Rootkit after total reformat from hidden drive, contaminated recovery

[regardingjoy]

It booted. Not sure what drive it’s booting? When I click my Computer it shows Local Disk C:

Then, I shut it down again to see what bios showed, and then what drives show up on the boot disk. 
In Bios it shows this, see photo.

Then, I boot using the boot disk. When I did a cmd window popped up fast, all I could read is X: and hiderun. 
 When I look at drives via my computer here it only shows usb Y: which isn’t even a drive letter I used, but no C drive. Or D:.
Then I renamed the drives correctly and it boots again into what looks like my desktop. (This is what I was trying to show with my photos in the post where you replied you don’t use Partition Expert you use Windows. I used the partition program only when the drive letter was removed.) I will attempt to run the fix list now. I hope I am explaining this correctly. I’m sure it’s not allowed and air would never expect it but you might have a better grasp looking at this via something like teamviewer, I will run the fix list now. 

[regardingjoy]

mouse still not working, here is the log

Fixlog.txt

[JSntgRvr]

Attach the DiskCheckLog.txt on your desktop.

[regardingjoy]

DiskCheckLog.txt

[JSntgRvr]

The disk looks OK, although the partitions look awkward. The efi partition is labeled as unknown, and there is a 846 MB partition that should be the recovery environment.

Is the mouse USB? Check the Device Manager. Expand the Mice and other pointing devices. Is there a device listed Therein?

[JSntgRvr]

In you BIOS, the USB ports appear as n/a. Are they active?

[JSntgRvr]

Will check on you in the am.

[regardingjoy]

It wasn’t always labeled as unknown. If it’s the recovery partition it is hidden and does not work or show for me when trying to boot to it, 
I booted to the bios just now, here is what it looks like. It looks like I have no drives again.  It’s supposed to be UEFI?
The mouse is usb, but I plugged one in and that one won’t work on this laptop either. It moves but it won’t click and it works fine on other pcs. I tested it on an ancient one with no Windows. The drives had no issue until after I came here, this is somethingnew, when it started having the drive letter changed. The Y: drive was not Y. I have no clue why it’s changing, it isn’t me doing it. 
This laptop is loading as it is shown here, but when I click the drive to what looks like my Windows it shows up normally and I will post that photo after this post. 
When I go to the bios it looks like this now. 
When I boot to the boot disk it looks like this. The drive is gone. But windows boots somehow or it looks like it does. 

[regardingjoy]

I didn’t change the drive letters this time to how it should be. I instead booted to Windows that isn’t showing up, when I do. This is what it looks like.

The drive letters are being changed that’s why they aren’t showing up. I have no clue if Windows is changing them or what the explanation is. 
The mouse was disabled only after trying to do these fixes. I’m not doing it and I know you aren’t. I did go to device manager and the drivers are already correct. I did try to update them anyway just in case, but no change. This is all over my head. I left everything as is and am shutting the laptop down until tomorrow. I won’t turn it on until I hear back. Thank you so much for helping me out.
 

[JSntgRvr]

Drive D: seems like the Recovery partition. The Hidden partition is the efi. The BIOS show the USB drives as n/a. Can them be enable in the BIOS?

[regardingjoy]

Went into bios and the usb is enabled. Or I think it is, here are photos since I don’t know what I’m looking at.  I disabled fast boot because the ASUS website said if you are having problems with usb to disable it. So far it made no difference. 
Part of the internet stack as disabled so I enabled it. It’s really hard to maneuver in bios or anywhere with no mouse.If I plug in a usb it did show up, I can try to plug one in and check bios then? If I should let me know.

i saw internal pointing device disabled and enabled it, hoping it would help. It hasn’t.
Now remember the real C and D had the drive letters removed. The real C drive is where Windows is, so how am I even booting to Windows? 
I can add the real drive letters back, to see how bios looks then, but I didn’t want to do that until you saw how it shows as is.

This just gets weirder and weirder. Okay my photos above, the fat32 drive is renamed C: and my real C: has no drive label, nor does D: so this is booted a mini windows drive from the fat32? Just trying to understand here. Is that possible?

I am not adding the drive letters yet, as I am waiting to hear what I should do. 
 

this probably doesn’t apply but I will mention it anyway, if it doesn’t just ignore it. :

I did see a few posts doing google searches for X: drive possible virus/rootkit, not sure if it applies here but the only “fix”listed was someone who had the issue, who reregistered a bunch of windows files, said the pc wasn’t booting into Windows but a Mini Windows (forgot how it was worded) and went on to detail the windows recovery drive being corrupt with fake drivers and the drive hides and reinstalls the fake drivers and loads the win rec settings causing them to be corrupt,even if you bipass them. Mentions a fake ipxe driver. Fake admin rights you don’t really have and that you boot into Windows PE, so it’s like a virtual machine. Modem data changed, regsvr32.exe files to enter into cmd, stop and restart gifs, wuauserv, and cryptsvc. And other things that I don’t understand and it probably doesn’t apply here but I mentioned anyway. I just googled searched to see if anyone else had rootkit detected and a hidden X drive. By searching fix for boot X: virus. I would never do any of that unless advised because it could mess up up since I don’t know what my laptop issue is, and don’t understand Windows. 

[regardingjoy]

With the drives renamed by what or who this is how it looks at the moment. The drives were fine until the renaming took place.

[regardingjoy]

I forgot a photo so I went into using the boot disk to show how it looks via partition programs, currently this is how it looks, so how is it booting? Currently no partitions have drive letters except the hidden X: and Y:(usb)(on the far left). Again, I never named any drive Y or Z, so at least the Y was changed. 

I will open another program just to verify and attach that photo as well. This is just to show what the drives look like from the Y drive.The last photo shows how the drives look from Hirens Boot usb. Shutting down until I hear back. No action was taken. Just looked at how it appears here. Thank you again!

[regardingjoy]

These just show how the bios looks once I plug in a boot usb. Hope that’s helpful. 

[regardingjoy]

Now it won’t turn off.  I made no changes. This is why I said every time I turn it on something else gets changed. 
I can return to Hirens and make it boot again by changing the drive letters back to how they were. But windows was booting with no drives, how is that possible. 
I will add the drive letters back. I did try to open recovery, and nothing happens. It’s hidden or something. After I add them to what they should be I will sign out until reply

[JSntgRvr]

How about pressing F9 to set Default ->Save and Exit?

[JSntgRvr]

I believe the boot priority should be changed to UEFI, partition 1

[regardingjoy]

I did try the F9. No change. UEFI partition 1 ? UEFI partition 1 only shows when Hirens boot disk is plugged it, it’s Hirens Win PE 10. 

[regardingjoy]

I added the drive letters back just now, no change in bios

[regardingjoy]

Added drive letters back booted from bios to Hirens and it reverted again. Let me see if it even loads

[regardingjoy]

Before I try, this is how it looks from here

[regardingjoy]

The X: hiderun popped up in a cmd window when I booted Hirens. Forced shut off because now the shutdown button doesn’t work. It loaded what looks like Windows. It looks like it’s loading somehow without the Windows partition. How? 

[regardingjoy]

Now when I load this windows desktop.ini pops up 10xl Should I turn it off?

[JSntgRvr]

FRST64 was saved as C:\Users\Joy\Downloads\FRST64.exe

• Download the enclosed file  Fixlist.txt
• Save it in the same location FRST64 is saved. 
• Start FRST (FRST64) with Administrator privileges
• This time around Press the Fix button and wait
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

[regardingjoy]

Fixlog.txt