3019532d9779487256326.exe has stopped working

Dell Optiplex 7010 desktop (3.3 ghz inte...
February 1, 2018 at 07:49:35
Specs: Windows 7, P4 2.6GHZ/PC3200 1.5gig
Hi all,
Has anyone seen this kind of error. It showed when I started Windows 7 this morning. There are several videos on how to fix '*.exe' has stopped working error; but I'm not sure I even want to start it. I haven't noticed any problems otherwise.
Thanks,
...... john

See More: 3019532d9779487256326.exe has stopped working

Report •

#1
February 1, 2018 at 08:14:52
upload it to virustotal.com, so it can be scanned for virus signatures ^^

i5-6600K[delid]@4.800GHz/4.600GHz cache@1.395v | 2x4GB Crucial-DDR4-2133@14-14-14-28 1T 2800MHz@1.35v
ASUS Z170K
Samsung 250GB SSD 850 EVO
MSI Armor RX 570 4GB@1375c/2087m BiosMod
VS450


Report •

#2
February 1, 2018 at 08:29:29
Hi hidde663,
I'm not sure how to do that. All I have is the error message. I can't find the application on the computer.
..... john

Report •

#3
February 1, 2018 at 08:47:05
its a randomly generated .exe file, most likely it was in your %temp% folder or in %appdata%, in which case it would not have impacted your system

unless ofcourse it was a selfremoving virus.

did the warning happen more than once?

i5-6600K[delid]@4.800GHz/4.600GHz cache@1.395v | 2x4GB Crucial-DDR4-2133@14-14-14-28 1T 2800MHz@1.35v
ASUS Z170K
Samsung 250GB SSD 850 EVO
MSI Armor RX 570 4GB@1375c/2087m BiosMod
VS450


Report •

Related Solutions

#4
February 1, 2018 at 09:33:00
Run AdwCleaner, MalwareBytes, & CCleaner. Also, use CCleaner to scan the registry, disable unnecessary startup apps, & uninstall old/unused programs. After doing the cleanup, reboot.

https://www.malwarebytes.com/adwcle...
https://www.malwarebytes.com/
https://www.ccleaner.com/ccleaner/b...

Here's some CCleaner how-to's:
https://www.ccleaner.com/docs/cclea...
https://www.ccleaner.com/docs/cclea...


Report •

#5
February 1, 2018 at 09:38:12
Almost certainly a virus. Run ADWCleaner and MalwareBytes (response #4) as soon as possible.
Some more info:

AdwCleaner:
https://www.malwarebytes.com/adwcle...
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

MalwareBytes:
https://www.malwarebytes.org/
(use the "Free Download" button rather than the "Buy Now" button).
After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds.

Always pop back and let us know the outcome - thanks


Report •

#6
February 1, 2018 at 10:59:57
Alright.
Malwarebytes did not find anything; but AdwCleaner did.
Should I remove what it suggests?
Here's the log file.

# AdwCleaner 7.0.7.0 - Logfile created on Thu Feb 01 18:55:37 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 01-31-2018.1
# Running on Windows 7 Professional (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AppTrailers, C:\Users\User\AppData\Local\AppTrailers


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

PUP.Optional.Legacy, C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - https:\\launchpage.org\?uid=qT1KGKjdhx1sXu9WckIGcbrAQVqxe2yw7WpZD52O24MdiB9HaQmcFrnhlUssj5YjLdC7
PUP.Optional.Legacy, C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - https:\\launchpage.org\?uid=qT1KGKjdhx1sXu9WckIGcbrAQVqxe2yw7WpZD52O24MdiB9HaQmcFrnhlUssj5YjLdC7


***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-573394179-1819572172-132229728-1018\Software\CoinisRevShare
PUP.Optional.Legacy, [Key] - HKCU\Software\CoinisRevShare
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-573394179-1819572172-132229728-1018\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


Report •

#7
February 1, 2018 at 12:50:45
Yep, run the Clean and let us know if there is any improvement.

