Need help plz

Welcome to MGs!

You have an HSA hijacker issue. Run the below tool twice and attach the aboutLBuster log.

about:Buster

Also attach a new HJT log after doing the above.

 

You did not post an about:buster log. You reposted something from Spyware Doctor.
Did you run about:buster? Did you run it twice? It does not look like it based on the HJT log.

Why did you install SpywareDoctor? That is not what I requested. Did you buy it?

Please attach the about:buster log.

 

After running About:Buster and attaching the log, continue with the below.

These steps may not be able to work if you have MS Antivirus and or SpywareDoctor loaded and running because they may try to block changes to your home and start pages and maybe even block changes to the registry. Either disable their protections or when they popup to warn you that changes are being made, make sure you Allow the changes.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kbqmg.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kbqmg.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kbqmg.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kbqmg.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kbqmg.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {86A6FBFC-1991-4760-7966-9152C01207F3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (if found):
C:\WINDOWS\system32\kbqmg.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

That is a new log from this afternoon! Didn't you run it earlier when requested?

What about the steps in my previous message?

Also you did not answer my question from a few message back:

 

Uninstall SpywareDoctor then! It is of no use to you unless you buy it.

You never complete all the steps I requested in message # 5.

 

For future reference, please never post incomplete HJT logs like you just did? There is no reason the top lines should be cut out. All info is always saved to the log and the whole log should be uploaded.

Your log is clean! Are you having any other malware problems?

 

You're welcome. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!