Solved what kind of malware do I have

[ali2018]

Hello,
I am seeking help with trying to figure out what kind of malware I have on my computer. My story is a bit strange in that I had malware on iphone that was install by a coworker and that is when all of this problems started. I feel that this person is attaching my computer now. I purchased my Lenovo computer in September 2017 and then it started getting slow like freezing, so I send it out after I failed to reset the operating system on my own. Lenovo decided to replace by hard drive and then I got it again, so found out that it's my neighbor put this malware back on my computer. He is able to play around with my mouse and see what I am doing on my computer, so I would like to know what kind of malware is this that was not detect. I would appreciate any help you can give me.

 

[TwinHeadedEagle]

[MANDATORY] Preparation Guide Before Requesting Malware Removal Help

 

[ali2018]

Hello,
I have attached the files requested in your guide. I would be more than happy to provided money for beer! I think my malware might be driver configuration from what I have read so far but I am not sure yet. I have found some kernel-PhP event on my device manager as well.

Thanks! Alba

 

[TwinHeadedEagle]

I do not see obvious signs of infection. Let's check deeper:

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam.
• Click the Scan tab, choose Threat Scan is checked and click Start Scan.
• If threats are detected, click the Quarantine Selected button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the Reports tab.
• Double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



Check Disk

• Press the
  
  on your keyboard. Type cmd and right click >> Run as Administrator.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the
  
  + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

 

[ali2018]

Okay, thanks! Here are result for malwarebytes scan and also the Dish check

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 3/11/2018 4:25:39 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: LAPTOP-2PTC1T4J
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
A disk check has been scheduled.
Windows will now check the disk.
Stage 1: Examining basic file system structure ...
353792 file records processed.
File verification completed.
8679 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
368 reparse records processed.
432628 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered to lost and found.
368 reparse records processed.
Stage 3: Examining security descriptors ...
Cleaning up 3759 unused index entries from index $SII of file 0x9.
Cleaning up 3759 unused index entries from index $SDH of file 0x9.
Cleaning up 3759 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
39419 data files processed.
CHKDSK is verifying Usn Journal...
37579464 USN bytes processed.
Usn Journal verification completed.
Stage 4: Looking for bad clusters in user file data ...
353776 files processed.
File data verification completed.
Stage 5: Looking for bad, free clusters ...
108094428 free clusters processed.
Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
No further action is required.
472585215 KB total disk space.
39610244 KB in 169268 files.
122664 KB in 39422 indexes.
0 KB in bad sectors.
474591 KB in use by the system.
65536 KB occupied by the log file.
432377716 KB available on disk.
4096 bytes in each allocation unit.
118146303 total allocation units on disk.
108094429 allocation units available on disk.
Internal Info:
00 66 05 00 3c 2f 03 00 81 2a 06 00 00 00 00 00 .f..</...*......
05 01 00 00 6b 00 00 00 00 00 00 00 00 00 00 00 ....k...........
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-03-11T23:25:39.320921800Z" />
<EventRecordID>8715</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>LAPTOP-2PTC1T4J</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
A disk check has been scheduled.
Windows will now check the disk.
Stage 1: Examining basic file system structure ...
353792 file records processed.
File verification completed.
8679 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
368 reparse records processed.
432628 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered to lost and found.
368 reparse records processed.
Stage 3: Examining security descriptors ...
Cleaning up 3759 unused index entries from index $SII of file 0x9.
Cleaning up 3759 unused index entries from index $SDH of file 0x9.
Cleaning up 3759 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
39419 data files processed.
CHKDSK is verifying Usn Journal...
37579464 USN bytes processed.
Usn Journal verification completed.
Stage 4: Looking for bad clusters in user file data ...
353776 files processed.
File data verification completed.
Stage 5: Looking for bad, free clusters ...
108094428 free clusters processed.
Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
No further action is required.
472585215 KB total disk space.
39610244 KB in 169268 files.
122664 KB in 39422 indexes.
0 KB in bad sectors.
474591 KB in use by the system.
65536 KB occupied by the log file.
432377716 KB available on disk.
4096 bytes in each allocation unit.
118146303 total allocation units on disk.
108094429 allocation units available on disk.
Internal Info:
00 66 05 00 3c 2f 03 00 81 2a 06 00 00 00 00 00 .f..&lt;/...*......
05 01 00 00 6b 00 00 00 00 00 00 00 00 00 00 00 ....k...........
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

 

[TwinHeadedEagle]

Your computer seems clean. How is it behaving now?

 

[ali2018]

Thanks for getting back to me. The computer was behaving better. But unfortunately, I no longer have the computer but I appreciate you help. Thanks again ! Ali2018