Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Not Sure If My System Is Infected


Recommended Posts

Hi there!

I started a thread in another spot on the forums, but I think I need more in-depth help. 

I took my computer to the only person in the small town I currently live who I've ever seen say they do work on computers. It was moving really slow, to the point I couldn't get anything accomplished. I asked if he would clean it up, and make it move faster. When he called after having the computer for a little while, he said it was telling him it was about to crash, and that he needed to put a new HD in it.

He said all he had was a 500 GB HD to replace our 1 TB HD. That didn't necessarily bother me because we don't have that much data on the device.

What DID bother me, and why I'm not sure what to do from here, is that he replaced our HD, which already had Windows 10, and installed a pirated version of Windows 7 (which he told me after I got home) and I've had nothing but problems from this supposed "fix".

I've tried reinstalling Quicken, which is one of the main things I use the computer for. Several different programs I tried to install, said they were unable to do so because of corrupted files.

People on the other thread suggested going back to him and having him put a non-pirated copy of Windows on here, but I do not trust him to work with my equipment anymore.

I was able to install Windows 10, and I'm hoping that it is a clean copy since I did it directly from the site myself.

What steps should I take to make sure he hasn't left behind some kind of virus which is stealing my keystrokes? Should I try to reinstall Quicken again? I'm now fearful that this guy has really caused me some problems.

Any help is greatly appreciated! 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Staff

Hello khblom

Were you able to retrieve the original hard drive from him?

There are no obvious signs of any infection on the machine.

Are you experiencing any unusual symptoms since updating to Windows 10?

Please run the following:

Please download Junkware Removal Tool to your desktop.

 

  • Shutdown your antivirus to avoid any conflicts.

     

  • Right-mouse click JRT.exe and select Run as administrator

     

  • The tool will open and start scanning your system.

     

  • Please be patient as this can take a while to complete.

     

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

     

  • Post the contents of JRT.txt into your next message

     

 

Edited by AdvancedSetup
Corrected URL link
Link to post
Share on other sites

Hi @CatByte

Thanks for the help. I haven't opened the tower to see if the old HD is still in it. He said that it is. The place we have it plugged in is difficult for me to get to, as I'm due next week with a baby. My husband is going to open it up and look when he has a less busy day. Hopefully today.

Since I updated to Windows 10, I haven't noticed any issues. I've been concerned to test my system too much in case he created a bigger problem by putting pirated software on the system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64 
Ran by Admin (Administrator) on Thu 07/07/2016 at  8:50:44.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 17 

Successfully deleted: C:\ai_recyclebin (Folder) 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\coupons (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Roaming\iobit\driver booster (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4h3uz3a.default\user.js (File) 
Successfully deleted: C:\Users\Admin\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\WINDOWS\couponprinter.ocx (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Admin) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Admin (Task)
Successfully deleted: C:\Program Files (x86)\coupons (Folder) 
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-137BF219.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKITINSTALLER.TMP-12C3D90F.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKITINSTALLER.TMP-74106A0A.pf (File) 

Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/07/2016 at  8:52:44.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Again, I appreciate your help. I just want to make sure I'm not infected and I'm running properly licensed software!

Thanks

Khblom

Link to post
Share on other sites

  • Staff

It appears to be legit now,

JRT removed a bit of leftover junk.

Please run the following:

Open Malwarebytes AntiMalware (MBAM):

• On the Settings tab > Detection and Protection subtab, Detection Options, check the box 'Scan for rootkits'.

• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.

• A Threat Scan will begin.

• With some infections, you may see this message box.

  •  'Could not load DDA driver'

• Click 'Yes' to this message, to allow the driver to load after a restart.

• Allow the computer to restart. Continue with the rest of these instructions.

• When the scan is complete, click Apply Actions if there are detections found.

• Wait for the prompt to restart the computer to appear, then click on Yes.

Attach the resulting log.

• Open MBAM once more.

• Click on the History tab > Application Logs.

• Double click on the scan log which shows the Date and time of the scan just performed. (Note: there are two types of logs, scan logs and protection logs, I need to see the scan log)

• Click 'Export' > Click 'Text file (*.txt)'

• In the Save File dialog box which appears, click on Desktop.

• In the File name: box type a name for your scan log.

• A message box named 'File Saved' should appear stating "Your file has been successfully exported" > Click Ok

• Attach that saved log to your next reply.

NEXT

**Please advise how the computer is running now and if there are any outstanding issues.**

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.