[SOLVED] Win 10 Pro -ran WinDefender Threat Found & removed- PUA:Win32/AskToolbar,still comes back, request help permanently remove Also

[DR M]

For order new disk- is that a WIndows 10 Pro Disk you are referring to?

Your computer is a DELL XPS laptop, right?

Based on the CrystalDiskInfo, the hard drive has these specifications:

Seagate
SATA/600
Rotation Rate: 7200 RPM
2T

You can search about a hard disk (or an SSD which is faster but more expensive) with the above specifications.

If you think that it will be difficult for you to replace it, you can take it to a store to do that for you.

What about the PUA:Win32/AskToolbar that keeps showing up that is a virus or something is it not? can we permanently remove it first?

That means you are still getting these Defender warnings?

Let me see the details of these warnings again please. I need to see the most recent ones.

 

[officomputer]

Good day,

Hard Disc, got it. Thought might be install disc for WIndows 10.

For the virus threat it is same as post 71.


See Post 72 . is same info. nothing new

Settings for Security : Windows Security Virus and Threat Protection Actions Recommended
Current Threats
Shows the exact same info as before same dates, no new dates added since 8/26/2024 and each one that choose remove for did not remove each one still there;

PUA:Win32/AskToolbar Active level: Low Status; Active

Date:7/15/2024 4:30 PM

Category: Potentially Unwanted Software

Details: This program has potentially unwanted behavior
Learn More

Affected Items:

file:C/TempCrystalClearShare/APNSetup.exe

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/Idcl.dr.exe

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/Idc.dr_x64.exe

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/IdcSrv.dll

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/IdcSrvStub.dll

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/IdcSrvStub_x64.dll

file: C/Temp/Marty/AppData/Local/AskPartnerNetwork/Toolbar/Updater/IDC/IdcSrv_64.dll

file: C:/Users/other/AppData/Local/Temp \0ccbb43c-8818-4e78-9943-73927cdbbb50_Backup files 33.zip.b50\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe

file: C:\Users\other\AppData\Local\Temp\130536fd-a510-4836-b2c5-5c95e87b660a_Backup files 33.zip.60a\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll

file: C:\Users\other\AppData\Local\Temp\6ef8ed1f-4384-4bf1-9d7c-64df065c7de3_Backup files 33.zip.de3\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll

file: C:\Users\other\AppData\Local\Temp\99bdb7a5-3b1a-4fc8-a0fd-0875e117896f_Backup files 33.zip.96f\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe

file: C:\Users\other\AppData\Local\Temp\b98e1b98-8b4b-402c-978b-904c586179ca_Backup files 33.zip.9ca\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll

file: C:\Users\other\AppData\Local\Temp\eb837a5d-dbf4-4cce-8e36-aca2acfcc91d_Backup files 33.zip.91d\C\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll

file: C:\Users\other\AppData\Local\Temp\f85d6ca9-1669-4c9f-a328-f538a2b71753_Backup files 32.zip.753\C\Temp\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy3\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy3\Temp\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll

file: \Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll

file: \Device\HarddiskVolumeShadowCopy6\Temp\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll

file: \Device\HarddiskVolumeShadowCopy6\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll

file: \Device\HarddiskVolumeShadowCopy9\Temp\CrystalClearShare\APNSetup.exe

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll

file: \Device\HarddiskVolumeShadowCopy9\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll

OK

 

[DR M]

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CloseProcesses:
Powershell: Get-MpThreatDetection
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

[officomputer]

Good day, was able to run it this Am around 10 AM and it has not stopped running. well still a green bar about in middle not moving
when checked back few minutes ago. Says deleting temporary files that is what it said earlier before left when first started it.

 

[DR M]

Hi.

I strongly recommend you to replace the disk as soon as possible. You see, the system is not functional anymore, and whatever we are trying to do fails. Back up whatever you want to transfer to the new disk (documents, videos, photos, pictures, music), take a note about activation codes of purchased programs and go on for a replacement.

 

[officomputer]

Good day
Not sure what that FRST is doing, it is still open to same spot ;deleting temporary files; yet noticed on desktop there is now from earlier a text fix log attached and this other text doc
and yes when able will replace. thank you

 

[DR M]

The fixlog.txt is not complete. I need the complete log, please.

I also have some other suggestions, but as you can see, everything we try takes ages. And not sure at all when the disk completely dies.

