Stopping GWX ConfigManager

[GRoston]

All,

While working on some stuff this evening, nothing computer intensive, I noticed that my hard drive started thrashing. A quick check of the Task Manager showed that gwxconfigmanager.exe was the culprit.

I did some digging around and it appears that this program was gifted to us by Microsoft as a part of Windows update KB3035583 and that its function relates to upgrading to Windows 10. Since every other Windows OS is a steaming pile (Windows ME, Windows Vista, Windows 8), Windows 10 may actually turn out to be okay - put I will decide if and when to upgrade - not Microsoft.

None of the posts I found indicated how the program was launched. As such, the first place I checked was Scheduled Tasks and I found four related tasks, all listed in Task Schedule Library->Microsoft->Windows->Setup->GWX.

So, to remove this useless bloatware:

1. Delete each of the tasks in the above mentioned folder (and then the folder for good measure)
2. With Windows Explorer, go to c:\Windows\System32. Right click on the folder GWX and select properties. From there, change the owner to an account with admin privileges and give the same user full control. Then delete the folder.
3. Repeat the same steps in c:\Windows\SysWOW64

It has been suggested that one can simply uninstall the update, however, if this is a critical update, it will keep coming back. I suspect/hope that my approach will be permanent.

 

[Layback Bear]

After you remove the update and recheck for updates and it comes back, just right tick on it and hide it.
Your shouldn't be bothered with it again.

 

[GRoston]

Removing the update works - just confirmed this.

 

[Trax]

un-install the update KB3035583. data was collected for 24 hours Apr 3-4th, log sent Apr 19th the day I found the directory. I have reason to think it has a panic mode if tampered with. I did manage to get a copy of the log, 4139 lines of my browsers activity during that time.

edit: disconnect yourself from the internet before you begin. the log itself is called config.xml there are three such files, you want the one in the cab file.

second edit: A decent firewall can inform you if a GWX directory returns, or whatever parameter you wish to monitor.

 

[RoasterMen]

I haven't touched anything with this update and it hasn't bothered me yet. Is it for US only?

 

[GRoston]

Trax - I what directory was the log file located?

 

[Anak]

Trax - I what directory was the log file located?

Try looking in: C:\Windows\System32, even C:\Windows\SysWOW64, but if you removed KB3035583, and did a reboot you shouldn't find it. Don't forget to hide it the next time it shows up in Win Updates.

I haven't touched anything with this update and it hasn't bothered me yet. Is it for US only?

I've lost track of it, oh here it is; Nope,

So just how big is the eligible Windows 10 upgrade base? It is certainly measured in the hundreds of millions, representing PCs running Windows in 111 languages and 190 countries worldwide.

Source: Get Windows 10: Microsoft's hidden roadmap for the biggest software upgrade in history | ZDNet

Related Links:
http://www.sevenforums.com/windows-...s-additional-capabilities-windows-broken.html

http://www.sevenforums.com/news/366474-microsoft-silently-preparing-your-pc-win-10-a.html

https://support.microsoft.com/en-us/kb/3035583

 

[Trax]

Trax - I what directory was the log file located?

My bad for taking so long to get back with you (it took me Google to find this message), This is an edited reply originally posted to Slashdot.org. A giveme, being a post from me has a tendency of being a tad long.

I logged in and joined as a Microsoft Insider, this allows me to beta test Win10, downloaded it but that's all. I can't agree to their TOS and at fist thought was the reason for what I found, the TOS would of allowed it.

First off, I keep all text related to GWX in one directory (GWX), two when I moved to create a boot USB drive. Sometimes it can't be found and then only one, half the time the directory is empty. Coming across as a badly written rootkit, and no finger pointing in any direction other than may haps my system, It's the only problem directory I have.
______

I disable my scanner when not in use as I use it so rarely. I use Autoruns to disable/enable the services that load on start-up. Putting it back online, for the Epson it takes some digging. While doing this I noticed some odd stuff being shown, directory guards(?), sites being accessed that shouldn't, odder the deeper I dug.
I've got the registry keys still, I always back up a key before deleting it, for obvious reasons.

Diectory guards, I'd never seen it before but there were one or two files protecting the directory "Adobe Stock Photos" they didn't take much to remove.

And anyone involved with the Macrovision DRM should be embarrassed.

The entry that led me me to GWX, was due to the entry "refreshgwxconfig"
Note: one script that’s better run from the command-line. The command-line scripting engine Cscript.exe - It requires a double \.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C562ABC-8CAB-4882-B48C-24A714B4726C}]
"Path"="\\Microsoft\\Windows\\Setup\\gwx\\refreshgwxconfig"
"Hash"=hex:68,6e,e8,73,f5,a6,d1,46,70,60,cc,52,e2,be,10,7d,b0,5c,28,d6,49,4b,\
a3,5a,de,b1,bc,cd,77,fd,9a,45
"Triggers-

Just last night I found something on refreshgwxconfig Suspicious New Folder: - Microsoft Community

Update notice: https://support.microsoft.com/en-us/kb/3035583/ Opening a + will show you the files involved. Do noticed your told nothing of what it's suppose to do.
Update refference #: KB3035583 Note: you need to hide this file in the update area they've sent it to me a few times since.

The directory in question is located at Windows/System32/GWX and you can't read some of the files where they are, you will get wrong path errors (at least what I was getting).

Disconnect yourself from the internet.

To remove the directory (many ways I'm sure, I just did it the way I always do) boot up with another OS (I use MiniXP supplied with Hiren's boot disk 15, in a pinch you can cobble a Boot CD/pen drive using www.Bootdisk.com). Just boot into MiniXP (or other) go to the GWX directory and move it to a Pen Drive - remove it from your system as it's possible for Win7+ to find and use it from any location (Possible, not likely).

Picture shows location of scanned results Best I could do was place it at the bottom.
It's location on a USB drive. The log file is called Config.xml and you will run across a few of them, it's the one in the cab file I found the scan. Making sense, if one sends more that one file it's best compressed in some manner.

Below is my scan and only 4139 lines in length. No changes- Note only 130+ lines posted.
Some of the middle, but the first part of the scan is important as it' shows it's collected encrypted data, and not sure if the rest is also encrypted as normally I can read these things.

It should be noted that when I went back to get the file for the data collected it had reset to 17K (a basic Config.xml file), I had to get the scan from my clip. I did a forensics check on my system to see exactly what happened, but had waited too long.

After scanning the log what upset me the most, are all of the temp actions were taking place at X:\Windows/Temp, after a fresh install I always set my %Temp% to C:\Temp - it's easier to clean out.

FireFox would of been used to play BF3, Opera for surfing, an Opera update would be for a version greater than 12 which is no problem, it allows Opera 12 to be of use again.

