A user reported her Windows 10 Professional system was running slowly. On September 14, 2017, I checked the system with SUPERAntispyware, which reported that it found the Ask Toolbar. It reported the following items associated with the toolbar:
C:\ProgramData\ASKPARTNERNETWORK\TOOLBAR
HKCU\Software\AskPartnerNetwork\Toolbar
C:\ProgramData\AskPartnerNetwork
I checked the timestamp for the C:\ProgramData\AskPartnerNetwork
directory to see when it was created and saw the following:
C:\ProgramData>dir /s Ask*
Volume in drive C is OS
Volume Serial Number is D6DD-50D8
Directory of C:\ProgramData
09/13/2017 06:46 AM <DIR> AskPartnerNetwork
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
1 Dir(s) 218,125,537,280 bytes free
C:\ProgramData>The Windows Registry entries I found when I checked the relevant Windows Registry key are in this AskPartnerNetwork.reg file, which can be viewed with the Microsoft Notepad; if you download the file on a Windows system, don't double-click on it to open it or you will add the registry entries to the Windows registry.
I had previously installed BrowsingHistoryView on the system, so I performed a BrowsingHistoryView search by time period for any URLs accessed on September 13, 2017. The first URL I saw accessed on that day was not until 6:48:23 AM when there was an access to the search.searchyffff.com site by the Firefox web browser. I noticed that is the home page Firefox goes to when it is opened.
The system uses a Microsoft Windows server as its DNS server. I log DNS queries on that system, so I looked for any DNS queries from the affected system near the time of the timestamp for the AskPartnerNetwork directory and saw the following:
| Time | FQDN |
|---|---|
| 06:46:52 | anx.apnanalytics.com |
| 06:46:53 | apnstatic.ask.com |
I checked on which entities owned the IP addresses associated with those two domain names using the WhosIP developed by Nir Sofer and saw the following:
C:\Program Files\Utilities\NirSoft\whosip>whosip anx.apnanalytics.com WHOIS Source: ARIN IP Address: 74.113.233.187 Country: USA - New York Network Name: MINDSPARK-01 Owner Name: Mindspark Interactive Network, Inc. CIDR: 74.113.232.0/21 From IP: 74.113.232.0 To IP: 74.113.239.255 Allocated: Yes Contact Name: Mindspark Interactive Network, Inc. Address: 29 Wells Ave, Suite 300, Yonkers Email: networkservices@mindspark.com Abuse Email: abuse@mindspark.com Phone: +1-914-591-2000 Fax: C:\Program Files\Utilities\NirSoft\whosip>whosip apnstatic.ask.com WHOIS Source: ARIN IP Address: 23.39.177.73 Country: USA - Massachusetts Network Name: AKAMAI Owner Name: Akamai Technologies, Inc. CIDR: 23.64.0.0/14, 23.32.0.0/11 From IP: 23.32.0.0 To IP: 23.67.255.255 Allocated: Yes Contact Name: Akamai Technologies, Inc. Address: 150 Broadway, Cambridge Email: ip-admin@akamai.com Abuse Email: abuse@akamai.com Phone: +1-617-444-2535 Fax: C:\Program Files\Utilities\NirSoft\whosip>
Akamai Technologies is a content delivery network (CDN) and cloud services provider, so Ask.com, which was originally known as Ask Jeeves, appears to be hosting its services with Akamai or relying on Akamai for content delivery services.
The Ask toolbar has garnered criticism because it is often bundled with other software so that it is installed by default when the other software is installed and due to difficulties users have experienced in uninstalling it. Browser toolbars can provide users with additional functionality they will appreciate, but as the Wikipedia article on browser toolbars notes in regards to controversies with browser toolbars:
Many unscrupulous companies use software bundling to force users downloading one program to also install a browser toolbar, some of which invade the user's privacy by tracking their web history and search history online. Many antivirus companies refer to these programs as grayware or Potentially Unwanted Programs (PUPs).
I had SUPERAntiSpyware remove the Ask Toolbar. The Ask Toolbar may not have been responsible for the slowdown in system performance reported by the user, but it isn't the first time I've had SUPERAntiSpyware report its presence when I've checked a system after a user has reported poor performance on a Windows system. I found the Ask Toolbar on a family member's Windows 10 system when I performed a scan with SUPERAntiSpyware on July 2 of this year. The Ask Toolbar may not have been installed on this system on September 13 at 6:46 AM; it might have been installed previously, but updated at that time.
Related articles: