officomputer
Well-known member
- Aug 13, 2024
- 79
Good day. followed steps as indicated/// when did search , kept saying ' working on 'a nd did not finish after couple hours??
[SOLVED] Win 10 Pro -ran WinDefender Threat Found & removed- PUA:Win32/AskToolbar,still comes back, request help permanently remove Also
- Thread starter officomputer
- Start date
- Status
officomputer
Well-known member
- Aug 13, 2024
- 79
ok will re run
officomputer
Well-known member
- Aug 13, 2024
- 79
oh just saw other post ok will do
officomputer
Well-known member
- Aug 13, 2024
- 79
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-117359660-1638003740-2463772522-1000]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,4d,00,61,00,72,00,74,00,79,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2c,c4,fe,06,1c,f4,a1,61,6a,2f,da,\
92,e8,03,00,00
"FullProfile"=dword:00000001
"Migrated"=hex:40,17,9e,2d,10,ea,d6,01
"LocalProfileLoadTimeLow"=dword:ae454a0b
"LocalProfileLoadTimeHigh"=dword:01daf80f
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:3b27341a
"LocalProfileUnloadTimeHigh"=dword:01daf80f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-117359660-1638003740-2463772522-1003]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,6f,00,74,00,68,00,65,00,72,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2c,c4,fe,06,1c,f4,a1,61,6a,2f,da,\
92,eb,03,00,00
"LocalProfileLoadTimeLow"=dword:3ff1e1fc
"LocalProfileLoadTimeHigh"=dword:01daf65c
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:2060f04f
"LocalProfileUnloadTimeHigh"=dword:01daf77a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-117359660-1638003740-2463772522-1004]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,51,00,42,00,44,00,61,00,74,00,61,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,55,00,73,00,65,00,72,00,32,00,39,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2c,c4,fe,06,1c,f4,a1,61,6a,2f,da,\
92,ec,03,00,00
"LocalProfileLoadTimeLow"=dword:f4762e6b
"LocalProfileLoadTimeHigh"=dword:01daf658
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-117359660-1638003740-2463772522-500]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,\
72,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000100
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2c,c4,fe,06,1c,f4,a1,61,6a,2f,da,\
92,f4,01,00,00
"LocalProfileLoadTimeLow"=dword:00f431d7
"LocalProfileLoadTimeHigh"=dword:01daf658
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:43b6310c
"LocalProfileUnloadTimeHigh"=dword:01daf80f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-117359660-1638003740-2463772522-1000]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,4d,00,61,00,72,00,74,00,79,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2c,c4,fe,06,1c,f4,a1,61,6a,2f,da,\
92,e8,03,00,00
"FullProfile"=dword:00000001
"Migrated"=hex:40,17,9e,2d,10,ea,d6,01
"LocalProfileLoadTimeLow"=dword:ae454a0b
"LocalProfileLoadTimeHigh"=dword:01daf80f
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:3b27341a
"LocalProfileUnloadTimeHigh"=dword:01daf80f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-117359660-1638003740-2463772522-1003]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,6f,00,74,00,68,00,65,00,72,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2c,c4,fe,06,1c,f4,a1,61,6a,2f,da,\
92,eb,03,00,00
"LocalProfileLoadTimeLow"=dword:3ff1e1fc
"LocalProfileLoadTimeHigh"=dword:01daf65c
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:2060f04f
"LocalProfileUnloadTimeHigh"=dword:01daf77a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-117359660-1638003740-2463772522-1004]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,51,00,42,00,44,00,61,00,74,00,61,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,55,00,73,00,65,00,72,00,32,00,39,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2c,c4,fe,06,1c,f4,a1,61,6a,2f,da,\
92,ec,03,00,00
"LocalProfileLoadTimeLow"=dword:f4762e6b
"LocalProfileLoadTimeHigh"=dword:01daf658
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-117359660-1638003740-2463772522-500]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,\
72,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000100
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2c,c4,fe,06,1c,f4,a1,61,6a,2f,da,\
92,f4,01,00,00
"LocalProfileLoadTimeLow"=dword:00f431d7
"LocalProfileLoadTimeHigh"=dword:01daf658
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:43b6310c
"LocalProfileUnloadTimeHigh"=dword:01daf80f
- Feb 12, 2015
- 1,879
No problem with the profile accounts.
Have you removed the threats detected by Defender? If not, then do that now.
After that:
Have you removed the threats detected by Defender? If not, then do that now.
After that:
- Download CrystalDiskInfo from here and save it to your Desktop.
- Run the installer to install the program.
- When finished, open the installed program by double clicking on it.
- If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
- Take a screenshot of your result.
officomputer
Well-known member
- Aug 13, 2024
- 79
Yes removed the threats (as did previously in past, kept coming back)
Question: will running the install as indicated, delete or alter anything ?\
Question: will running the install as indicated, delete or alter anything ?\
officomputer
Well-known member
- Aug 13, 2024
- 79
The link would not open in MSN bing, so opened it in Google chrome (do not like either) . Does it matter which folder save it to?
officomputer
Well-known member
- Aug 13, 2024
- 79
ok ty
officomputer
Well-known member
- Aug 13, 2024
- 79
It is taking awhile to download (internet) will have to step out a bit be back later will update Thank you
officomputer
Well-known member
- Aug 13, 2024
- 79
officomputer
Well-known member
- Aug 13, 2024
- 79
- Feb 12, 2015
- 1,879
And we just saw the main cause of your issues: your disk is failing.
I strongly recommend you to save all your files, order a new disk and replace it as soon as possible.
We could do this test earlier, but since cleaning was also needing, we proceeded with that first. Now, the issue is obvious.
I strongly recommend you to save all your files, order a new disk and replace it as soon as possible.
We could do this test earlier, but since cleaning was also needing, we proceeded with that first. Now, the issue is obvious.
officomputer
Well-known member
- Aug 13, 2024
- 79
When you say order new disc- really do not follow that info except it said caution. What indicates disc failure if may ask?
It seems to be browsers that were issue all of a sudden.
should there be a disc from original to re install?
It seems to be browsers that were issue all of a sudden.
should there be a disc from original to re install?
- Feb 12, 2015
- 1,879
The warning CAUTION shows that the disk started failing, and you don't know when it is going to completely fail. The fact that your computer doesn't function properly (for example, you can't run Malwarebytes in both normal and safe mode, a fix with FRST takes ages, the installation of CrystalDiskInfo took so long, slow functionality...), even after the cleaning procedure, confirms that.
What do you mean? That you would like the same disk?
officomputer
Well-known member
- Aug 13, 2024
- 79
Ok yes that makes sense. Like said was thinking was browser hijack and the windows update that auto installed when all it started .
Guess was thinking of recovery disk or something or original one used install in beginning. Not sure as not ever had to do that.
For order new disk- is that a WIndows 10 Pro Disk you are referring to?
Guess was thinking of recovery disk or something or original one used install in beginning. Not sure as not ever had to do that.
For order new disk- is that a WIndows 10 Pro Disk you are referring to?
officomputer
Well-known member
- Aug 13, 2024
- 79
What about the PUA:Win32/AskToolbar that keeps showing up that is a virus or something is it not? can we permanently remove it first?
- Status