C:\Windows\System32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{31be5828-733a-4ecc-9276-1c8395f96e10}\snapshot.etl 368.00 KB 4/3/2015 4:10:34 PM
C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{12c90654-9f6b-43ff-a4da-348dfadf4021}\snapshot.etl 496.00 KB 4/3/2015 4:10:34 PM
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\43507F87C1453B2187C030286C2D44AB 1.00 KB 4/3/2015 4:11:15 PM
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 7.00 KB 4/3/2015 4:11:15 PM
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE7FFD2FD84D3B32FD43DC8F575A9F28 1.00 KB 4/3/2015 4:11:22 PM
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C7F163ED126D5C3CB9457F68EC64E9E 1.00 KB 4/3/2015 4:11:45 PM
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76 1.00 KB 4/3/2015 4:11:45 PM
C:\Windows\System32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{31be5828-733a-4ecc-9276-1c8395f96e10} 4/3/2015 4:11:55 PM
C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 1.00 KB 4/3/2015 4:13:46 PM
C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C24EC5BDAF13613245B4CECC3DE91DC6 1.00 KB 4/3/2015 4:13:46 PM
C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C24EC5BDAF13613245B4CECC3DE91DC6 1.00 KB 4/3/2015 4:13:46 PM
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask 5.00 KB 4/3/2015 4:13:51 PM
C:\Windows\System32\LogFiles\Scm\49e793ed-1166-4fd6-93c6-e2388219a004 1.00 KB 4/3/2015 4:13:52 PM
C:\Windows\System32\LogFiles\Scm\f52df85e-f02c-4b2d-bd33-8e03da228a85 1.00 KB 4/3/2015 4:13:52 PM
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline 5.00 KB 4/3/2015 4:13:52 PM
C:\Documents and Settings\All Users\Comodo\Firewall Pro\cisdata.sdb 20.00 KB 4/3/2015 4:15:54 PM
C:\ProgramData\Comodo\Firewall Pro\cisdata.sdb 20.00 KB 4/3/2015 4:15:54 PM
C:\Users\All Users\Comodo\Firewall Pro\cisdata.sdb 20.00 KB 4/3/2015 4:15:54 PM
C:\Windows\Temp\opera_autoupdate.log 1.00 KB 4/3/2015 4:16:00 PM
C:\Windows\Temp\CProgram Files (x86)Opera15\installing\Opera_Stable_28.0.1750.48-27.0.1689.76_Patch.exe 11,790.00 KB 4/3/2015 4:16:20 PM
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD 2.00 KB 4/3/2015 4:16:21 PM
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD 1.00 KB 4/3/2015 4:16:21 PM
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3BB9C1BA2D19E090AE305B2683903A0_6E9A9670139B949E0946278E14EB2FC8 2.00 KB 4/3/2015 4:16:21 PM
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3BB9C1BA2D19E090AE305B2683903A0_6E9A9670139B949E0946278E14EB2FC8 1.00 KB 4/3/2015 4:16:21 PM
C:\Windows\Temp\CProgram Files (x86)Opera15\installing\Assets 4/3/2015 4:16:23 PM
C:\Program Files (x86)\Opera15\28.0.1750.48\ffmpegsumo.dll 947.00 KB 4/3/2015 4:16:31 PM
C:\Windows\Temp\CProgram Files (x86)Opera15\installing\ffmpegsumo.dll 947.00 KB 4/3/2015 4:16:31 PM
-omited-
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\c\1jnyb8ll.d 10.00 KB 4/4/2015 5:37:32 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\c\1jnyb8ll.d 10.00 KB 4/4/2015 5:37:32 PM
C:\Documents and Settings\All Users\Origin\Logs\IGO_Log.firefox_3864.txt 1.00 KB 4/4/2015 5:37:35 PM
C:\ProgramData\Origin\Logs\IGO_Log.firefox_3864.txt 1.00 KB 4/4/2015 5:37:35 PM
C:\Users\All Users\Origin\Logs\IGO_Log.firefox_3864.txt 1.00 KB 4/4/2015 5:37:35 PM
C:\Documents and Settings\All Users\Origin\Logs\IGO_Log.bf3_3048.txt 13.00 KB 4/4/2015 5:37:41 PM
C:\ProgramData\Origin\Logs\IGO_Log.bf3_3048.txt 13.00 KB 4/4/2015 5:37:41 PM