Always pop back and let us know the outcome - thanks


Report •

#8
February 1, 2018 at 13:06:56
Don't forget to use CCleaner as well - run the cleaner & registry scanner, remove everything they find. Uninstall old programs & disable unnecessary startup apps. See the how-to links I posted in my other response.

Report •

#9
February 1, 2018 at 13:57:46
"Should I remove what it suggests?"
Yes as Derek says, post the new log please.

Report •

#10
February 1, 2018 at 20:17:41
Alright. Here's what I've done.
Ran Malwarebytes ...... nothing found
Ran AdwCleaner ..... old posted above, new posted below (nothing found in new)
Ran CCleaner .... some stuff found ..... deleted
Ran Autoruns ...... showed one entry "(Default) File not found: C:\Users\User\AppData\Roaming\3019532D9779487256326\3019532D9779487256326.exe" (in logon tab) Could not delete it, and Autoruns reported error while trying to find the entry in the registry. I unchecked it, but the check mark reappeared when I restarted Autoruns.
I also checked the locations hidde663 suggested ..... %temp% and %appdata%; and found about 3 files and 1 folder (in total at the two locations) all titled '3019532D ....' I had to use file assassin to remove them, but they came back after rebooting. I deleted them again, they came back again. Then I removed an entry in the registry, which did not come back. Now the 'stopped working' error does not appear on booting, but the files and folders are still in %temp% folder and %appdata%. Below is the current log file from AdwCleaner.

# AdwCleaner 7.0.7.0 - Logfile created on Fri Feb 02 03:54:14 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 02-02-2018.1
# Running on Windows 7 Professional (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2150 B] - [2018/2/1 21:56:30]
C:/AdwCleaner/AdwCleaner[S0].txt - [2153 B] - [2018/2/1 18:55:37]
C:/AdwCleaner/AdwCleaner[S1].txt - [1086 B] - [2018/2/1 22:0:5]
C:/AdwCleaner/AdwCleaner[S2].txt - [1151 B] - [2018/2/2 3:40:17]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########


Report •

#11
February 1, 2018 at 23:40:56
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php

Report •

#12
February 2, 2018 at 05:43:36
"Ran Autoruns ...... showed one entry "(Default) File not found: C:\Users\User\AppData\Roaming\3019532D9779487256326\3019532D9779487256326.exe" (in logon tab) Could not delete it"

If you haven't already done so, use CCleaner to disable (or delete) unnecessary startup apps & clean the registry. If you're unsure of the startup entries, post the log (lower/right - "Save to text file...") & we'll tell you which can be safely disabled. Always reboot after making the changes.

Once again, here's the CCleaner how-to's:
Registry cleaning
Managing auto-starting programs


Report •

#13
February 2, 2018 at 07:51:22
Hi,
Thanks guys.
Alright. Let's try this first. Here's the Context Menu and Scheduled Tasks startup logs from CCleaner. Other than these there were only a few plugins for Seamonkey. I have not changed anything yet.

Context Menu
Yes Directory Browse with FastStone FastStone Soft "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1"
Yes Directory Browse with PIE Picmeta Systems C:\Program Files\Picmeta\PIE\PIE.exe %1
Yes Directory MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
Yes Directory RecuvaShellExt Piriform Ltd C:\Program Files\Recuva\RecuvaShell.dll
Yes Directory ZipItFree
Yes Drive Browse with FastStone FastStone Soft "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1"
Yes File FAExt Malwarebytes C:\Program Files\FileASSASSIN\FileASSASSINExt.dll
Yes File kpdf2wordshellext
Yes File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

Scheduled Tasks
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task TrackerAutoUpdate Tracker Software Products (Canada) Ltd. C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
No Task VKDJ C:\Users\User\AppData\Roaming\VkontakteDJ\VkontakteDJ.exe /H
Yes Task {26AA854C-5114-4F0B-882F-2C0EBEF5CE0A} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Downloads\Temp\10 in 1 Drivers\setup.exe" -d "C:\Downloads\Temp\10 in 1 Drivers"
Yes Task {AB350723-C194-4E34-B7DE-D322123306C8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\ZTE Handset USB Driver\USBDriverInstaller_x86.exe" -d "C:\Program Files\ZTE Handset USB Driver"
Yes Task {F03D3261-9130-4E94-AE19-D4B12728AE34} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Downloads\apr.exe -d C:\Downloads
..... john

message edited by shakushinnen


Report •

#14
February 2, 2018 at 15:22:29
"Alright. Let's try this first"
Whilst you are waiting for riider to vet your info, I can be going through the Farbar logs.

message edited by Johnw


Report •

#15
February 2, 2018 at 20:19:05
Hi John.
Sorry, I haven't had a chance to run Farbar yet.
.... john
Hi again,
Here's the link
http://www.fileconvoy.com/dfl.php?i...

message edited by shakushinnen


Report •

#16
February 2, 2018 at 20:38:56
Ok, got them shakushinnen, back in about 1/2 an hour.

Report •

#17
February 2, 2018 at 20:59:02
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
ContextMenuHandlers4: [ZipItFree] -> {9FCB3717-B87B-421E-BB30-61769539EA23} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [ZipItFree] -> {9FCB3717-B87B-421E-BB30-61769539EA23} => -> No File
ContextMenuHandlers1_S-1-5-21-573394179-1819572172-132229728-1018: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => -> No File
Task: {6EE49054-0037-4C8C-B1CD-0810502EB37F} - System32\Tasks\{26AA854C-5114-4F0B-882F-2C0EBEF5CE0A} => C:\Windows\system32\pcalua.exe -a "C:\Downloads\Temp\10 in 1 Drivers\setup.exe" -d "C:\Downloads\Temp\10 in 1 Drivers" <==== ATTENTION
AlternateDataStreams: C:\Users\User\AppData\Local\desktop.ini:bf5af20ce7a419b1178ece347eddc338 [400]
HKU\S-1-5-21-573394179-1819572172-132229728-1018\...\Run: [*3019532D9779487256326<*>] => C:\Users\User\AppData\Roaming\3019532D9779487256326\3019532D9779487256326.exe <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-573394179-1819572172-132229728-1018\...\MountPoints2: {dda567e0-3e50-11e7-bdbd-b8ca3aa7c262} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
HKU\S-1-5-21-573394179-1819572172-132229728-1018\...\MountPoints2: {e14656c9-0745-11e6-a070-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.ultimatebootcd.com/
FF Homepage: Mozilla\Firefox\Profiles\opwi4vhw.default-1515534760605 -> hxxps://www.startpage.com/
S4 SAVAdminService; no ImagePath
S4 SAVService; no ImagePath
S4 swi_service; no ImagePath
S4 swi_update; no ImagePath
S4 massfilter_hs; system32\DRIVERS\massfilter_hs.sys [X]
S4 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]

Open FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...

message edited by Johnw


Report •

#18
February 3, 2018 at 06:55:49
"Here's the Context Menu and Scheduled Tasks startup logs from CCleaner"

You didn't post the Windows Startup log, that's the most important one.
You have some unusual software installed but most of it appears legit. It seems you do a lot with photos & images. I'll skip the obvious "good" programs & just comment on what might be a problem. The ones in bold are potentially "bad". Please post the Windows Startup log.

Context Menu:
It appears clean. kpdf2wordshellext might be an issue though. Do you have Kingsoft WPS Office installed?

Scheduled Tasks:
TrackerAutoUpdate - updates Tracker PDF Editor software.
VkontakteDJ - numerous sites list it as a PUP, adware, spyware, or a browser hijacker.
10 in 1 Drivers - couldn't find much about it but it appears to be a USB driver package for Windows 9x. Seems suspicious.
ZTE Handset USB Driver - OK if you have a ZTE device.
apr.exe (Asoftech Photo Recovery) - OK if you have the software installed.


message edited by riider


Report •

#19
February 3, 2018 at 07:18:00
Hi JohnW,
What do I do after making this file? Does it have to be on the desktop?
Thanks,
.... john

message edited by shakushinnen


Report •

#20
February 3, 2018 at 07:44:23
Hi riider,
I didn't post the startup log because everything there is marked to not start. Yes, I do a LOT of photographic work.
... I do not use, and thought I had removed Kingsoft.
... 10 in 1 is a card reader that I couldn't get to work.
... I have a ZTE phone.
... I use Tracker's PDF reader.
... I have no idea what VkontakteDJ is.
What is the best way of removing items that show up in places other than Revo, or my Programs list?
Many of the programs you see are things I'm trying out. I normally go though my installations with Revo's uninstaller every so often.
Here's the startup log.
No HKCU:Run drgoot Microsoft Corporation rundll32.exe "C:\Users\User\AppData\Local\drgoot.dll",drgoot
No HKCU:Run Interstatnogui C:\Users\User\AppData\Roaming\Interstatnogui\interstatnogui.exe
No HKLM:Run Adobe ARM "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run AnonymizerGadget "C:\Users\User\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1687 /subsource:
No HKLM:Run AppTrailers C:\Users\User\AppData\Roaming\AppTrailers\AppTrailers.exe su
No HKLM:Run DameWare MRC Agent DameWare Development C:\Windows\dwrcs\DWRCST.exe
No HKLM:Run EaseUS EPM tray CHENGDU YIWO Tech Development Co., Ltd C:\Program Files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
No HKLM:Run EaseUS EPM Tray Agent CHENGDU YIWO Tech Development Co., Ltd. "C:\Program Files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe"
No HKLM:Run Everything David Carpenter "C:\Program Files\Everything\Everything.exe" -startup
No HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
No HKLM:Run USB3MON Intel Corporation "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Thanks,
...... john

message edited by shakushinnen


Report •

#21
February 3, 2018 at 09:27:27
"thought I had removed Kingsoft" - It appears there are still remnants of Kingsoft lurking about.
"10 in 1 is a card reader that I couldn't get to work" - The only hits I came up with were from driverguide.com which is not always the most reliable site. If it didn't work for you, get rid of it.
"I have no idea what VkontakteDJ is" - it probably piggybacked on some other program you installed. Do a search for the removal instructions.

There's a lot of Startup entries on your list. Are all these programs still installed but just disabled from loading? I'm not going to look into them all but these are the ones that seem suspicious - they may be legit but I'm not familiar with them: drgoot, Interstatnogui, AnonymizerGadget, DameWare MRC Agent, Everything David Carpenter.


Report •

#22
February 3, 2018 at 14:34:02
"What do I do after making this file? Does it have to be on the desktop?"
Just follow the instructions in my posts #11 & #17 John.

Print them out if you are having trouble following.


Report •

#23
February 3, 2018 at 16:33:02
Hi JohnW,
Just to be clear.
The files have to be on the desktop?
Can I assume then that Farbar will automatically incorporate the information in any fixlist.txt that is there?
.... john

message edited by shakushinnen


Report •

#24
February 3, 2018 at 16:44:30
"The files have to be on the desktop?"
Yes, put the FRST file on the Desktop.

"Can I assume then that Farbar will automatically incorporate the information in any fixlist.txt that is there?"
Yes.


Report •

#25
February 3, 2018 at 20:55:12
Hi John,
Here's the content of the fixlog file.

Fix result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by User (03-02-2018 23:51:42) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
ContextMenuHandlers4: [ZipItFree] -> {9FCB3717-B87B-421E-BB30-61769539EA23} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [ZipItFree] -> {9FCB3717-B87B-421E-BB30-61769539EA23} => -> No File
ContextMenuHandlers1_S-1-5-21-573394179-1819572172-132229728-1018: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => -> No File
Task: {6EE49054-0037-4C8C-B1CD-0810502EB37F} - System32\Tasks\{26AA854C-5114-4F0B-882F-2C0EBEF5CE0A} => C:\Windows\system32\pcalua.exe -a "C:\Downloads\Temp\10 in 1 Drivers\setup.exe" -d "C:\Downloads\Temp\10 in 1 Drivers" <==== ATTENTION
AlternateDataStreams: C:\Users\User\AppData\Local\desktop.ini:bf5af20ce7a419b1178ece347eddc338 [400]
HKU\S-1-5-21-573394179-1819572172-132229728-1018\...\Run: [*3019532D9779487256326<*>] => C:\Users\User\AppData\Roaming\3019532D9779487256326\3019532D9779487256326.exe <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-573394179-1819572172-132229728-1018\...\MountPoints2: {dda567e0-3e50-11e7-bdbd-b8ca3aa7c262} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
HKU\S-1-5-21-573394179-1819572172-132229728-1018\...\MountPoints2: {e14656c9-0745-11e6-a070-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.ultimatebootcd.com/
FF Homepage: Mozilla\Firefox\Profiles\opwi4vhw.default-1515534760605 -> hxxps://www.startpage.com/
S4 SAVAdminService; no ImagePath
S4 SAVService; no ImagePath
S4 swi_service; no ImagePath
S4 swi_update; no ImagePath
S4 massfilter_hs; system32\DRIVERS\massfilter_hs.sys [X]
S4 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]

Open FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ZipItFree => not found
HKLM\Software\Classes\CLSID\{9FCB3717-B87B-421E-BB30-61769539EA23} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ZipItFree => not found
HKLM\Software\Classes\CLSID\{9FCB3717-B87B-421E-BB30-61769539EA23} => not found
HKU\S-1-5-21-573394179-1819572172-132229728-1018\Software\Classes\*\ShellEx\ContextMenuHandlers\kpdf2wordshellext => not found
"HKU\S-1-5-21-573394179-1819572172-132229728-1018\SOFTWARE\Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EE49054-0037-4C8C-B1CD-0810502EB37F} => could not remove. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EE49054-0037-4C8C-B1CD-0810502EB37F}" => removed successfully.
C:\Windows\System32\Tasks\{26AA854C-5114-4F0B-882F-2C0EBEF5CE0A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{26AA854C-5114-4F0B-882F-2C0EBEF5CE0A}" => removed successfully.
C:\Users\User\AppData\Local\desktop.ini => ":bf5af20ce7a419b1178ece347eddc338" ADS removed successfully.
"HKU\S-1-5-21-573394179-1819572172-132229728-1018\Software\Microsoft\Windows\CurrentVersion\Run\\*3019532D9779487256326<*>" => removed successfully.
"HKU\S-1-5-21-573394179-1819572172-132229728-1018\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dda567e0-3e50-11e7-bdbd-b8ca3aa7c262}" => removed successfully.
HKLM\Software\Classes\CLSID\{dda567e0-3e50-11e7-bdbd-b8ca3aa7c262} => not found
"HKU\S-1-5-21-573394179-1819572172-132229728-1018\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e14656c9-0745-11e6-a070-806e6f6e6963}" => removed successfully.
HKLM\Software\Classes\CLSID\{e14656c9-0745-11e6-a070-806e6f6e6963} => not found
"Firefox homepage" => removed successfully.
"HKLM\System\CurrentControlSet\Services\SAVAdminService" => removed successfully.
SAVAdminService => service removed successfully.
"HKLM\System\CurrentControlSet\Services\SAVService" => removed successfully.
SAVService => service removed successfully.
"HKLM\System\CurrentControlSet\Services\swi_service" => removed successfully.
swi_service => service removed successfully.
"HKLM\System\CurrentControlSet\Services\swi_update" => removed successfully.
swi_update => service removed successfully.
"HKLM\System\CurrentControlSet\Services\massfilter_hs" => removed successfully.
massfilter_hs => service removed successfully.
"HKLM\System\CurrentControlSet\Services\zghsdiag" => removed successfully.
zghsdiag => service removed successfully.
Open FRST and press the Fix button just once and wait. => Error: No automatic fix found for this entry.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run. => Error: No automatic fix found for this entry.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply. => Error: No automatic fix found for this entry.
Refer these SS if needed. => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.
http://fs5.directupload.net/images/... => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11882985 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 654704 B
Firefox => 18880070 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100065 B
LocalService => 16674 B
NetworkService => 16674 B
User => 23951037 B
Administrator => 92829 B

RecycleBin => 10399 B
EmptyTemp: => 53 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:51:57 ====


Report •

#26
February 3, 2018 at 21:10:03
john, I know you have run CCleaner, run these please.

Run both of these, in this order.
Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://fs5.directupload.net/images/...
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/2teVsjI.gif
https://i.imgur.com/ad7SEKM.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...


Report •

#27
February 4, 2018 at 07:27:24
Hi JohnW,
Alright I did that.
Disk cleaner showed ......
Tab left 2573 files ..... 710 mb
Right of that 6 files ..... 3.9 mbs
Right of that 11files ..... 724 mbs
Registry cleaner showed
417 problems .... 10 unsafe to delete
I ran this three time (as I found that CCleaner doesn't seem to get everything on the first,sometimes second and third, pass)
On the third pass it reported no problems (not even the unsafe to delete ones).
Thanks,
...... john

message edited by shakushinnen


Report •

#28
February 4, 2018 at 11:57:20
Thanks john.

Extract from your Addition log, are these deliberately disabled?

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

If unable to update, use this, don't install anything, upload screenshots of everything it finds.

SlimDrivers
http://www.softpedia.com/get/System...
http://slimdrivers.com/
http://i.imgur.com/iXZx7kX.gif


Report •

#29
February 4, 2018 at 16:02:21
Hi John,
I removed several items that riider identified as questionable. I'm not sure if the ones you mentioned where among those.
You mention "... unable to update..." I'm not sure what you're referring to. I have never been able to update this installation of Windows 7; probably because it belonged to a company, and I have no disks. I have tried every trick I could find; but what usually happens is that Windows downloads the updates, restarts and tells me that it didn't work and is reverting to the original configuration.
...... john
P.S. I downloaded the Slim Drivers app; but on installation was told "Fatal Error During Installation" I tried two of the links, and both produced the same error.



Report •

#30
February 4, 2018 at 16:14:30
I'm referring to the 2 drivers that need updating john.

"Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions."


Report •

#31
February 4, 2018 at 19:18:22
Oh .... OK.
The update went well.
Thanks again guys.
... john
P.S. The items that hidde663 identified in "%temp% folder or in %appdata%" (which were the subject of my initial inquiry) are no longer there.

Report •

#32
February 4, 2018 at 19:23:37
"The update went well"
Screenshots of Device manager, please john.

"are no longer there"
Good news.


Report •

#33
February 5, 2018 at 10:12:43
Hi John,
I hope this is what you want. (It really doesn't tell much.)
http://www.fileconvoy.com/dfl.php?i...
...... john

Report •

#34
February 5, 2018 at 11:50:29
"I hope this is what you want. (It really doesn't tell much.)"
Perfect, it shows there are no surprises.

As you can see from your logs, you had stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#35
February 5, 2018 at 13:49:30
Hi John,
Oh, I'm afraid I know only too well how these remnants got there. I am quite vigilant about not installing toolbars, etc. with applications: but I suspect that many programs leave things on your computer, no matter what you do. I routinely use use Revo Uninstaller, which seems to do a fairly good job, but I imagine even it can't find all of them. I used to be absolutely anal about keeping my system spic and span, and in the process often created problems where there weren't any. Now, other than routine cleanups, I usually leave well enough alone, unless I have a reason to be concerned, which was why I started this thread. I really appreciate yours and riider's help with these problems.
Thanks,
...... john

Report •

#36
February 5, 2018 at 14:11:15
"but I suspect that many programs leave things on your computer, no matter what you do"
It's more a matter of prevention john, that's where Unchecky will help.

You should be Ok now, all the best.


Report •

#37
February 5, 2018 at 19:43:48
I will check out Unchecky.
Thanks again,
..... john

Report •

#38
February 8, 2018 at 09:04:21
To the Administrator.
I am unable to choose a 'best answer'. Both JohnW and riider's contributions were a majour help.
..... john

Report •

Ask Question