Sorry about the delay, but I had family issues out of state for weeks!
I finally reset/recovery my Windows yesterday (after doing a lot of research on this procedure) and am writing from that computer. All went very smoothly. All my personal files & apps were gone, as expected, as well as, all the programs that the hackers installed AND I no longer see the black box flash on the desktop upon boot-up (yay!-I think it had something to do with the command prompt).
I changed the password to my Microsoft account,
password to log into my computer,
the name of my computer,
my last name,
AND under system properties>remote tab> I unchecked the box for "Allow Remote Assistance connections to this computer". Also, uninstalled McAfee Trial and installed Panda Antivirus that I have a license for....and downloaded Mozilla. But I still have some concerns:
1. When I made my selections for the reset, one option was to select just the drive that Windows was on (the C:drive) or all drives which included the D:drive Lenovo. I chose the first option because I figured that I needed the info on the D:drive to get back to factory specs. Because I didn't reset the D:drive, containing factory specs, would my computer still be considered secure at this point or is it possible that something could have been installed there by the hackers??
2. Also, I selected a deep clean that would "take hours" (took a little over 2 hours) in order to really wipe things out. Oddly, when everything rebooted, the desktop was the pale blue solid color wallpaper like I had selected prior to reset and not the Lenovo photo that first came on it. AND the Start Screen displayed the customized patterned wallpaper background that I had pre-selected, again, prior to the reset (not factory specs). Upon the first Windows log-in, the same pre-selected photo that I had by user name/password came up....and I had to go to the MS account to change the photo. If everything was wiped clean, then why did these come up? or are these held in memory at the Microsoft Account online (I
didn't see anything about the wallpaper/screen choices there)?
3. In light of #2 above, I want to be assured that all is wiped clean and am truly starting over with a clean slate. Have all restore points also been cleared (he saw him create a restore point and even know it's name)? DLLS all reset? He left a folder that he worked from on the desktop that were things over my head....(besides installing 6 applications, he disabled UAC for admin, configuration settings for the desktop file, favicon-ICO file, windows batch file-Evntvwr Cleanr....)have they all been removed/reset,
as it appears?
4. Pokki seems to be a free download that changes the start screen with a Start Button, etc. It was on my computer and was deleted as a possible virus with one of the first programs that you had me scan my computer with....and now it's on here again. I do not see it on my apps page nor do I see their acorn icon in the task bar. But today, I suddenly see the little white house in the task bar again (I had previously asked you about this but you said you didn't know anything about it... It appears to be a start button and connected to the App store). But a search for Pokki definitely turns up files on my computer. Might this "house" be the results of Pokki?? Could it be something Lenovo included?? Might this be a border line virus conductive app and an antivirus would target it?
5. AND finally, I want to BUY a licensed version of Malwarebytes through your site. Which brings me to, can I feel safe/secure now to use a credit card (and make purchases, look at bank statements, etc) on this reset computer? Do you want me to download and run anything as a final check? Should I redownload Adwcleaner, which got deleted?
I know that you were helping me with viruses and malware and I may be asking more than what might be your area of expertise. But I sure to appreciate any help you can pass my way. Thanks so much for being there.