac-9274-4867-8d55-3bd661de872d}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OpenContainingFolderHiddenList]
"Start menu search results for Control Panel"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\DeviceUpdateLocations]
"::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{289A9A43-BE44-4057-A41B-587A76D7E7F9}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{43668BF8-C14E-49B2-97C9-747784D784B7}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{E413D040-6788-4C22-957E-175D1C513A34},"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}]
"ParsingName"="shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{df7266ac-9274-4867-8d55-3bd661de872d}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\OpenContainingFolderHiddenList]
"Start menu search results for Control Panel"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0"
[HKEY_USERS\S-1-5-21-198589097-2935813840-3369481996-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{C8BA9FB6-6100-45B6-A6CB-FD384DE84968}\RecentItems\{13B1DB41-4F02-4F0A-BE86-19EFF087D6C0}]
"Path"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\8\::{7B81BE6A-CE2B-4676-A29E-EB907A5126C5}"
 
====== End of Search ======

 

--------------------------------------------------------------------------------------------------------------------------------

 

Second registry search result:

 

There were errors, the text file was blank, I think you confused some '8's with 'B's, I am running it again.
 
Update:
 
Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Kassem (28-01-2017 22:51:09)
Running from C:\Users\Kassem\Desktop
Boot Mode: Normal
 
================== Search Registry: "7B81BE6A-CE2B-4676-A29E-EB907A5126C5" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b81be6a-ce2b-4676-a29e-eb907a5126c5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7b81be6a-ce2b-4676-a29e-eb907a5126c5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{7b81be6a-ce2b-4676-a29e-eb907a5126c5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{df7266ac-9274-4867-8d55-3bd661de872d}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{7b81be6a-ce2b-4676-a29e-eb907a5126c5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{df7266ac-9274-4867-8d55-3bd661de872d}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
[HKEY_USERS\S-1-5-21-198589097-2935813840-3369481996-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{C8BA9FB6-6100-45B6-A6CB-FD384DE84968}\RecentItems\{13B1DB41-4F02-4F0A-BE86-19EFF087D6C0}]
"Path"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\8\::{7B81BE6A-CE2B-4676-A29E-EB907A5126C5}"
[HKEY_USERS\S-1-5-21-198589097-2935813840-3369481996-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{7B81BE6A-CE2B-4676-A29E-EB907A5126C5} {000214E6-0000-0000-C000-000000000046} 0xFFFF"="0x0100000000000000561731CB7A16D201"
[HKEY_USERS\S-1-5-21-198589097-2935813840-3369481996-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{7B81BE6A-CE2B-4676-A29E-EB907A5126C5} {000214E6-0000-0000-C000-000000000046} 0xFFFF"="0x0100000000000000E16EDD1A9E79D201"
 
====== End of Search ======

Edited by KassD7, 28 January 2017 - 02:51 PM.

  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP

If we look at this one:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
 
It has the complete text of your message (without the error).  
 
{a305ce99-f527-492b-8b1a-7e76fa98d6e4}
 
 
AppUpdates
A305CE99-F527-492B-8B1A-7E76FA98D6E4
 
 
shell:AppUpdatesFolder
Displays installed Windows Updates
Applies to Vista, 7, 8
 so that might explain why you don't see your Windows Updates.
 
I also found this helpful hint which talks about the last GUID in the line:
 
 
 
Copy the next line:
 
C:\Windows\explorer.exe shell:::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}
 
Open an elevated command prompt and right click and Paste (or edit then paste) and the copied line should appear.  Hit Enter.  Does the windows update window open or do you get an error.  What does the error say?  If the window opens is it empty?
 
 
 
 
 

  • 0

#35
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

It opens normally, the error only pops up when I open it this  way (see attached figure):

 

Attached Thumbnails

  • Example.png

  • 0

#36
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

This is my Updates window, I see a lot of old Office updates, should I remove them?

Attached Thumbnails

  • Updates.JPG

  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP

No best to leave them.  

 

So it would seem that {d450a8a1-9568-45c7-9c0e-b4f9fb4537bd} is OK.

 

What about:

 

C:\Windows\explorer.exe shell:::{a305ce99-f527-492b-8b1a-7e76fa98d6e4}

 

(Opens the documents folder on my win 10)

 

 

C:\Windows\explorer.exe shell:::{df7266ac-9274-4867-8d55-3bd661de872d}

(says nothing associated with the GUID)


  • 0

#38
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

For both of the new commands I receive the message attached

Attached Thumbnails

  • Message.JPG

  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP

Must have made an error before with the one that opened to documents.  It gives me the same error you got.

 

Some of these are shell extensions so let's see if shellexview helps:

 

download ShellExView.
 
 
Use this download:
 
Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the errors.

  • 0

#40
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

The third column from the right is the File Size and the fourth is File Attributes, there are more than 10 columns; expand the window.


  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP

Probably a new version.  There should still be one column with  MICROSOFT at the top.  Got to walk the dog now.


  • 0

#42
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I got a bit confused, I would appreciate if you can download the new version and walk me through the process. Enjoy your walk!


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP

Yes it's a new version since I last used it .  MICROSOFT column is 7th from the right now just to the left of File Extensions.  Looks like:

 

sxv.JPG

 

If you click on the MICROSOFT column it will sort things with the NO entries at the top.  (If they are at the bottom you can just click on Microsoft again)

 

sxv2.JPG

 

Then select all of the no entries and hit the red mark on the upper left.  That will disable all of the non-microsoft items.  Usually that's enough tho this time the problem may be Microsoft things.  You have to either reboot or restart Explorer to have this take effect.

 

I see there is also a Microsoft entry called AllControlPanel Items.  It is possible that disabling this one may stop the errors.

 

 

 

 

 

 


  • 0

#44
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Okay so I first disabled all the NO elements, restarted and the error was still there. Then I disabled the All ControlPanels item, rebooted and the error still appears  :no:

 

Should I enable them back?


  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP

guess so.

 

Copy the next line:

 

start ::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7B81BE6A-CE2B-4676-A29E-EB907A5126C5}

 

Open an elevated command prompt and paste it in.

 

Does it work?

 

I think the error may be referring to a problem in

 

C:\Users\Kassem\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US

 

in this folder you will find a long list of different items.  If you double click on one a new window will open up.  

 

There is also a method discussed here for reindexing things:

 

https://answers.micr...56-cfc1834ae040

 

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, error, windows10, Filesystemerror, registryconsole

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP