Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

After wipe and reinstall still having problems Open Candy and possible

Started by stormrider22 , Oct 02 2015 07:23 PM

  • This topic is locked This topic is locked

#31
Essexboy
Posted 18 October 2015 - 05:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I do have one question - why is it that even when I'm not connected to the internet every blasted service that is responsible for the network connection and internet communication continues to run? That really chews up my processor and my ram.

 

That I am afraid is part of windows 10

We can try to alleviate some of that

 

Open the all settings gui

Capture.JPG
Select update and security > Advanced options

On the page that opens select Choose how updates are delivered

Turn them all off

updates.JPG

 

Then download and run this programme http://www.oo-software.com/en/shutup10

Select recommended settings then the majority of the communication between your system and MS will be  turned off

 

There are a few remnants to remove then we will look at the daz problem

 

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:



CreateRestorePoint:
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [HijackThis startup scan] => C:\Users\kathr\Downloads\HijackThis.exe [388608 2015-10-16] (Trend Micro Inc.)
2015-10-16 18:50 - 2015-10-16 18:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\kathr\Downloads\HiJackThis.exe
2015-10-16 16:46 - 2015-10-16 16:46 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-16 16:18 - 2015-10-17 15:02 - 00000000 ____D C:\Program Files\Trend Micro
2015-10-14 03:15 - 2015-10-17 14:10 - 00000000 ____D C:\Users\kathr\AppData\Local\Trend Micro
2015-10-09 05:47 - 2015-10-15 20:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-04 00:23 - 2015-10-06 14:12 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-04 00:16 - 2015-10-17 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
Task: {90B7C6D4-F1C9-493E-A34C-126378FFB57C} - System32\Tasks\{FAE41C42-E035-4FFE-81B1-F4404DFD0C0F} => pcalua.exe -a "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe"
Task: {A2ADAE73-86BC-478A-96C0-870F7DFD4DF2} - System32\Tasks\{A45DFF4C-AC84-4E0C-A331-3CB2D33F75F1} => pcalua.exe -a C:\PROGRA~3\INSTAL~1\{6A206~1\Setup.exe -c /remove /q0
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

 

OK Daz problems

 

Total physical RAM: 32685.47 MB   for rendering large graphics programmes I would suggest at least 8GB

What memory does your GPU have as this appears to be the critical part from my reading on the Daz site

 

 


  • 0

Advertisements

#32
stormrider22
Posted 18 October 2015 - 08:10 AM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

That I am afraid is part of windows 10
 
 
 
We can try to alleviate some of that
Open the all settings gui
attachicon.gifCapture.JPG
Select update and security > Advanced options
On the page that opens select Choose how updates are delivered
Turn them all off


Actually, I had done most of that manually already. I like Windows 10 much better than 8 but like most folks, I have huge privacy issues with it. I had read an article about shutting that stuff down I think it was on How To Geek or something like that. But that's a handy little program. Thank you! I downloaded and told it to apply the recommended settings. I don't have to worry about manually updating with that do I? I already have the drivers turned off with the update but it has a tendency to ignore that and downloads them anyway - except when I need it to download certain keyboard drivers. lol!


And here's the fix log:

Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by kathryn (2015-10-18 08:41:46) Run:10
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathryn (Available Profiles: kathryn)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [HijackThis startup scan] => C:\Users\kathr\Downloads\HijackThis.exe [388608 2015-10-16] (Trend Micro Inc.)
2015-10-16 18:50 - 2015-10-16 18:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\kathr\Downloads\HiJackThis.exe
2015-10-16 16:46 - 2015-10-16 16:46 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-16 16:18 - 2015-10-17 15:02 - 00000000 ____D C:\Program Files\Trend Micro
2015-10-14 03:15 - 2015-10-17 14:10 - 00000000 ____D C:\Users\kathr\AppData\Local\Trend Micro
2015-10-09 05:47 - 2015-10-15 20:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-04 00:23 - 2015-10-06 14:12 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-04 00:16 - 2015-10-17 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
Task: {90B7C6D4-F1C9-493E-A34C-126378FFB57C} - System32\Tasks\{FAE41C42-E035-4FFE-81B1-F4404DFD0C0F} => pcalua.exe -a "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe"
Task: {A2ADAE73-86BC-478A-96C0-870F7DFD4DF2} - System32\Tasks\{A45DFF4C-AC84-4E0C-A331-3CB2D33F75F1} => pcalua.exe -a C:\PROGRA~3\INSTAL~1\{6A206~1\Setup.exe -c /remove /q0
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HijackThis startup scan => value removed successfully
C:\Users\kathr\Downloads\HiJackThis.exe => moved successfully
C:\WINDOWS\system32\Drivers\hitmanpro37.sys => moved successfully
C:\Program Files\Trend Micro => moved successfully
C:\Users\kathr\AppData\Local\Trend Micro => moved successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\ProgramData\HitmanPro => moved successfully
C:\ProgramData\HitmanPro.Alert => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90B7C6D4-F1C9-493E-A34C-126378FFB57C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90B7C6D4-F1C9-493E-A34C-126378FFB57C}" => key removed successfully
C:\WINDOWS\System32\Tasks\{FAE41C42-E035-4FFE-81B1-F4404DFD0C0F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FAE41C42-E035-4FFE-81B1-F4404DFD0C0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2ADAE73-86BC-478A-96C0-870F7DFD4DF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2ADAE73-86BC-478A-96C0-870F7DFD4DF2}" => key removed successfully
C:\WINDOWS\System32\Tasks\{A45DFF4C-AC84-4E0C-A331-3CB2D33F75F1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A45DFF4C-AC84-4E0C-A331-3CB2D33F75F1}" => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 327.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:42:59 ====

 

OK Daz problems
 
Total physical RAM: 32685.47 MB   for rendering large graphics programmes I would suggest at least 8GB
What memory does your GPU have as this appears to be the critical part from my reading on the Daz site


I just upgraded my ram from 16gb to 32gb - that's one reason for upgrading to Windows 10 I had read it can utilize the higher ram better. It does and hogs all the resources for itself. lol!

My video card is a Nvidia GTX 770M here's the specs on that:
GPU Engine Specs:
960CUDA Cores
811 + BoostClock Freq (MHz)
Memory Specs:
2000Memory Clock (MHz)
GDDR5Standard Memory Configuration
192 bitMemory Interface Width
96.0Memory Bandwidth (GB/sec)
Feature Support:
4.5OpenGL
1.1OpenCL
PCI Express 3.0, PCI Express 2.0Bus Support
YesCertified for Windows Vista
YesCertified for Windows XP
YesCertified for Windows 7
Optimus, GeForce Experence, TXAA, GPU Boost 2.0, PhysX, CUDA, FXAA, OpenCL, Direct ComputeSupported Technologies
Yes3D Vision/3DTV Play Support
YesBlu-Ray 3D Support
12 APIDirectX
YesNVIDIA SLI-Ready
Display Support:
YesH.264, VC1, MPEG2 1080p video decoder
Up to 3840x2160LCD – eDP 1.2 support
Up to 1920x1200LCD – LVDS support
Up to 2048x1536VGA analog display Support
Up to 3840x2160DisplayPort Multimode Support
YesHDMI
YesHDCP content protection
Yes7.1 channel HD audio on HDMI
YesTrueHD and DTS-HD Audio Bitstreaming

If I recall correctly it's a little light on the GPU memory but I got this laptop before I knew DAZ was incorporating Iray. Again, if memory serves, the video card is designed to be overclocked for better performance, the problem is I remember reading that but I can't find the article on how to do that. Or I could have misunderstood. The thing is with Iray is that it will look at the GPU first, then pull in the CPU.

I have a screenshot of my Iray default:

 

iray setup.PNG

 

If I uncheck the CPU it won't use it. But I'm not sure about the numbers at the top if it will utilize the card better if I change any of that. My major point is that these settings worked just fine previously. Yeah, there were times I'd get a scene that would take forever but splitting the elements usually helped. Now scenes that used to be easy to render aren't anymore. So something has definitely changed and I'm not sure what it is.

 

Thanks again for all the help!