So, I'll repeat that the priority now is you to save useful data and get ready for a disk replacement. I strongly recommend a clean install, without using an image of the old disk.

 

[officomputer]

Guess it is still is running? Yet the txt log showed up on desktop.

Honestly not sure how to do that and waiting on someone to bring a large enough thumb drive for the back up to save as on one have does not enough space.

Thank you wlll update

 

[officomputer]

Is it possible to accomplish the disc thing with an external hard drive that would also hold backups? Do we need a new hard drive and a new install disk?

 

[officomputer]

looking at this one

Seagate 2TB Backup Plus Slim Portable External Hard Drive USB 3.0, Black, STHN2000400​

Small enough for a loaded laptop bag, but spacious enough for loads of content. Seagate Backup Plus Slim portable drive is the perfect marriage of easy portability and truly useful file storage. Easily plug into Windows and Mac computers via USB 3.0, and enjoy helpful tools like customized backup and folder mirroring.

• Textured metal finish fits in with modern lifestyle elements; Compatible with USB 3.0 and USB 2.0; powered by USB connection. Offers customized backup and folder mirroring; Drop files into the designated folder for automatic file synchronization. Product also available in a 1TB capacity, see STHN1000400
• Textured metal finish fits in with modern lifestyle elements; Compatible with USB 3.0 and USB 2.0; powered by USB connection. Offers customized backup and folder mirroring; Drop files into the designated folder for automatic file synchronization. Product also available in a 1TB capacity, see STHN1000400

Robot or human?

 

[officomputer]

will it make difference that Dell has windows old 7 and then upgrade to windows 10

looking at this one

Seagate 2TB Backup Plus Slim Portable External Hard Drive USB 3.0, Black, STHN2000400​

Small enough for a loaded laptop bag, but spacious enough for loads of content. Seagate Backup Plus Slim portable drive is the perfect marriage of easy portability and truly useful file storage. Easily plug into Windows and Mac computers via USB 3.0, and enjoy helpful tools like customized backup and folder mirroring.

• Textured metal finish fits in with modern lifestyle elements; Compatible with USB 3.0 and USB 2.0; powered by USB connection. Offers customized backup and folder mirroring; Drop files into the designated folder for automatic file synchronization. Product also available in a 1TB capacity, see STHN1000400
• Textured metal finish fits in with modern lifestyle elements; Compatible with USB 3.0 and USB 2.0; powered by USB connection. Offers customized backup and folder mirroring; Drop files into the designated folder for automatic file synchronization. Product also available in a 1TB capacity, see STHN1000400

Robot or human?

DISREGARD just found out that have to have a hard disk and that cannot use external disk drive to replace hard disk, only for storage,

 

[DR M]

Yes.

You need an external disk to backup your files, and an internal disk to replace the old one.

The computer is a laptop, right?

 

[officomputer]

Good day, It is Dell Desktop
Waiting on the External one to arrive late today. Will save info and not sure when able to get the Hard drive Internal one replaced. Hopefully that External hard drive will be compatible. It is 3.0.
Will update as proceed. Thank you much.

 

[DR M]

Hello.

Any news? What did you do? Do you have any questions?

 

[officomputer]

Good evening,

'burning midnight oil'

Received the external HD today and had to leave. Did not have time to do more. That is why made point to save all to Thumb drive and it was also in another Drive on computer, 'WAS'.
May have to save info and look at refurbished computer at Walmart. Cost wise may be less expensive. Have to have for the business side and use for private also.


1. Looks like the FRST finished last evening around 10 PM think and it said to restart computer. Had a website class opened and running not able to close til class finished, Left and came back and started to resume class and computer shut off and restarted automatically.

1 a. In the process when went to open QuickBooks (QB) Program short time later the QB, does not recognize- the Company File *see images


That is seriously a HUGE HUGE ISSUE!

2.Per your suggestion and for side caution - Did a few restore points from 8/31 and 9/1.

3. in the external Thumb drive the folder saved for 2024 QuickBooks backups is still here - however it is empty.
Most the previous years in other folders are there and are not empty.


4.
Do have in Windows 'J' thumb drive the Windows Backup Set Folder 08 19 2024 and it does have the 8 19, 8 25 and 9 1 Folders with the Windows backups in them - however do not see lot of the other Windows backups from before there or elsewhere.

Had done the QB back ups before did last restore to assure had them, both On windows computer and the thumb drive.