C:\Users\All Users\Origin\Logs\IGO_Log.bf3_3048.txt 13.00 KB 4/4/2015 5:37:41 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\3\3lz8qou3.d 10.00 KB 4/4/2015 5:37:42 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\3\3lz8qou3.d 10.00 KB 4/4/2015 5:37:42 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\1\1y408k8q.d 10.00 KB 4/4/2015 5:38:04 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\1\1y408k8q.d 10.00 KB 4/4/2015 5:38:04 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\b\150pusjk.d 10.00 KB 4/4/2015 5:45:36 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\b\150pusjk.d 10.00 KB 4/4/2015 5:45:36 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\c\3326e9dl.d 10.00 KB 4/4/2015 5:57:28 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\c\3326e9dl.d 10.00 KB 4/4/2015 5:57:28 PM
C:\Documents and Settings\All Users\Origin\Logs\IGO_Log.Origin_2072.txt 7.00 KB 4/4/2015 5:57:30 PM
C:\ProgramData\Origin\Logs\IGO_Log.Origin_2072.txt 7.00 KB 4/4/2015 5:57:30 PM
C:\Users\All Users\Origin\Logs\IGO_Log.Origin_2072.txt 7.00 KB 4/4/2015 5:57:30 PM
C:\Documents and Settings\All Users\Origin\Logs\IGO_Log.bf3_3968.txt 16.00 KB 4/4/2015 5:57:49 PM
C:\ProgramData\Origin\Logs\IGO_Log.bf3_3968.txt 16.00 KB 4/4/2015 5:57:49 PM
C:\Users\All Users\Origin\Logs\IGO_Log.bf3_3968.txt 16.00 KB 4/4/2015 5:57:49 PM
C:\Temp\NVIDIA Corporation\NV_Cache\2a0326a08a12848dccfcd16232e70e39_fce8395c8fd8a867_be2aff5f6ce4ea0_0_16.bin 16,384.00 KB 4/4/2015 6:10:08 PM
C:\Temp\NVIDIA Corporation\NV_Cache\2a0326a08a12848dccfcd16232e70e39_fce8395c8fd8a867_be2aff5f6ce4ea0_0_4.toc 4,096.00 KB 4/4/2015 6:22:41 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\d\2gpg2clm.d 10.00 KB 4/4/2015 6:24:53 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\d\2gpg2clm.d 10.00 KB 4/4/2015 6:24:53 PM
C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a7e60ea-2ad9-4b16-81d9-981363620441}\snapshot.etl 336.00 KB 4/4/2015 6:26:23 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\3\2rb5ati3.d 10.00 KB 4/4/2015 6:27:48 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\3\2rb5ati3.d 10.00 KB 4/4/2015 6:27:48 PM
C:\Documents and Settings\All Users\Origin\Logs\IGO_Log.firefox_3740.txt 1.00 KB 4/4/2015 6:27:56 PM
C:\ProgramData\Origin\Logs\IGO_Log.firefox_3740.txt 1.00 KB 4/4/2015 6:27:56 PM
C:\Users\All Users\Origin\Logs\IGO_Log.firefox_3740.txt 1.00 KB 4/4/2015 6:27:56 PM
C:\Documents and Settings\All Users\Origin\Logs\IGO_Log.bf3_3960.txt 49.00 KB 4/4/2015 6:28:02 PM
C:\ProgramData\Origin\Logs\IGO_Log.bf3_3960.txt 49.00 KB 4/4/2015 6:28:02 PM
C:\Users\All Users\Origin\Logs\IGO_Log.bf3_3960.txt 49.00 KB 4/4/2015 6:28:02 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\6\2j83d056.d 10.00 KB 4/4/2015 6:28:03 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\6\2j83d056.d 10.00 KB 4/4/2015 6:28:03 PM
C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a7e60ea-2ad9-4b16-81d9-981363620441} 4/4/2015 6:28:18 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\6\2hjxxnuf.d 10.00 KB 4/4/2015 6:28:23 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\6\2hjxxnuf.d 10.00 KB 4/4/2015 6:28:23 PM
C:\Documents and Settings\All Users\Origin\Logs\IGO_Log.Origin_3192.txt 34.00 KB 4/4/2015 6:28:25 PM
C:\ProgramData\Origin\Logs\IGO_Log.Origin_3192.txt 34.00 KB 4/4/2015 6:28:25 PM
C:\Users\All Users\Origin\Logs\IGO_Log.Origin_3192.txt 34.00 KB 4/4/2015 6:28:25 PM
C:\Documents and Settings\Tone\AppData\Local\Mozilla\Firefox\Profiles\4msw7c4t.default\cache2\entries\317D98DCA3490DB376CD269981418BF7C60B5526 2.00 KB 4/4/2015 6:29:06 PM
C:\Users\Tone\AppData\Local\Mozilla\Firefox\Profiles\4msw7c4t.default\cache2\entries\317D98DCA3490DB376CD269981418BF7C60B5526 2.00 KB 4/4/2015 6:29:06 PM
C:\Documents and Settings\Tone\AppData\Local\Mozilla\Firefox\Profiles\4msw7c4t.default\cache2\entries\FA4F1F40F8B68C506E9F9895466C3302DAACB4E6 4.00 KB 4/4/2015 6:29:06 PM
C:\Users\Tone\AppData\Local\Mozilla\Firefox\Profiles\4msw7c4t.default\cache2\entries\FA4F1F40F8B68C506E9F9895466C3302DAACB4E6 4.00 KB 4/4/2015 6:29:06 PM
C:\Documents and Settings\All Users\Origin\Logs\IGO_Log.bf3_1608.txt 17.00 KB 4/4/2015 7:18:05 PM
C:\ProgramData\Origin\Logs\IGO_Log.bf3_1608.txt 17.00 KB 4/4/2015 7:18:05 PM
C:\Users\All Users\Origin\Logs\IGO_Log.bf3_1608.txt 17.00 KB 4/4/2015 7:18:05 PM
C:\Documents and Settings\Tone\AppData\Local\Origin\Web Cache\data7\3\ie8z9k1c.d 10.00 KB 4/4/2015 7:18:07 PM
C:\Users\Tone\AppData\Local\Origin\Web Cache\data7\3\ie8z9k1c.d 10.00 KB 4/4/2015 7:18:07 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.food.com%2Ffdc%2Fimg%2Fico%2Ffavicon.png 1.00 KB 4/4/2015 7:38:43 PM
C:\Users\Tone\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.food.com%2Ffdc%2Fimg%2Fico%2Ffavicon.png 1.00 KB 4/4/2015 7:38:43 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.joyouslydomestic.com%2Ffavicon.png 1.00 KB 4/4/2015 7:40:05 PM
C:\Users\Tone\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.joyouslydomestic.com%2Ffavicon.png 1.00 KB 4/4/2015 7:40:05 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\icons\www.joyouslydomestic.com.idx 1.00 KB 4/4/2015 7:40:05 PM
C:\Users\Tone\AppData\Local\Opera\Opera\icons\www.joyouslydomestic.com.idx 1.00 KB 4/4/2015 7:40:05 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\icons\www.food.com.idx 1.00 KB 4/4/2015 7:50:55 PM
C:\Users\Tone\AppData\Local\Opera\Opera\icons\www.food.com.idx 1.00 KB 4/4/2015 7:50:55 PM
C:\Temp\{C5CE1D95-1711-4589-9FAF-C408CE8E5D9E}\setup.isn 251.00 KB 4/4/2015 8:29:52 PM
C:\Temp\{C5CE1D95-1711-4589-9FAF-C408CE8E5D9E} 4/4/2015 8:30:07 PM
C:\Temp\{DA8C2C8F-4F2F-4573-963F-E5EC96DF7E76} 4/4/2015 8:30:07 PM
C:\Documents and Settings\Tone\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_setup.exe_221bc96ef39bd1fadf3892e142d858782caa0b5_cab_069db73f\appcompat.txt 5.00 KB 4/4/2015 8:30:12 PM
C:\Users\Tone\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_setup.exe_221bc96ef39bd1fadf3892e142d858782caa0b5_cab_069db73f\appcompat.txt 5.00 KB 4/4/2015 8:30:12 PM
C:\Temp\{2a95c5f6-58a5-4895-8e25-42207602ef47} 4/4/2015 8:30:13 PM
C:\Temp\{C1BC2C56-4C3F-4C91-8F88-EDEF5A2D3460}\setup.isn 251.00 KB 4/4/2015 8:30:50 PM
C:\Temp\{795B4095-A1D8-44AF-A3A5-392A730C3BDF} 4/4/2015 8:31:03 PM
C:\Temp\{C1BC2C56-4C3F-4C91-8F88-EDEF5A2D3460} 4/4/2015 8:31:03 PM
C:\Temp\{3FFECABD-5BE8-451B-89CB-64A266B8EF68}\setup.isn 251.00 KB 4/4/2015 8:31:32 PM
C:\Temp\{3FFECABD-5BE8-451B-89CB-64A266B8EF68} 4/4/2015 8:31:40 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\icons\chris.dod.net.idx 1.00 KB 4/4/2015 11:16:19 PM
C:\Users\Tone\AppData\Local\Opera\Opera\icons\chris.dod.net.idx 1.00 KB 4/4/2015 11:16:19 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fchris.dod.net%2Ffavicon.png 1.00 KB 4/4/2015 11:16:19 PM
C:\Users\Tone\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fchris.dod.net%2Ffavicon.png 1.00 KB 4/4/2015 11:16:19 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\pstorage\00\10\00000004 1.00 KB 4/4/2015 11:29:30 PM
C:\Users\Tone\AppData\Local\Opera\Opera\pstorage\00\10\00000004 1.00 KB 4/4/2015 11:29:30 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\cache\g_0014 4/4/2015 11:32:08 PM
C:\Users\Tone\AppData\Local\Opera\Opera\cache\g_0014 4/4/2015 11:32:08 PM
C:\Documents and Settings\Tone\AppData\Local\Opera\Opera\cache\g_0015 4/4/2015 11:32:08 PM

