Rootkit after total reformat from hidden drive, contaminated recovery

[regardingjoy]

Okay, I made the usb. Should I start installing or do anything else first?

[JSntgRvr]

Once again, to reinstall you must first erase the drive. Boot with the installation media. Select Repair My Computer and get to a Command Prompt. Run these commands:

1. Diskpart
2. List Disk
3. Select Disk 0 (That is Disk zero)
4. Clean
5. Convert GPT
6. Exit

Restart and boot with the Windows Media once again and install

Let me know the outcome.

[regardingjoy]

Thank you. Just making sure before I start. Appreciated!

[JSntgRvr]

Whet the installation ends and the updates start coming-in pause the updates and get the Asus drivers in. Once done, Resume the updates. 

[regardingjoy]

Just started downloading the ASUS drivers. Their site was down for maintenance.

[JSntgRvr]

Lets hope everything comes together now. Do not install Security programs yet.

[regardingjoy]

Installed some drivers and Windows Update said it had no updates for me. While it restarted Windows said updates taking place. Upon startup the taskbar was missing again with a blinking screen. Went to safe mode through recovery to check taskbar settings. The taskbar is set to be displayed. The option to show taskbar on all displays is greyed out. Tried to uninstall the last windows quality update which failed. Tried to uninstall the last windows feature update which also failed. 

[regardingjoy]

I can restore the taskbar with a program, but did not want to do that if there was a more proper way.

[regardingjoy]

Trying to restore the taskbar. Feels like the movie Groundhog Day. Are Windows Updates this messed up, or my own ASUS drivers the problem? I followed the link posted for my drivers from this thread, so they are definitely correct. lol 

[JSntgRvr]

Press the Windows logo key + I to get to Settings (or select Start and Settings). Select Personalization. Select Taskbar ->Taskbar Behavior. Set the hide Automatically hide options to Off.
 

Scan with SecurityCheck by glax24

 

Scan with FSS Farbar Service Scanner

 

Scan with Farbar Recovery Scan Tool

 

 

Thanks

[regardingjoy]

Have a hospital procedure tomorrow so may not be around much.

 

i did check the taskbar settings, it was set to be displayed. The option to show taskbar on all displays is greyed out. I did fix it but it took awhile. Updates restarted the laptop. If it starts okay I will run those programs and post logs. 
windows security will not open, or would not. It says now, Updates are underway. Please keep your computer on.

[regardingjoy]

[regardingjoy]

FSS.txt SecurityCheck.txt

[regardingjoy]

SecurityCheck.txt

[regardingjoy]

I have to go to the hospital tomorrow late afternoon but will check in here in the morning. And again, when i get back. Thank you for your help and time.

Addition.txt FRST.txt

[JSntgRvr]

You cannot download third party programs, but until Windows is completely stable. Just Windows Updates and Asus Drivers. You do not need tweaking programs or Security programs at all. These are not needed:

I know you are desperate to have a system working, but you must follow instructions as we will installing Windows every day.

You will need to start all over again.

Do not download browsers or other software, except for Windows Updates and Asus. Third party programs will do changes to your configuration, and all will fail. Wait at least a week to download other browsers, only if you do not like Edge. Tweaking programs are out of the question, as well as Antimalware products at this point. Defender will protect you.

So, start all over again and have that commuter running without a hitch.

[regardingjoy]

I understand and can start over but the issue is this, every single time I format and do updates the taskbar is set correctly every single time but it goes away.
With the taskbar gone and screen blinking, I cannot even get to recovery or safe mode. Safe mode gets hidden or disabled, and often so is recovery so in order to fix the taskbar I need a program to do so. Run gets hidden, so I customize the desktop so I can get around. If these programs weren’t installed I would not have been able to fix the taskbar, or boot to safe mode. This last time I was lucky and recovery wasn’t disabled yet. 
It literally has happened every single time without exception. 
Windows Security has also gotten disabled 75% of the time. And Windows Firewall. There’s no reason they should be getting disabled. I sure am not doing it.

Anyway, I will try to start another format before I have to leave, or when I get back around 8pm pacific. Thank you. 

 

[JSntgRvr]

Wait until Windows is completely installed before you start working on it.

[regardingjoy]

Meaning installed with all drivers and updates correct?

Problem is the taskbar gets removed before it is done doing that. Hopefully it won’t this time. Starting now. :)

[regardingjoy]

[regardingjoy]

[0D78:0A2C][2024-08-12T10:43:22]i001: Burn v3.7.1224.0, Windows v6.2 (Build 9200: Service Pack 0), path: C:\ASUS\Intel_Chipset_Win7_V9401026\Intel_Chipset_Win7_V9401026\Win10\SetupChipset.exe, cmdline: '-burn.unelevated BurnPipe.{C7E6933C-FCFC-4686-A188-EFDCAF52671C} {D8B009E7-0545-4F5D-ACCB-A16098B52216} 12252'
[0D78:0A2C][2024-08-12T10:43:22]i000: Initializing string variable 'IIF_ProductVersion' to value '10.1.1.13'
[0D78:0A2C][2024-08-12T10:43:22]i000: Initializing string variable 'IIF_InstallerVersion' to value '3.1.4'
[0D78:0A2C][2024-08-12T10:43:22]i000: Initializing string variable 'IIF_ExtractionMapping_SetupChipsetx86.msi' to value ';NullDrivers.cab;NOT VersionNT64'
[0D78:0A2C][2024-08-12T10:43:22]i000: Initializing string variable 'IIF_ExtractionMapping_SetupChipsetx64.msi' to value ';NullDrivers.cab;VersionNT64'
[0D78:0A2C][2024-08-12T10:43:22]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\Me\AppData\Local\Temp\Intel\Logs\Chipset_20240812104322.log'
[0D78:0A2C][2024-08-12T10:43:22]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\ASUS\Intel_Chipset_Win7_V9401026\Intel_Chipset_Win7_V9401026\Win10\SetupChipset.exe'
[0D78:0A2C][2024-08-12T10:43:23]i052: Condition 'VersionNT >= v6.1 OR (VersionNT = v6.0 AND NTProductType = 3)' evaluates to true.
[0D78:0A2C][2024-08-12T10:43:24]i000: Setting string variable 'WixBundleName' to value 'Intel(R) Chipset Device Software'
[0D78:0A2C][2024-08-12T10:43:25]i000: Loading managed bootstrapper application.
[0D78:0A2C][2024-08-12T10:43:27]i000: Creating BA thread to run asynchronously.
[0D78:026C][2024-08-12T10:43:28]i000: ** MBA ** Command line:
[0D78:026C][2024-08-12T10:43:28]i000: Setting string variable 'WixBundleName' to value 'Intel(R) Chipset Device Software'
[0D78:026C][2024-08-12T10:43:38]i000: ** MBA ** Calling Engine.Detect()
[0D78:0A2C][2024-08-12T10:43:38]i100: Detect begin, 3 packages
[0D78:0A2C][2024-08-12T10:43:38]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5'
[0D78:0A2C][2024-08-12T10:43:38]i000: Setting string variable 'DotNet40Client' to value '1'
[0D78:0A2C][2024-08-12T10:43:38]i000: Setting string variable 'DotNet40Full' to value '1'
[0D78:0A2C][2024-08-12T10:43:38]i000: Setting string variable 'DotNet45' to value '533320'
[0D78:0A2C][2024-08-12T10:43:38]i052: Condition 'DotNet35 OR DotNet40Client OR DotNet40Full OR (DotNet45 >= 378389)' evaluates to true.
[0D78:0A2C][2024-08-12T10:43:42]i101: Detected package: DotNet45, state: Present, cached: None
[0D78:0A2C][2024-08-12T10:43:42]i101: Detected package: SetupChipsetx86.msi, state: Absent, cached: None
[0D78:0A2C][2024-08-12T10:43:42]i104: Detected package: SetupChipsetx86.msi, feature: NullDriverFeature, state: Absent
[0D78:0A2C][2024-08-12T10:43:42]i104: Detected package: SetupChipsetx86.msi, feature: PackageVersionFeature, state: Absent
[0D78:0A2C][2024-08-12T10:43:42]i104: Detected package: SetupChipsetx86.msi, feature: LicenseAgreementFeature, state: Absent
[0D78:0A2C][2024-08-12T10:43:42]i101: Detected package: SetupChipsetx64.msi, state: Absent, cached: None
[0D78:0A2C][2024-08-12T10:43:42]i104: Detected package: SetupChipsetx64.msi, feature: NullDriverFeature, state: Absent
[0D78:0A2C][2024-08-12T10:43:42]i104: Detected package: SetupChipsetx64.msi, feature: PackageVersionFeature, state: Absent
[0D78:0A2C][2024-08-12T10:43:42]i104: Detected package: SetupChipsetx64.msi, feature: LicenseAgreementFeature, state: Absent
[0D78:0A2C][2024-08-12T10:43:42]i199: Detect complete, result: 0x0
[0D78:0A2C][2024-08-12T10:44:31]i200: Plan begin, 3 packages, action: Install
[0D78:0A2C][2024-08-12T10:44:31]w321: Skipping dependency registration on package with no dependency providers: DotNet45
[0D78:0A2C][2024-08-12T10:44:31]i052: Condition 'NOT VersionNT64' evaluates to false.
[0D78:0A2C][2024-08-12T10:44:31]i204: Plan 3 msi features for package: SetupChipsetx86.msi
[0D78:0A2C][2024-08-12T10:44:31]i203: Planned feature: NullDriverFeature, state: Absent, default requested: Unknown, ba requested: Unknown, execute action: None, rollback action: None
[0D78:0A2C][2024-08-12T10:44:31]i203: Planned feature: PackageVersionFeature, state: Absent, default requested: Unknown, ba requested: Unknown, execute action: None, rollback action: None
[0D78:0A2C][2024-08-12T10:44:31]i203: Planned feature: LicenseAgreementFeature, state: Absent, default requested: Unknown, ba requested: Unknown, execute action: None, rollback action: None
[0D78:0A2C][2024-08-12T10:44:31]i052: Condition 'VersionNT64' evaluates to true.
[0D78:0A2C][2024-08-12T10:44:31]i204: Plan 3 msi features for package: SetupChipsetx64.msi
[0D78:0A2C][2024-08-12T10:44:31]i203: Planned feature: NullDriverFeature, state: Absent, default requested: Unknown, ba requested: Unknown, execute action: None, rollback action: None
[0D78:0A2C][2024-08-12T10:44:31]i203: Planned feature: PackageVersionFeature, state: Absent, default requested: Unknown, ba requested: Unknown, execute action: None, rollback action: None
[0D78:0A2C][2024-08-12T10:44:31]i203: Planned feature: LicenseAgreementFeature, state: Absent, default requested: Unknown, ba requested: Unknown, execute action: None, rollback action: None
[0D78:0A2C][2024-08-12T10:44:31]i000: Setting string variable 'WixBundleRollbackLog_SetupChipsetx64.msi' to value 'C:\Users\Me\AppData\Local\Temp\Intel\Logs\Chipset_20240812104322_0_SetupChipsetx64.msi_rollback.log'
[0D78:0A2C][2024-08-12T10:44:31]i000: Setting string variable 'WixBundleLog_SetupChipsetx64.msi' to value 'C:\Users\Me\AppData\Local\Temp\Intel\Logs\Chipset_20240812104322_0_SetupChipsetx64.msi.log'
[0D78:0A2C][2024-08-12T10:44:31]i201: Planned package: DotNet45, state: Present, default requested: Present, ba requested: Present, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[0D78:0A2C][2024-08-12T10:44:31]i201: Planned package: SetupChipsetx86.msi, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[0D78:0A2C][2024-08-12T10:44:31]i201: Planned package: SetupChipsetx64.msi, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
[0D78:0A2C][2024-08-12T10:44:31]i299: Plan complete, result: 0x0
[0D78:026C][2024-08-12T10:44:31]i000: Setting string variable 'IIF_MSI_SWITCHES' to value ''
[0D78:026C][2024-08-12T10:44:31]i000: ** MBA ** Getting window handle.
[0D78:026C][2024-08-12T10:44:31]i000: ** MBA ** Calling Engine.Apply(). Window handle: 66980
[0D78:0A2C][2024-08-12T10:44:31]i300: Apply begin
[2FDC:2A68][2024-08-12T10:44:31]i000: Caching bundle from: 'C:\Users\Me\AppData\Local\Temp\{fb610cea-ba50-4d4b-a717-cf025419035c}\.be\SetupChipset.exe' to: 'C:\ProgramData\Package Cache\{fb610cea-ba50-4d4b-a717-cf025419035c}\SetupChipset.exe'
[2FDC:2A68][2024-08-12T10:44:32]i320: Registering bundle dependency provider: {fb610cea-ba50-4d4b-a717-cf025419035c}, version: 10.1.1.13
[2FDC:1E5C][2024-08-12T10:44:32]i305: Verified acquired payload: SetupChipsetx64.msi at path: C:\ProgramData\Package Cache\.unverified\SetupChipsetx64.msi, moving to: C:\ProgramData\Package Cache\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}v10.1.1.13\SetupChipsetx64.msi.
[2FDC:1E5C][2024-08-12T10:44:32]i305: Verified acquired payload: cab4FADBDD6DC6637E75E196F741A3F14D1 at path: C:\ProgramData\Package Cache\.unverified\cab4FADBDD6DC6637E75E196F741A3F14D1, moving to: C:\ProgramData\Package Cache\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}v10.1.1.13\media1.cab.
[2FDC:2A68][2024-08-12T10:44:32]i323: Registering package dependency provider: {12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}, version: 10.1.1.13, package: SetupChipsetx64.msi
[2FDC:2A68][2024-08-12T10:44:32]i301: Applying execute package: SetupChipsetx64.msi, action: Install, path: C:\ProgramData\Package Cache\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}v10.1.1.13\SetupChipsetx64.msi, arguments: ' MSIFASTINSTALL="7" IIF_MSI_SWITCHES="" ARPSYSTEMCOMPONENT="1"'
[2FDC:2A68][2024-08-12T10:44:50]e000: Error 0x80070643: Failed to install MSI package.
[2FDC:2A68][2024-08-12T10:44:50]e000: Error 0x80070643: Failed to execute MSI package.
[0D78:0A2C][2024-08-12T10:44:50]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[0D78:0A2C][2024-08-12T10:44:50]i319: Applied execute package: SetupChipsetx64.msi, result: 0x80070643, restart: None
[0D78:0A2C][2024-08-12T10:44:50]e000: Error 0x80070643: Failed to execute MSI package.
[2FDC:2A68][2024-08-12T10:44:50]i301: Applying rollback package: SetupChipsetx64.msi, action: Uninstall, path: C:\ProgramData\Package Cache\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}v10.1.1.13\SetupChipsetx64.msi, arguments: ' MSIFASTINSTALL="7" IIF_MSI_SWITCHES="" ARPSYSTEMCOMPONENT="1"'
[2FDC:2A68][2024-08-12T10:44:55]e000: Error 0x80070643: Failed to uninstall MSI package.
[2FDC:2A68][2024-08-12T10:44:55]e000: Error 0x80070643: Failed to execute MSI package.
[0D78:0A2C][2024-08-12T10:44:55]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[0D78:0A2C][2024-08-12T10:44:55]i319: Applied rollback package: SetupChipsetx64.msi, result: 0x80070643, restart: None
[2FDC:2A68][2024-08-12T10:44:55]i329: Removed package dependency provider: {12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}, package: SetupChipsetx64.msi
[2FDC:2A68][2024-08-12T10:44:55]i351: Removing cached package: SetupChipsetx64.msi, from path: C:\ProgramData\Package Cache\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}v10.1.1.13\
[2FDC:2A68][2024-08-12T10:44:55]i329: Removed package dependency provider: {8709F669-4019-40E6-921C-4253A82D11F4}, package: SetupChipsetx86.msi
[2FDC:2A68][2024-08-12T10:44:55]i330: Removed bundle dependency provider: {fb610cea-ba50-4d4b-a717-cf025419035c}
[2FDC:2A68][2024-08-12T10:44:55]i352: Removing cached bundle: {fb610cea-ba50-4d4b-a717-cf025419035c}, from path: C:\ProgramData\Package Cache\{fb610cea-ba50-4d4b-a717-cf025419035c}\
[0D78:0A2C][2024-08-12T10:44:55]i000: ** MBA ** Apply complete. Status: '-2147023293' Restart: 'None' Result: 'None'
[0D78:0A2C][2024-08-12T10:44:55]i399: Apply complete, result: 0x80070643, restart: None, ba requested restart:  No
[0D78:026C][2024-08-12T10:44:55]e000: ** MBA ** Unknown error.

[regardingjoy]

I guess it needs the net framework from windows updates and driver can’t be installed first. Going on to windows updates.

[regardingjoy]

Says it's updates but I have gotten errors on every driver I try to install. Trying to update Microsoft store libraries to see if that helps.

[regardingjoy]

*updated

[regardingjoy]

Updated Microsoft store libraries. Intel drivers all still give errors. Desktop froze and went dark. Upon restart it booted to recovery. Set a system restore point just before this and had to do a system restore. 
The Intel Graphics Driver and OpenGL/Vulcan settings hotfix both downloaded through myasus. At least one installed by Windows Update. Not sure which drivers are left that I need. 
updates say they are finished l downloaded some programs after all was done, but I’m not opening or installing them until I am positive driver installation is finished. 
How can I tell which drivers I need? Several of the drivers for my model laptop at ASUS said my pc is not compatible