[newbee_4]

Hello, have had some issues lately, my biggest concern is malware like maybe a keylogger, I was typing into a chat with my credit card company and it was -so- slow for what I typed to actually show on the screen (yesterday). Much more so than other webpages.

Background - recently had a problem with some Windows updates, it would no longer show me jpeg or bmp files though I could see the files in other programs, message about a missing Windows file, system restore failed, eventually did a full restore of Windows (just Windows but as you know that uninstalls everything else, otherwise files untouched) about 5 or 6 days ago. I had also saved my Firefox profile and successfully restored that. I am of course needing to reinstall everything, which as far as I can tell has mostly worked out, with one exception. I was using WinPatrol before, could not find a download now, looking around this forum I can see you all think it is not useful, I guess it made me feel safer though.

Otherwise I haven't noticed anything terrible. I deleted all the old restore points and made a new one after the reinstall of Windows plus a few other programs like Malwarebytes. But still worried about what set this all off.

Windows 10 Pro 64 , version 10.01.19041 should be totally up to date.
I had trouble before getting FRST to upload, now I used the settings they provide and it worked? See below hope that is ok, I did change some file names just for the sake of privacy, my file names unfortunately tend to be way tmi.

 

[icotonev]

Hello..! Looking them over now. Dependant on how many entries I need to research this can sometimes take a while...Back when I've finished...!

By the way, I will ask you to temporarily uninstall the Malwarebytes program, according to this instruction:

Uninstall and reinstall Malwarebytes using the Malwarebytes Support Tool – Malwarebytes Support

Once you uninstall Malwarebytes prepare again:


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you..!

 

[newbee_4]

working on it! have deleted above logs for clarity and because I messed up with trying to keep them private, will post new logs in a few minutes -- thank you so much! I uninstalled Malwarebytes, ran Farbar, then reinstalled Malwarebytes afterward, not sure if that was what you meant, let me know if that was a problem.

 

[newbee_4]

new logs here, I am seeing many errors listed in Addition?? I never received any error messages when running updates etc.

 

[newbee_4]

hi icotonev, not sure if you are still following this thread because it got confusing, entire thread was deleted, now obviously has been put back. The logs in post above are what you asked for in your last post, hope you get to see this. Thanks!

 

[icotonev]

Hello..! Merry Christmas..!

The logs are clean..! There are no signs of malware..! What problems are you currently monitoring with your computer..?

So, next thing to do is run an online scan to see whether there's anything that didn't show up in the FRST scans. This scan can take an hour or so to complete, but it's very thorough.

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

[newbee_4]

hi! Merry Christmas!
The reason I got worried was, first, I had a Windows update fail and I was not sure why, I ended up needing to do a fresh install of Windows. As far as I know, I did not lose any data. I did keep a copy of my previous Firefox profile and I reloaded that after the install of Windows a few days ago. Second, sometimes and it is more on financial type sites, my keyboard responds very very slowly. So I got worried about keyloggers. But I am not aware of any bad transactions or anything like that.
Very glad to hear those logs are clear. I will run ESET and post the logs. Thanks again!

 

[newbee_4]

I am getting a different file name for eset? Is this ok to run? esetonlinescanner.exe

also when I try to go to the webpage hXXps://download.eset.com/ I get 404 not found Just checking I am using the correct exe file before I run it, let me know?

 

[icotonev]

The connection is correct..! Just in case.. :

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

[newbee_4]

Thanks! Will run it in a little while.

 

[newbee_4]

here it is, it found some in an old old folder where I had some drivers that have not been used in years. I clicked to go ahead and delete them.

 

[icotonev]

Great..! This result also confirms the previous one..! Your system is clean. There is no malware..! What other problems do you observe with your computer..?

 

[newbee_4]

Sometimes when I am typing, the keyboard response is very slow, this especially seems to happen during chats with my bank, which is why I got worried. Otherwise everything seems pretty good, thank you so much! Maybe the bank itself is recording, I wouldn’t be surprised if they were.

 

[icotonev]

You can add to your protection program SpyShelter - Best Anti Keylogger Software



To uninstall FRST and remove all its files, please do the following ...

• Rename FRST64.exe to Uninstall.exe
• Double click on Uninstall.exe to launch it.
  • Your computer will reboot, and on reboot will remove FRST and all its files

KpRm

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• When the tool opens, ensure all boxes are checked, and select Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

 

[newbee_4]

Thanks icotonev! Working on this. Question, will SpyShelter work ok with Malwarebytes and what comes with Windows? or do I need to do anything to avoid conflicts?

 

[newbee_4]

the log


# Run at 1/4/2021 7:32:02 PM
# KpRm (Kernel-panik) version 2.8
# Website KpRm | Suppression des outils de désinfection
# Run by saraAdmin from C:\Users\saraAdmin\Desktop
# Computer Name: VM-893467
# OS: Windows 10 X64 (19041)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\saraAdmin\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2021-01-04-19-32-02

- Delete Tools -


## ESET Online Scanner
[OK] C:\Users\saraAdmin\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\saraAdmin\Desktop\esetonlinescanner.exe deleted

## FRST
[OK] C:\Users\saraAdmin\Downloads\FRSTEnglish.exe deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Windows Modules Installer created at 12/20/2020 14:09:42 deleted
~ [OK] RP named Scheduled Checkpoint created at 12/30/2020 02:49:20 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 01/05/2021 00:32:11

-- KPRM finished in 19.38s --

 

[icotonev]

Thanks icotonev! Working on this. Question, will SpyShelter work ok with Malwarebytes and what comes with Windows? or do I need to do anything to avoid conflicts?

According to Knowledgebase and this relationship Is SpyShelter compatible with my anti-virus? you should not have a conflict ..! The best way to find out if SpyShelter is compatible with security software is to simply install it together and test..![/QUOTE]

 

[newbee_4]

hi! Did the log look ok?

I think SpyShelter was ok with Malwarebytes but unfortunately I was not able to use some other software that I use a lot, HyperSnap from Hyperionics. So I uninstalled SpyShelter until I can hopefully figure out the settings, probably there is a way to make it work but I did not figure it out yet.