 

[GRoston]

An update: Hiding this update DOES NOT WORK. On every computer it has reappeared in the important list despite having been hidden.

 

[dancing leaves]

So, to remove this useless bloatware:

1. Delete each of the tasks in the above mentioned folder (and then the folder for good measure)
2. With Windows Explorer, go to c:\Windows\System32. Right click on the folder GWX and select properties. From there, change the owner to an account with admin privileges and give the same user full control. Then delete the folder.
3. Repeat the same steps in c:\Windows\SysWOW64

I uninstalled the update, then looked for gwx folders/files. There are no such folders in system32 or syswow64.

However, there are several folders with gwx in their names (in the WINDOWS folder), they all start with:
amd64_microsoft-windows-gwx
or
wow64_microsoft-windows-gwx

And there are 2 gwx.exe files (both in a wow64... folder). I can't delete them; a message comes up saying permission is required of "TrustedInstaller" whatever that is.

Also, some MANIFEST files that echo the folder names in the WINDOWS\winsxs folder.

Which of these should be removed, and how can I do that?

 

[GRoston]

dancing leaves,

Not sure what to recommend. I just searched my C;\Windows folder and the only file or directory with gwx in the name was a log folder that was easily deleted. Have you rebooted since doing the uninstall of the update?

To directly answer your question, do a search for change file owner and follow the procedure to change the ownership of the file from the current owner to your account (assuming your account has administrator privileges). Once you do that, you should be able to delete the file.

 

[dancing leaves]

What are all these amd64... and wow64... folders?
amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.18804_none_0ea917976cd9078e
amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.18846_none_0e7fd87b6cf7aa00
amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.18804_none_b9f47bdfdb2d157c
amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.18846_none_b9cb3cc3db4bb7ee
amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.18804_none_0b633dc31207e297
amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.18846_none_0b39fea712268509
wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.18804_none_18fdc1e9a139c989
wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.18846_none_18d482cda1586bfb

It looks like there's a MANIFEST file of the same names (plus 2 extra) in the winsxs folder; should they remain?

 

[dancing leaves]

Good grief! I ran another search for 'gwx' and all these other files came up:

Now what?

 

[GRoston]

Sorry - no idea

 

[GokAy]

Bah, sorry wrong thread

You shouldn't mess with winsxs folders.

You can uninstall the Windows 10 Preparation updates - http://www.sevenforums.com/general-...windows-10-upgrade-updates-windows-7-8-a.html

or

hide the notification - http://www.sevenforums.com/general-discussion/371424-remove-get-windows-10-taskbar.html#post3077739

 

[Anak]

You're not far off GokAy; If dancing leaves uses your first link (it's still good even though its struck out) s/he can use the list that Tookeri has compiled to uninstall the Win10 updates. There are one or two more threads, one by CarWiz that explains that if you uninstall these updates the uninstall procedure should also remove the gwx folders and files.

dancing leaves; Take note that you need to remove the updates that are not marked with red, those are for win 8/8.1 only.

 

[GokAy]

There are so many of these threads now, it becomes confusing

From Brink's post in News, KB3035583 is enough to stop the nag screen.

Also see Get Windows 10 Icon - Remove from Taskbar in Windows 7 and 8.1 - Windows 10 Forums

 

[Layback Bear]

I just did a regedit and remove every thing GWX.
Then I did a sfc /scannow and found no errors.
So far every thing is working okay.

***Do at your own risk.***

 

[Gerry]

These files are part of the Free Win 10 offer. When it first pops up it allows you to reserve your free upgrade to Win 10 when it becomes available at the end of June or July this year . However when you reserve your copy or not it does not go away and loads each time the computer boots. I have 2 files loading, GWX.exe and GWXUX.exe which is the actual popup that allows you reserve win 10 upgrade. Why they have to keep it running after you have reserved your upgrade is beyond me although it is easy to close it via taskmanager. I cannot find how these files are loading at bootup as they are not loading from Services or Startup in Msconfig.

After more research I came across this, Remove the Get Windows 10 icon from the icon tray - Windows 10 a way to shut it down.

 

[AddRAM]

I have a GWX folder in system32, I had to use a reg hack to remove it ( no permission ) but if you run sfc it finds corrupted files and keeps replacing GWX

Good Grief