 

Cheers,

Stormy


  • 0

#33
Essexboy
Posted 18 October 2015 - 09:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Must admit I was hoping there was some way you could utilise 8Gb of main memory with the video card
 
The card does use directx 12 so again not a problem there
 
Malware is not a problem either
 
There were Nvidia driver problems as I recall...  Is your driver at this level 352.84 released 2015.5.15?  If not it is available here http://www.nvidia.co...spx/84891/en-us

Your startups are very light just the AV and touchpad

Services and drivers look good, mayhap stop the adobe update but that would have only a minor affect on that

It may be worth running SFC to check for any file problems... This may also cure the defender one and then we can remove Avast

Press the Windows and X key together
A menu will appear select command prompt (admin)
Untitled.png
In the black box type the following and press enter :

sfc /scannow

After it has completed then reboot, now try and start defender
  • 0

#34
stormrider22
Posted 18 October 2015 - 01:42 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

My driver is 358.5 which was released on 10/8/2015. That's one thing that I sit on to make sure I have the latest and greatest. An interesting note is according to the task manager, Glasswire is running right now when it shouldn't be.

 

But I was wondering if changing any of the following might help. If I recall when I first installed the extra RAM the virtual memory was much higher  - almost 8 instead of 4. In the past I had significant problems with my paging file becoming corrupted and disappearing. I'd have to go in and confirm these settings for it to re-write the file.

 

performance.jpg

 

Off to try the scannow.


Edited by stormrider22, 18 October 2015 - 01:42 PM.

  • 0

#35
stormrider22
Posted 18 October 2015 - 01:51 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Well that didn't work.

 

I tried the scannow and got this:

 

scannow.PNG

 

I rebooted. It took a horrendously long time to boot and was on a black screen for so long I feared I was going to get a BSOD. It finally asked for my pin which I entered and the welcome screen also took a freakishly long time to get past.

 

I tried the scannow again with the same result as above.

 

Oh and I almost forgot. My touchpad is disabled in the bios since it interferes with my typing. I've removed the touchpad software a billion times and like a bad penny, it keeps coming back.


Edited by stormrider22, 18 October 2015 - 01:54 PM.

  • 0

#36
Essexboy
Posted 18 October 2015 - 01:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK at least we are beginning to see where the problem lies
 

Press the Windows and X key together
A menu will appear select command prompt (admin)

In the black box type the following and press enter :

Dism /Online /Cleanup-Image /RestoreHealth

 

This should repair the image that SFC uses to repair files
 


  • 0

#37
stormrider22
Posted 18 October 2015 - 05:59 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

OK at least we are beginning to see where the problem lies
 

 

 

We are? I hope so because that didn't work either. Here's the error.

 

dismscreen.PNG

 

Since it referenced the DISM log I pulled that up too but it's a mile long, so I'm saving it as an attachment.

Attached Files

  • Attached File  dism.log   1.52MB   214 downloads

  • 0

#38
Essexboy
Posted 19 October 2015 - 08:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
DISM did work inasmuch as it found the repository was corrupted

This is now the problem, it is indicative of a corrupt installation and SFC will not work or be able to cure the problem in a month of Sundays

Checking out on TechNet for similar errors and possible resolutions I found a refresh will not work and will probably compound the error. Was that how you previously re-installed Windows 10 ?

The only sure fire way to cure this would be to do a clean install of 10.

I can assist with this. You will need a USB with at least 4GB memory and nothing on it as it will be wiped
  • 0

#39
stormrider22
Posted 19 October 2015 - 10:11 AM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks Essex I think a reset was involved. Honestly between upgrading from 8.1 to 10 I had to reinstall/clean install so many times I don't remember exactly what I did last. I do have a Win 10 Clean Install USB all ready to go along with my Prod ID. I created this about a week ago when I purchased Win 10. When upgrading you don't need a product ID but after doing this so many times I wanted a fall back that I knew would be pristine. So I went ahead and paid for the darn thing just to be on the safe side. I used the media creation tool and a brand new USB. It's been sitting here waiting in case it was needed. Now I'm glad I went ahead and did that.

 

The thing is reinstalling all of my stuff takes freaking forever, the adobe programs along with all of my DAZ stuff let alone my personal files and renders. I do have everything backed up, so I won't lose anything but I think this is the fifth time I've had to do this. Is there anything I can do to make this part of the process easier? Doing a clean install of Windows 10 is a breeze compared to reinstalling everything else.


Edited by stormrider22, 19 October 2015 - 10:16 AM.

  • 0

#40
Essexboy
Posted 19 October 2015 - 11:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When I did my 10 upgrade I copied all my programme folders where I had data that I needed to save to a USB drive and all my storage folders for iTunes, pictures documents etc

Installed windows, installed the programmes

Copied all the programme file folders back to the correct location, overwriting the just installed data so for example I use a programme called blue line which has all my main canned responses for installing, running programmes, running fixes etc. And to retype all that in would take weeks

So once windows was installed and I had installed the blue line programme I copied the entire folder into programme files

You need to install the programme first so that the registry is set

Then I downloaded and installed the windows tweaker programme so that I could take ownership of the entire folder http://www.thewindow...er-4-windows-10

Capture.JPG

But this must be a clean install or the same problems may well re-occur..
  • 0

Advertisements

#41
stormrider22
Posted 19 October 2015 - 12:14 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okay cool! Thank you! I'm in the middle of making sure all of my backups are in order and I have all my ducks in a row. ;)


  • 0

#42
Essexboy
Posted 19 October 2015 - 12:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Also with windows 10 there is no real need for a firewall as the built one one is quite robust

On my system I have cryptoprevent, a free antivirus and MBAM which I run whenever I remember (usually quarterly).

And I do go to some dodgy places sometimes, still yet to be infected though :)

Also there is unchecky if you test or use programmes downloaded from the net http://unchecky.com/
  • 0

#43
stormrider22
Posted 19 October 2015 - 02:56 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The reason why I was going with a third party firewall was because of all of these INBOUND rules that ALLOW ANY local port, ANY remote port, ANY application. My understanding is that outbound isn't as big of a deal - it's the inbound stuff that's supposed to be limited. 

firewallscreen1.PNG

 

 

firewallscreen2.PNG

 

The ones you see that are blocked I went in and manually blocked myself or used Group Policies to block them but I gave up because I couldn't keep up with it. They were re-writing themselves faster than I could block them. Heck everything I read says you can turn off UDP, I try that and the whole shootin' match comes to a screeching halt and I can't get on the internet at all.

 

I don't do remote or terminal anything and to me having all of that enabled on the inbound side is a serious security issue. Maybe I'm making a mountain out of a molehill but for four years now I've busted my behind to make my business successful, it was absolutely terrifying to watch my entire livelihood almost go up in smoke last year because my dad downloaded and infected flash player. But trying to explain that to everyone is another story entirely. They can't figure out why I'm running around like a chicken with my head cut off and about to blow my top because everything - from the TV to cell phones to Kindles to tablets - everything on the network got infected except the Xbox. If it wasn't for the publishing stuff that requires java I would have kicked it to the curb a long time ago.

 

 

With my husband, teenage son, and my dad using my network - well, let's just say I've never been infected by anything I've personally done. But I'd need a full time IT department to handle everything these guys throw at me. That's also why I was trying to lock down my system and play fortress laptop just to maintain my sanity. If I tried to manage security for everything that they get into, that's all I'd be doing - forget running a business.

 

At least with Glasswire I can see the remote IP certain processes are connecting to. But I do like the Avast network analyzer thus far. I've been trying to research port forwarding and port triggering but that's a whole 'nother can of worms and the time factor for me to dig into all that is overwhelming.

 

Sorry for the mini-rant there. At least, I'm rounding the final turn and coming down the homestretch with the backups.


  • 0

#44
Essexboy
Posted 19 October 2015 - 03:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The thing to bear in mind is that the attacks from the network are directed at servers as opposed to individual machines. To locate an individual system will take a lot of hardware to achieve, so the best way to do it is to run a drive by infection like an angler exploit pack and then get the infected system to call you back. Then the bad boys will decide what to give you.
However, if the outbound is blocked they will never know you are there. That is the one thing I like about Avast it checks all outbound traffic destinations.
 
You can check how effective your firewall is by going to shields up
 
Also it would be worth taking a weekly drive image to an external drive, they are easy to make and the software is free
  • 0

#45
stormrider22
Posted 20 October 2015 - 08:14 AM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I visited Shields Up! That site is cool! Thank you so much! Okay, clean install completed and up and running again. I'm just reinstalling my programs now. I decided to continue the free trial with Avast. I'm liking it so far. It's a shame I wasted my money with the other programs. Anything I should keep in mind before I get too far into it? I purchased MBAM awhile ago so I have the lifetime account. I just wasn't happy with their customer service when I had the bout with the cryptovirus. 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP