TechSpot

Task manager closes right after I open it and my computer is extremely slow.

By Go Zags
Nov 30, 2007
Topic Status:
Not open for further replies.
  1. About 4 days ago my computer started to run very very slowly. Also, when I try to open Task Manager, it opens and then closes immediately thereafter.

    I downloaded HijackThis but do not really know how to use it. I have attached my first log.

    Any help would be greatly appreciated. Thanks a lot.
  2. Daveskater

    Daveskater Banned Posts: 2,031

    Hello, Go Zags, and welcome to Techspot :wave:

    Please take a moment to read the following threads to make your experience here as enjoyable as possible :)

    Message for all newcomers

    SNGX1275's Guide to making a good post/thread

    The Techspot FAQ

    If you could take a minute to fill in some of your profile information that would be helpful to all members of the forum :)
    Knowing someone's location in the world can be extremely helpful, even if you just put a country.

    Also remember to post any problems or questions that you have in the appropriate forums

    With regards to your problem, you are running an outdated version of Hijack This, please see this thread and use the link in it to download the latest version and rename the file, then post a new log.

    From the current log it looks as though you have Norton AND McAffee installed, but i would still like to see a log from the latest version of HJT.
  3. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    Updated HijackThis log.

    Here is the updated HijackThis log.

    Thanks for the links.
  4. Daveskater

    Daveskater Banned Posts: 2,031

    Have Hijack This fix these entries:

    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)

    O4 - HKLM\..\Run: [Internt] C:\WINDOWS\system32\internt.exe

    O4 - HKLM\..\Run: [Program file] C:\WINDOWS\system32\progmon.exe

    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

    O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)

    O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)

    Now read this thread If your system is infected, read this before deciding whether to Clean or Format.

    If you decide to clean your system, follow these instructions Virus/Spyware/Malware, preliminary removal instructions and post fresh HJT, Combofix, and AVG Antispyware logs as attachments to this thread as well as the result of the Panda Antirootkit scan.


    This thread is for the use of Go Zags only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    Thanks

    Thanks for everything so far. I had HJT fix those you mentioned. I will do the rest this weekend. I am taking off for a business trip right now so I will continue when I return. Thanks a lot!
  6. Daveskater

    Daveskater Banned Posts: 2,031

    No problem, mate, i'll look out for your new logs :)
  7. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    I'm back, and ready to kick this thing in the ****

    Daveskater,

    Here is an update.

    About the time my computer started to act like this, I connected an external hard drive that my wife and I have our wedding pictures on. This was the first time I plugged it into my computer. After my computer started to slow down, I expected it was because of the external hard drive so I ran a virus scan on that, which showed no viruses.

    My wife's computer has been very slow as well, but she recently deleted all of the pictures from her hard drive and now they are only on the external hard drive, and her computer sped up. (although whenever you try to open up a program, Microsoft Money tries to open up)

    So this weekend she hooked up the external hard drive to her computer at school, and their software said there was a virus and she immediately unplugged the external hard drive.

    So something is obviously not quite right with our external hard drive.

    I fixed everything you recommended so far. The two below say they get fixed, but reappear when I re-run the scan.

    O4 - HKLM\..\Run: [Internt] C:\WINDOWS\system32\internt.exe

    O4 - HKLM\..\Run: [Program file] C:\WINDOWS\system32\progmon.exe.

    I'm not sure what the next step is. I do use my computer for business so I don't know if I should reformat or clean, or how to do those.

    Ahhh.....
  8. evilfantasy

    evilfantasy Banned Posts: 428

    internt.exe
    progmon.exe.

    These are trojans.

    You need to run all of the scans and post the logs from this post
  9. Daveskater

    Daveskater Banned Posts: 2,031

    Take a read of this thread: If your system is infected, read this before deciding whether to Clean or Format. If you feel that you should reformat your pc, then back up your important data and follow these instructions: How to reformat your hard drive and install/reinstall Windows

    If you want to try and clean your system of malware then let me know. The reason that those entries pop back up again each time you scan is because a trojan has put them there and fixing the entries with HJT is not removing it, just temporarily stopping those startup entries until you reboot.


    This thread is for the use of Go Zags only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  10. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    Clean

    I would like to try to clean my system first, if that's ok with you.

    If that doesn't work, we can look at reformatting.
  11. Daveskater

    Daveskater Banned Posts: 2,031

    No problem, mate, let's give it a go ;)

    1. Download and extract the Autoruns program by Sysinternals to C:\Autoruns

    2. Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.

    3. Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.

    4. When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.

    1. Include empty locations

    2. Verify Code Signatures

    3. Hide Signed Microsoft Entries


    5. Then press the F5 key on your keyboard to refresh the startups list using these new settings.

    6. The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries.

    7. Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.

    8. Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:

    How to see hidden files in Windows

    9. When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.


    This thread is for the use of Go Zags only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    I did those things.

    1: I didn't find \system.exe or \btorrent.exe after I ran the autorun.exe in SafeMode.
    2: The AutoRun had way more than 8 different tabs. Did I download the correct one?
    3: I couldn't find \system.exe or \btorrent.exe using My Computer so that I could delete them, even though I had the hidden files showing.

    Attached is my HJT log.
  13. Daveskater

    Daveskater Banned Posts: 2,031

    Sorry, mate, that link was out of date ;) this is the proper one. Did you download that version? The one i have has lots of tabs too so if you got it from that link you have the right one.

    Before that, though, you can delete these HJT entries:

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

    O4 - Global Startup: Digital Line Detect.lnk = ?

    Now, you should be looking under the Logon tab for internt.exe and progmon.exe. If you can find them (if you can't at first, try pressing Ctrl + F and typing the names in) uncheck them and delete the entries. Then go to C:\WINDOWS\system32\ and delete the files internt.exe and progmon.exe.

    After you've done this, post another HJT log just to check that you're clean :)

    P.S. If you want to make your startup a bit quicker, you can uncheck these from Autoruns:
    SunJavaUpdateSched (C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe)
    TkBellExe (C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot)
    iTunesHelper (C:\Program Files\iTunes\iTunesHelper.exe)
    QuickTime Task (C:\Program Files\QuickTime\qttask.exe -atboottime)


    This thread is for the use of Go Zags only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  14. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    Good News?

    I might have found those 2 files in Auto Run. I think they are in a different file though.

    They are under:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Internt c:\windows\system32\internt.exe
    Program file c:\windows\system32\progmon.exe

    I have to restart in safe mode and delete them. I will let you know if it works.
  15. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    Driving me nuts

    Ok, heres the deal:

    I have ran Auto Run in Safe Mode several times now. I find progmon.exe and internt.exe every time and delete it. I also fix it in HJT. I also delete those files by searching for them in \system32 folder. Right after that I emptied my recycle bin so they wouldn't stay in that.

    I did this a few times, and now when I run HJT and AutoRun in normal mode, they appear again.

    Here is my Auto Run log and HJT log.

    I'm so confused.........
  16. evilfantasy

    evilfantasy Banned Posts: 428

    -
    If you do not have CCleaner please install it. Download CCleaner
    * Once CCleaner is open use the default options.
    * Click Analyze and it will show a log of what will be removed.
    * Next click Run Cleaner to remove everything.

    This will help speed up the spyware scan.

    --------------------

    Download Superantispyware (SAS) SUPERAntispyware Free Edition

    Install it and double-click the icon on your desktop to run it.
    * It will ask if you want to Update the program definitions, click Yes.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked:
    + Close browsers before scanning
    + Scan for tracking cookies
    + Terminate memory threats before quarantining.
    + Please leave the others unchecked.
    + Click the Close button to leave the control center screen.
    * On the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK.
    * Make sure everything in the white box has a check next to it, then click Next.
    * It will quarantine what it found and if it asks if you want to reboot, click Yes.
    * To retrieve the removal information please do the following:
    + After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    + Click Preferences. Click the Statistics/Logs tab.
    + Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    + It will open in your default text editor (such as Notepad/Wordpad).
    + Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    * Please add the log as an attachment along with a new HijackThis log in the next post.

    ---------------------

    Next post please attach
    SUPERAntiSpyware log
    New HijackThis log
  17. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    Wow

    The Super Anti Spy scan took 5 hours and 20 minutes. I fixed 14 items, one of them being internt.exe.

    I don't think it fixed progmon.exe.

    I ran the HJT scan and it still shows both internt.exe and progmon.exe.

    I can delete them off of the HJT scan and delete them through MY COMPUTER, but they reappear immediately after. How is that happening?

    Here are both logs.
  18. evilfantasy

    evilfantasy Banned Posts: 428

    The logs didn't attach.
  19. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    its not letting me add attachments...

    i cant get my logs uploaded, it says upload errors
  20. Jase123

    Jase123 Banned Posts: 1,122

    In that case copy and paste them. :)

    A moderator will need to re-move some of your previous attachments so you can attach your new logs.

    Regards Jason :)
  21. evilfantasy

    evilfantasy Banned Posts: 428

    Are they in Text (.txt) format?

    Lets do this.

    Please download Combofix by sUBs from either here or here

    Save Combofix.exe to your your Desktop.

    1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
    2. When finished, it will produce a log for you.
    3. Attach that log in your next reply.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause your computer to stall


    Next post please attach
    combofix.txt log
    New HijackThis log
  22. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    Anti Virus Spy Log

    SUPERAntiSpyware Scan Log

    (Moderator edit: Please do not copy and paste your logs. Instead, post them as attachments only in either .txt or .log format. To learn how to attach a log file, please see HERE.
  23. evilfantasy

    evilfantasy Banned Posts: 428

    Please download Combofix by sUBs from either here or here

    Save Combofix.exe to your your Desktop.

    1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
    2. When finished, it will produce a log for you.
    3. Attach that log in your next reply.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause your computer to stall


    Next post please attach
    combofix.txt log
    New HijackThis log
  24. Go Zags

    Go Zags TS Rookie Topic Starter Posts: 20

    Combo Fix Log

    thanks for everything so far
  25. evilfantasy

    evilfantasy Banned Posts: 428

    Please download F-Secure's BlacklightBeta.exe

    * Download fsbl.exe and save it to the Desktop.
    * Once saved... double click fsbl.exe to install the program.
    * Click accept agreement and click Scan
    * This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
    * If it displays any items...don't do anything with them yet. Just hit exit (close)
    * It will drop a log on Desktop that starts with fsbl....big number

    Please attach the BlackLight log in the next post.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.