PC crashing and crawling.

Welcome to Majorgeeks!

Looks like you obtained your HJT log before running Bitdefender. HJT should be the last step otherwise things that show in it may have already been removed. Also you must attach the PandaActiveScan log as requested in step 6. Also you should attach your CounterSpy log as requested in step 5.

Also since you appear to have an HSA (aka About:Blank) hijacker, run the below and attach the log to:

about:Buster......No installation required! Just unzip it to a folder. Click Update and download any updates before scanning. Also run it twice with a reboot in between. Save the logs and attach later.

If you receive an error message about a missing MSCOMCTL.OCX file when you run about:Buster, download the file in the link below and run it. It will give you the necessary file. There is also a help file that come with about:Buster that explains some common errors and how to fix.

http://www.javacoolsoftware.net/downloads/missingfilesetup.exe

 

Do you have both AVG and Antivir installed? Both show in your HJT log. If both are still installed, uninstall one of them.

You must disable Spybot's Teatimer as requested in the READ & RUN ME.
To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer.
Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked. Now quit Spybot!

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [IEPT32.EXE] C:\WINDOWS\SYSTEM\IEPT32.EXE /s
O4 - HKLM\..\RunServices: [IPWR.EXE] C:\WINDOWS\SYSTEM\IPWR.EXE /s
O4 - HKLM\..\RunServices: [SYSXA.EXE] C:\WINDOWS\SYSXA.EXE
O4 - HKLM\..\RunServices: [SDKOX32.EXE] C:\WINDOWS\SDKOX32.EXE
O4 - HKLM\..\RunServices: [WINLQ.EXE] C:\WINDOWS\WINLQ.EXE
O4 - HKLM\..\RunServices: [MSPS.EXE] C:\WINDOWS\MSPS.EXE
O4 - HKLM\..\RunServices: [NETUY32.EXE] C:\WINDOWS\SYSTEM\NETUY32.EXE /s
O15 - Trusted Zone: *.mozilla.org
O19 - User stylesheet: (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\SYSTEM\IEPT32.EXE
C:\WINDOWS\SYSTEM\IPWR.EXE
C:\WINDOWS\SYSXA.EXE
C:\WINDOWS\SDKOX32.EXE
C:\WINDOWS\WINLQ.EXE
C:\WINDOWS\MSPS.EXE
C:\WINDOWS\SYSTEM\NETUY32.EXE

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Make sure you answer each of the below questions:

1. How much free hard disk space do you have?
2. How much RAM do you have?
3. Did you uninstall one of the antivirus programs yet?
4. Did you disable Teatimer yet?
5. What firewall are you referring too? You did not have one before!
6. You have both CounterSpy and Spyware Doctor installed. Are either of these the paid subscription version? Or are they both the free trial versions?

The files in your log were remnants of an HSA infection and there could be literally hundreads more of them hiding on your system. We may need to save a log of the files in a couple of your folders and have you upload them here. These file can get quite large and will need to be put into a ZIP. So let me ask right now before giving any procedures, do you know how to use WinZip or similar to put files into a compressed ZIP?

Post a HijackThis log from safe boot mode?

 

Okay! Since they are only the free versions they are of no long term use to you. Uninstall both of them.

Yes! That is very bad and is not enough free disk space for your system to run properly. You need to backup to CD a lot of your music files and delete them from your hard disk (or you need to buy a larger hard disk). Are you implying you have multiple hard disks? If so, how much free space is on the other?

Don't worry about this write now. We could easily get the info but your problem is the hard disk space.

Give me the names of the DLL files you are referring to. Also give the file size and date.

 

You should backup files to CDs or to a DVD. No harddisk (in your PC or MP3 player) is immune to a crash.

Those are EXE files not DLL files. Either way delete them.

I personally do not use Outpost firewall but as with most firewalls you just have to allow or deny various programs access to the internet. Normally it is pretty obvious what the programs are as they popup when you run things on your PC. If you do not recognize something, then deny it access until you determine what the process is for.

 

Everything you need is covered in the below final steps and the link given. You do need a real time antispyware program with blocking capability.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!