[SOLVED] Win 10 Pro -ran WinDefender Threat Found & removed- PUA:Win32/AskToolbar,still comes back, request help permanently remove Also

Status
Not open for further replies.
Hi.

Is Marty account a Microsoft account and other account a local account?

Let's see if you are having the same problems when using the built-in Administrator account.

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter to execute it:
Code: 
net user administrator /active:yes
  • Restart the computer and choose this account (Administrator) instead of your previous one (Marty).
  • Let me know if you are having the same problems as before.
 
Marty is Administrator, and yes did not realize it is Micorosft think it was later added with the email for outlook for quickbooks
Other is Administrator (said Administrator local account
 
will try what suggested in a bit did not see this post from you til few minutes ago, kept checking.. thank you will let you know
 
Apologize delay, lots going on...
Opened Administrator safe mode, no difference

Closed and opened regular User Marty- (Noticed it shows as Dell- Administrator when in Administrator Safe Mode and that when opened Users from Folder C drive users, not opened in Settings it showed User Marty as Dell in Windows 8 the older version had before and it showed the other

then logged into Other User, kept attempting to open still so let it run for hours, later checked it opened and browsers were all there and files etc. and the Histories still in check
However still issue mostly with Firefox and Brave Browsers and Google, either very slow to open or if do images and videos do not show - Unless when tried on Microsoft edge using bing search engine, would work - same thing is still happening on User Martin and Histories are gone even on google and Edge


Would hope to get histories back especially Firefox , Brave and Google Chrome Browsers on Martin User

Yesterday a pop up message that Troubleshoot Windows or something again showed the ASK Pup toolbar, removed each one again.
 
Hi.

I'm not sure I understood everything you wrote, so I would ask you to try to use the language as correctly as you can. I am not a native English speaker, and it's rather difficult for me to understand you if you write without using punctuation marks or detailed descriptions.


Opened Administrator safe mode, no difference
Click to expand...
Did you use the commands I gave you to enable the built-in Administrator account, and then sign in with that account? And I didn't ask you to sign in with Safe mode.


Closed and opened regular User Marty- (Noticed it shows as Dell- Administrator when in Administrator Safe Mode and that when opened Users from Folder C drive users, not opened in Settings it showed User Marty as Dell in Windows 8 the older version had before and it showed the other
Click to expand...
Please use periods to separate your sentences. I didn't understand what you said. If needed, use screenshot to explain yourself better.


then logged into Other User, kept attempting to open still so let it run for hours, later checked it opened and browsers were all there and files etc. and the Histories still in check
Click to expand...
Open what?
What do you mean by "Histories"?


Yesterday a pop up message that Troubleshoot Windows or something again showed the ASK Pup toolbar, removed each one again.
Click to expand...

I want a screenshot/photo of this when you get these again.
 
Good day.

1.Yes did use instructions gave to sign in, did not use safe mode. Meant to say- signed in as built in System "Administrator" per instructions


1724345082997.png

2. see attachment- This is how User Marty - Administrator is when sign log in to windows to User Marty from Settings .

When Sign log into Windows for Control Panel (not from Settings), using Administrator- looking at Settings, User Accounts, for ther Users, it showed the User , Marty- 'Dell
Administrator, However not doing that now??

3. When using built in System "Administrator to sign in to Windows, then switched over to log-sign into the User called "Other" (not user called 'Marty').
Was able to enter the password like when logged into . Then enter the Password, after some time it opened up the User 'Other'.

Could see all the folders and files for the User 'Other' and the Browsers displayed the "History" for each Browser.
However. When log into system, using User; 'Marty and then attempting to also log switch User to "Other' will not open up that User "other' once enter Password, just has circle dots that go around like it is trying to load.

Also when log into system using User "Marty' not switching From user "Administrator' to user 'Marty' still unable to view previous History in the Browsers for websites visited.

