Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Registry Console Window pops up several times / File System Error -214

malware virus error windows10 Filesystemerror registryconsole

  • Please log in to reply

#46
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Yes it works! I entered the location and found the files, I'll try the method in the link. Thanks a lot !

 

UPDATE: This method won't work for me since I don't have a working profile (Step 1 in the link), so most probably it won't work after indexing in the new profile.

 

Thank you anyways! I appreciate your dedication and hard work.


Edited by KassD7, 28 January 2017 - 09:47 PM.

  • 0

Advertisements


#47
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Update!

 

After some extensive research and reading all the posts in the last link you sent the problem I'm facing is definitely due to indexing. There is something called Indexing Options built in in Win 10 (see figure attached). After I deleted and rebuilt the indexing the error still appears, however if you notice in the picture in the Users folder there is an exclusion to AppData, folder in which my error is located. Do you advise me to remove this exclusion and again auto index?

Attached Thumbnails

  • Indexing.JPG

  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Guess it's worth a try


  • 0

#49
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Didn't work, I guess I need to format my laptop :S


  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Tell me again exactly when these popups show up.

 

Is it just at boot?  I assume there is more than one.  If you x one do you get another?  If you keep killing them off do they eventually stop (after how many windows).

 

Before reloading windows try windows repair all-in-one

 

 

Windows Repair all in one
 
 
Download it and save it then run it.
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
I think by default most of the options are checked so you can just leave it that way and press Start.
 
Reboot when done.

  • 0

#51
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

The pop ups error was solved (I mentioned this before) now my error is just the indexing one. If I access the en-US folder from the location you sent me I can open any window with no problem. when I try accessing them using the search bar (Cortana) the error pops up Main Error.JPG . I tried getting this folder (en-US) from my friend's laptop since he has no errors, but once I put them in the location I still get the error.

 

Again, now the only error I have is the indexing one.


  • 0

#52
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Amazingggggg!!! Windows Repair SOLVED my problem! Thank you a lot!


  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Wonderful.  I hesitate to use it since it has a simplified idea of what permissions to apply to every file but it does sometimes fix things that nothing else will.

 

Do you still have the Microsoft-Windows-Security-SPP errors in your VEW logs?


  • 0

#54
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Yes I do..

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 29/01/2017 9:29:26 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/01/2017 7:25:40 PM
Type: Error Category: 2
Event: 17120 Source: MSSQL$TEW_SQLEXPRESS
SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
 
Log: 'Application' Date/Time: 29/01/2017 7:25:40 PM
Type: Error Category: 2
Event: 17826 Source: MSSQL$TEW_SQLEXPRESS
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
 
Log: 'Application' Date/Time: 29/01/2017 7:25:40 PM
Type: Error Category: 2
Event: 17182 Source: MSSQL$TEW_SQLEXPRESS
TDSSNIClient initialization failed with error 0x5, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Access is denied. 
 
Log: 'Application' Date/Time: 29/01/2017 7:25:40 PM
Type: Error Category: 2
Event: 17182 Source: MSSQL$TEW_SQLEXPRESS
TDSSNIClient initialization failed with error 0x5, status code 0x51. Reason: Unable to configure MDAC-compatibility Named Pipes protocol pipe name in registry. Access is denied. 
 
Log: 'Application' Date/Time: 29/01/2017 7:25:40 PM
Type: Error Category: 2
Event: 17053 Source: MSSQL$TEW_SQLEXPRESS
UpdateUptimeRegKey: Operating system error 5(Access is denied.) encountered.
 
Log: 'Application' Date/Time: 29/01/2017 7:25:37 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified. 
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 4098:44-4098:45 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 4498:57-4498:58 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 1506:32-1506:33 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 1627:54-1627:55 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 5870:15-5870:16 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 10277:23-10277:24 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 8023:36-8023:37 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 7760:72-7760:73 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:55 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 2354:29-2354:30 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:54 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 1483:35-1483:36 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:54 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 15124:39-15124:40 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:54 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 11920:3-11920:4 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:54 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 4005:19-4005:20 in IStream
 
Log: 'Application' Date/Time: 29/01/2017 7:09:54 PM
Type: Error Category: 0
Event: 17 Source: WNIW
syntax error from 2649:20-2649:21 in IStream
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/01/2017 7:26:07 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=UserLogon(1)
 
Log: 'Application' Date/Time: 29/01/2017 6:11:00 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=NetworkAvailable
 
Log: 'Application' Date/Time: 29/01/2017 6:10:39 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = b322da9c-a2e2-4058-9e4e-f59a6970bd69 Trigger=UserLogon(1)
 
Log: 'Application' Date/Time: 29/01/2017 6:10:29 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 29/01/2017 6:08:35 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET CLR Data service. Reinstall the performance counters manually using the LODCTR tool.
 
Log: 'Application' Date/Time: 29/01/2017 6:08:35 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET CLR Networking service. Reinstall the performance counters manually using the LODCTR tool.
 
Log: 'Application' Date/Time: 29/01/2017 6:08:35 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET Data Provider for Oracle service. Reinstall the performance counters manually using the LODCTR tool.
 
Log: 'Application' Date/Time: 29/01/2017 6:08:35 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET Data Provider for SqlServer service. Reinstall the performance counters manually using the LODCTR tool.
 
Log: 'Application' Date/Time: 29/01/2017 6:08:35 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NETFramework service. Reinstall the performance counters manually using the LODCTR tool.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:15 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:15 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:13 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:13 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:10 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_OfflineFilesConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:10 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_OfflineFilesConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:10 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_OfflineFilesConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:07 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_FolderRedirectionConfiguration, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:07 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_FolderRedirectionConfiguration, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:07 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 29/01/2017 5:59:07 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Does Microsoft Office work without complaint?  Supposedly the Microsoft-Windows-Security-SPP errors we see are related to the licensing of Office.

 

You have a lot of SQL errors.  Are you using SQL Server Browser for SQL Server 2012?  IF not I would uninstall it.  If you use it see if you can get it to repair itself:

http://dba.stackexch...ess-2012-repair

 

Dropbox is also reporting a problem.  If it's something you use it probably needs a reinstall.  If not, uninstall it.


  • 0

Advertisements


#56
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I think all the office errors are from the updates which are 2003 and 2007 web components, I now use the 2016 version.

 

Updates.JPG

 

I uninstall the SQL Browser since I don't use it and I will reinstall Dropbox.


  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

OK.  Guess it's time to clean up:

 

 
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
 
DeleteQuarantine:
 
Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
 
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 
Ron

  • 0

#58
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Thank you Ron!


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, error, windows10, Filesystemerror, registryconsole

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP