AQUB search page after windows start up

Yes!!!!! You need to attach logs from running all the other programs in these instructions. Thanks READ & RUN ME FIRST. Malware Removal Guide

 

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

 

The desktop.ini files you mentioned are fine. Now how is IE, are you still having problems?

 

Yes, the OTL does not show anything, you see. I just wondered if you were still affected or not.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :regfind
  AQUB

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Run this and attach the results.

Using ESET's Online Scanner

 

Uninstall the below:

• BitTorrentBar Toolbar
• conduitEngine
• Registry Mechanic_is1
• SpywareGuard_is1

Now let's flush the Java Cache

• Click Start > Settings > Control Panel
• Double click the Java icon (be patient, it may take a while to open)
• Now click the General tab and under the Temporary Internet File area
• Click the Settings button and then click the Delete Files... button.
• In the next popup click OK.

If you have multiple Java plugin icons in Control Panel follow the above to clear all their caches.


Now let's flush the FireFox Cache
To flush your FireFox Cache:

• click Tools
• select Options
• select Privacy
• Clear your recent history

Now let's flush the Internet Explorer Cache
To flush your Internet Explorer Cache:

• click Tools
• Internet Options
• Now on the General tab and click Delete Files and select Delete all Offline content too
• Click OK.
• When it finishes Click OK.

Any difference? And is this ONLY affecting IE??

 

Goobz there's something else you can try. Click start and type in regedit click on regedit.exe which will open up you registry.

Click on Edit > Find > (make sure keys value and data are check marked)
Search for aqub and AQUB seperately and let me know whether anything is found or not.

 

What is your home page set as in IE? Check for me.

 

Damn frustrating.

Let's try this!
How to reset Internet Explorer settings

You can either do it manually or have it done for you automatically.
Let me know how you make out. I must go to bed now and will not get back online until tomorrow evening.

 

This is not a case of hijacking. It is more likely due to what you installed on your PC. My first guess is that it is from Faceb662 version 1.5

IE does not normally run at startup, but you have allowed the below to be put in your startup processes and this may be why IE is opening.

O4 - Startup: C:\Users\gloopz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Faceb662.url ()


Before fixing this, you need to uninstall the extremely old and outdated SpywareGuard if it is still installed. You have better protection already within your antivirus program. Then disabled all protection ( including your AV, and IoBit Malware Fighter ) and then do the below.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - Startup: Faceb662.url

After clicking Fix, exit HJT.

Then reboot your PC and see if IE still opens at startup.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



Now attach the below log:

• C:\MGlogs.zip

 

Thankyou Chaslang!! I looked at that a couple of times and wrote it off as being the cause!

 

You're welcome.

You may want to consider uninstalling the root cause. You do have Faceb662 version 1.5 installed.



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!