4. See Attachment for Automatic installs during time frame these things were beginning to occur

Thank you
 

Attachments

Hi.

Let's take things one by one.

1. There is nothing wrong with the updates, so no, I do not recommend you to uninstall any of them.

2. No problem with how the account Marty appears in Settings or Control Panel.

3. The History in browsers (Marty account) was deleted when we used the FRST fix to clean the temporary files. Unfortunately, you won't find your browsing history before the fix.

4. The only thing I can think regarding the account "other" is that it may became corrupted for some reason.

5. Click on the PUA:Win32/AskToolbar (08/19/2024) and take a screenshot with the details of the threat. Attach it in your next reply.
 
3. The browser history was missing before ran FRST. However it does show up now when user account "other " finally opens??

4 .The Other Account- wondering if when whatever happened, had something to do with the account "Other" conflicting with Wndows 10 platform and previous Windows 7 or 8. When look at system restore settings From Control Panel and not from WIn 10 Settings, it shows the previous Windows (7 or 8) platform info for system restore, not Windo 10.

5. Do not know where that tool bar is, it only shows up as shown in image previous post.

Thank you
 
Click on the PUA:Win32/AskToolbar (where the arrow shows) and take a screenshot with the details of the threat. Attach it in your next reply.

1724336122639.png
 
PUA:Win32/AskToolbar Active level: Low Status; Active

Date:7/15/2024 4:30 PM

Category: Potentially Unwanted Software

Details: This program has potentially unwanted behavior



Learn More

Affected Items:

file:C/TempCrystalClearShare/APNSetup.exe

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/Idcl.dr.exe

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/Idc.dr_x64.exe

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/IdcSrv.dll

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/IdcSrvStub.dll

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/IdcSrvStub_x64.dll

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/IdcSrv_64.dll

file: C:/Users/other/AppData/Local/Temp \0ccbb43c-8818-4e78-9943-73927cdbbb50_Backup files 33.zip.b50\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe

file: C:\Users\other\AppData\Local\Temp\130536fd-a510-4836-b2c5-5c95e87b660a_Backup files 33.zip.60a\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll

file: C:\Users\other\AppData\Local\Temp\6ef8ed1f-4384-4bf1-9d7c-64df065c7de3_Backup files 33.zip.de3\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll

file: C:\Users\other\AppData\Local\Temp\99bdb7a5-3b1a-4fc8-a0fd-0875e117896f_Backup files 33.zip.96f\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe

file: C:\Users\other\AppData\Local\Temp\b98e1b98-8b4b-402c-978b-904c586179ca_Backup files 33.zip.9ca\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll

file: C:\Users\other\AppData\Local\Temp\eb837a5d-dbf4-4cce-8e36-aca2acfcc91d_Backup files 33.zip.91d\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll

file: C:\Users\other\AppData\Local\Temp\f85d6ca9-1669-4c9f-a328-f538a2b71753_Backup files 32.zip.753\C\Temp\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy3\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy3\Temp\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll

file: \Device\HarddiskVolumeShadowCopy6\Temp\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll

file: \Device\HarddiskVolumeShadowCopy9\Temp\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll

OK
 
Hi.

Those details are from July 15th. I asked you to give me the info for the August 19th. Can you do this for me, please?

Also, give me a screenshot of what you see at the end of the details. I want to see the available options.
 
Yes, but now you didn't give me all the details as you did before. :)
 
Each Date has the exact same details that copied pasted on first date (had copied pasted each line one by one and double checked for this date was exact same details other than the date) .
 
Select the option REMOVE.

Restart the computer and do the following:

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command line and press Enter.

Code: 
reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt

  • In the Search area type File Explorer and choose it from the items appeared.
  • In the address area type C:\Profile.txt and press Enter.
  • From the list, choose C:\Profile.txt, double click to open it.
  • Select the content of the file, copy and paste it in your next reply.
 
Status
Not open for further replies.
Back
Top