Solved My Windows 10 system seems infested with something odd

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.


O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qshelf.lnk -> C:\Program Files\Bookshelf 98\qshelf98.exe
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> C:\Program Files\Quicken\bagent.exe
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk -> C:\Program Files\Quicken\QWDLLS.EXE
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\talk2\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2017/07/11)
O4 - HKLM\..\Run: [HP Software Update] = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
4 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\StartupApproved\Run: [AdobeCS6ServiceManager] = C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (2018/04/08)
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2018/04/03)
O4 - HKLM\..\StartupApproved\Run: [SwitchBoard] = C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (2019/07/12)
O4 - HKLM\..\StartupApproved\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe (2017/07/11)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk -> C:\Program Files\Quicken\billmind.exe -startup (2017/07/11)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2017/07/11)
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft)
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft)
O23 - Service R2: Internet Pass-Through Service - (PassThru Service) - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe



Now click on fix checked.
After the fix is complete, then reboot your machine.


Temp File Cleaner.



  • Note: This program may very well reboot your machine. Save any work prior to running.
  • Clean up your temp files with TFC.exe
  • Save it to your desktop.
  • Right click run as admin.
 

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
I've deleted TFX.exe.
I am never ever using that tool again - not under any circumstances!!!!
It's STUPID! It messes up everything and fails to give ANY kind of legible messages as to what it is doing or what progress it is making or when/whether it is finished. NEVER again! NEVER!!!!

Despite the procedure with HijackThis the funny Start menu syndrome remains. I've restored qshelf98 and quickenDLLs from the backup where HijackThis had disabled them. I may proceed to the disk check. Sorry Malnutrition but my mood is not good right now.
 

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Say, is there any way to abort chkdsk once begun? Here is why I ask. It started and shows a progress animation as well as progress reporting. Within a few short minutes it said it had completed 10% (scan+repair). I thought, "Great!". But after 15 more minutes no change. Of course the drive is big. Impatient, I tried Escape key, but to no avail. I tried Ctrl-Alt-Del, but to no avail. I would be hesitant to hit the power button during chkdsk but this is good Microsoft time-tested program and could likely withstand that, just as it theoretically should be able to withstand an unexpected power failure. Your opinion??

A full hour has elapsed and still no change, progress still 10%; I may hit the power button, I dunno
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
I've restored qshelf98 and quickenDLLs from the backup where HijackThis had disabled them.

There was no need to restore the files, they were just disabled from startup.



You can press and hold the power button, but I'd suggest restarting it and letting it run when you go to sleep. If you absolutely need to use the machine.

I think the all in one repair tool may indeed help your situation.

Download the windows all in one repair tool and install it.
Boot your machine into SafeMode.
Right click run as administrator on the all in one repair tool.
Click on Jump To Repairs.
Click on Open Repairs
Click on Start Repairs

Allow the program to run with all default boxes checked. Once the program has completed then reboot the machine twice.
 

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Obviously my posts were from a different household computer while chkdsk dominated this one.)
There was no need to restore the files, they were just disabled from startup.
Sure I knew. But I ran qshelf98 and under its Options failed to see a checkbox for it to start automatically with Windows. Being somewhat reliant on that Microsoft Reference package over the course of several Windows versions, I wanted it to start with Windows and the simplest way to accomplish that was to restore that line using HijackThis. I restored quickenDLLs while I was at it but not sure that was as particularly important; just did it.

'Good idea I do the chkdsk overnight, thanks.

Sure I'll run the all-in-one tool, thnx.
 

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
WOW! SUCCESS!! THAT ALL-IN-ONE TOOL REPAIRED the Start menu and Cortana difficulty completely! I am exhilarated! I am ever so grateful too! You have my donations; you have my undying gratitude. Well done, Malnutrtion !!!
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
Status
Not open for further replies.