Windows Suddenly running very slow!

Did you uninstall ZoneAlarm since it was not working anyway? If not then uninstall it.
By the way did you only install the free firewall or did you install the full security suite that must be downloaded just to get the free firewall. You have to be careful when you download and install this. If you did not tell it to only install the firewall, you would get the full security suite and that would be bad if you already have Symantec installed.

Can you download onto another PC and burn to CD, floppy, or flashdrive. If so, then do the below which are from the READ ME.

Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGTools While these tools will run from your Desktop, we strongly recommend that you DO NOT extract them to your Desktop. Please install them where recommended. Do not run the scans yet!!!

• Using GetRunKey
• Using ShowNew

• Locate the getrunkey.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) DO NOT attach any other file. The log is named runkeys.txt. We do not need any of the other 20 or so temp files that are created. They will all be deleted when you terminate GetRunKey by closing the notepad window. This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment when you come back to post your results.
• Please make sure you close the popup notepad window with the runkeys.txt log in it before running ShowNew in the below step.
• Locate the shownew.bat file and double click on it to run it. It will create a file named newfiles.txt in the root of drive C: (C:\newfiles.txt) . This log will also popup in a notepad window which your can just close. Upload the newfiles.txt file here as an attachment when you come back to post your results.

Then also complete step 7 of the READ ME to get a HijackThis log.


Attach the 3 logs here.

 

First goto Add/Remove Programs and uninstall the below:
J2SE Runtime Environment 5.0 Update 9
Messenger Plus! Live

Now you need to get the below ZIP downloaded and all files extracted onto your PC somehow and then follow the directions on the download page:

ChodeFix - How download and run

Then reboot.

After reboot, attach new logs from GetRunKey & ShowNew also tell me if any of your symptoms have changed.

 

Well actually quite a bit has changed in your logs! Now some of your malware is not longer loading and some of the registry keys that were modified by it have been fixed. A few have not been fixed.

I see you have CounterSpy installed. Is this the free trial from the READ ME? Have you run it and saved a log? If not please do so now.

Do you use a remote control with the DVD player in your PC?

 

Okay so do you have the original installation program for this? If not, download the version from the Read Me and install it. Then run a new scan, make sure you fix everything that it finds except DAP (Download Accelerator Plus) which you appear to use. You can tell it to ignore DAP.

Okay! The reason I asked is because a process is loading at startup for use of a remote control with Power DVD and it you don't have or use one, it is a waste of System Resources. We will remove this.

Also download, install and run AVG Antispyware from the READ ME. Run a scan with it and MAKE SURE you fix what it finds. Attach a log from this.

Now download this new version of chodefix.zip (see the bottom of this message) which is attach to this message. Save it to the sameplace as you did last time (should be your Desktop) and overwrite the previous file. Then extract ALL of the files from it. Then double click on the chodefix.bat file. This will try to fix some of the damage caused by the Chode infection that you have. You should see a message like the below when it finishes (in about 3 seconds).

Tell me if you see this message or not or if you get an error message instead. No matter what happens just continue on to the next steps.


Now reboot your PC!!!

• After reboot, click Start, Run and enter cleanmgr and click OK.
• You should see a window open titled Disk Cleanup for (C : )
• Select all check boxes on the form and then click OK.
• This can take a while to run. So take a break and let it run.
• Don't do anything else on the PC while it is running.

After the above completes, attach new logs from GetRunKey & ShowNew.
Also please see if you can follow the directions in step 7 of the READ ME and run HijackThis and attach a log.

 

Cleanmgr did not work properly! Let's do the below.

First uninstall the AVG Antispyware and CounterSpy trials since we are finished with them. Then delete the below folders:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
After clicking Fix, exit HJT.

Now reboot and then attach new logs from ShowNew and HJT.

Are you still having any malware problems?

 

This is due to the fact that some how you broke your LSP chain. If you look in your HJT log you will see the below line (DO NOT TRY TO FIX THIS WITH HJT) :

O10 - Broken Internet access because of LSP chain gap (#23 in chain of 27 missing)

This is way you have no internet access. Let's try giving the below a run:

XP TCP/IP Repair

Did that fix your internet connection?

 

Something that was installed (probably malware) was removed during the whole process of removing your malware. The LSP chain is truly like a chain and if you remove a link, there is no path end to end. When your PC is starting up it is try to make the connections thru the LSP links and it was in a state of retrying many times as many programs/processes were trying to run. This slowed down boot up.

If you just install ZoneAlarm's firewall you don't need to uninstall Symantec Antivirus. If you are planning on using ZoneAlarm's Secuirty Suite which includes and antivirus (which I don't recommend), then you will have to uninstall Symantec first.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!