5.
Also, in the J thumb drive for the 2024 Backups that was for Windows backups, it does have a 8/11/24 Data archive Zip folder but when click to unzip the error Compressed (zipped) folders comes up says Please insert the last disk of the Multi Volume set and click ok to continue.
Do not know what the last Disc is referring to?
Attempted to extract compressed zipped folders and get a caution message that Cannot complete the compressed zipped folders Extraction Wizard.

Will include screen images next post. The message says 'first must copy files to this compressed zipped folder' ????

Also see that same back up folder shows 'video shortcut', did not move it there, that was done by Windows or FRST or???


6
Not sure however it looks like the 'J' external Thumb Drive is now called Back ups- so that must be because did a Windows Backup and to save to J thumb drive and it names them.

6 b
However not sure, but it does look like in that same J thumb drive it now has the User Marty- PC computer or something- including a image copy. When click on J thumb drive it is there. Do not remember it being there before - it was not of course.


7.All that being said wondering if necessary to first do a system restore back to earliest date or first attempt to resolve QuickBooks issue with the QuickBooks program itself first.
Do not see how it could change QB company file info as it is its own program.

 

[officomputer]

 

[officomputer]

Here is copy of 9/2 Fix it log that is on desktop. The same threats show up as low threat in Troublshoot settings, no new dates added, however Malarebytes or FRST did not remove them and each time choose to remove they stay.

Side note, after almost 4 plus weeks dealing with Internet Company to come out, and during which time they had local outages from storms floodings at main station - they finally got out here on Friday after 5 PM and they had to reconstruct the box or something outside. After that now the websites and internet seem to work better since Saturday. However that is also when FRST finished on Saturday PM,
Too many things were happening at once and still sorting through other small 'f- i' r' e s' during and after. Apologies that have not been readily available to respond. Do appreciate that you have stayed in contact with this to assist. Will be in out on Wednesday and not sure if when will be able to respond during day maybe PM.
Thank you

 

[officomputer]

Just looked At Qb help and that lead me to copy and paste in word to show you what it said, in process seems Documents on Windows in the Libraries NOW only has 2 folders
Intuit folder
and Sound recordings? Again not where they were.

Screen shots here/ in the Intuit Folder click it has QB Company files from 8 /22 /2024 hum that is when all was changing on Compter about then. However when yhou Click that folder it only has templates for invoices and the other Folders have nothing when open.
and the folder for Videos in Library tree has Sample Vidoes folder and USE Drive E Short cut????

 

[DR M]

Most of the threats detected by Defender are in your shadow copies and temp folder.

E.g.
{file:_\Device\HarddiskVolumeShadowCopy3\CrystalClearShare\APNSetup.exe,
file:_\Device\HarddiskVolumeShadowCopy3\Temp\CrystalClearShare\APNSetup.exe,
file:_\Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, file:_\Device\HarddiskVolumeShadowCopy3\Temp\Marty\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe...}


The latter (temp files) were deleted (actually more than 90 GB temp files were deleted), so those detections are gone.

As to shadow copies, I would not use them or transfer them to the new disk, and I had a reason when I asked you in my previous post to backup only documents, pictures, videos, pictures. The wise decision is to make a fresh clean start, without transferring infected items in the new disk.

Regarding QuickBooks, the most possible reason you see the folder empty in the external disk is that the content of the folder is not copied in there. You will have to retry and give it time to complete copying. Considering that everything you do takes so much time, the process of copy/paste will take long.

I do not use QuickBooks, so I don't know what company file means, but I would follow the instructions given by the software.

 

[officomputer]

Good day

1 If the threats are in the temp and it was empty -don't the threats get deleted also?

2 Does that mean all of the backups including past years or just whatever shadow copy 3 is?
Can it be separated to just only 3 image not save?
Quickbooks data is necessity .
Do not have knowledge on how those work really.


On positive - now able to get into user Other and all info there although that is not the user with the important
info.

3 Also, revisited Quickbooks search and do have most of the info, including the Company info, although as can see from previous screen shot - had choice to open 3 companies when open Quickbooks , now was only able to choose the one and it is current up to about 8/24 and rest can be reinterred updated manually.

4 The pup toolbar that still shows up, is that what is in the Shadow 3 image ?
What prevents it from being removed?
Should FRST be uninstalled and Adware cleaner and Malwarebytes before save over to new external drive.

Have been out quite bit with other matters tending to that require attention also.

thank you