Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

EFI Bootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

EFI Bootkit

Unread postby security_runs_blue » January 9th, 2021, 10:55 pm

There's not much to say without going into 2 months of back history concerning this virus. This post is concerning my home desktop pc which was infected. The malware has survived multiple re-images, bios wipes and resets. All done with physical write protected firmware encrypted USB's. There is much more to the story but for now this is what it is. I've narrowed the infection to the the boot sector of the EFI the problem now is removing it, I'm not able to use flashboot to rewrite the BIOS due to the ME. I'm hoping someone can help me tackle this beast of a problem the last thing I want is to throw in the towel and replace the BIOS chip. I also have DMESG / ACPI / Interrupt logs available which might be more revealing then farbar.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021
Ran by Austin (administrator) on DESKTOP-NLVAP9M (ASUS All Series) (06-01-2021 04:16:13)
Running from C:\Users\Austin\Desktop\scan
Loaded Profiles: Austin
Platform: Windows 10 Pro Version 20H2 19042.631 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FAC1B17-C352-4C15-A780-4BCD97D1B6F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7535D3B1-9DB1-4308-8445-EF83A89F9FA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {826624B9-505D-4474-B20A-B227CDD66924} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [133736600 2021-01-05] (Microsoft Windows -> Microsoft Corporation)
Task: {92366DD0-AD34-4204-B53E-6E2B30B0E70C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9ED8F5CD-D65B-4D7F-AA5E-50F50951D036} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-05] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.25.173
Tcpip\..\Interfaces\{4353ef80-64e0-46e9-b3be-8054c46080e4}: [DhcpNameServer] 192.168.25.173

Edge:
======
Edge Profile: C:\Users\Austin\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-05]
Edge HomePage: Default -> hxxp://www.google.com/

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [42488 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [826360 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
S3 MpKsld31559e4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{437C2E4B-193C-48C9-AF4D-E8B235830962}\MpKslDrv.sys [91376 2021-01-05] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2021-01-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2028-11-19 10:37 - 2028-11-19 10:37 - 000000000 ___SD C:\Windows\SysWOW64\lxss
2028-11-19 10:37 - 2028-11-19 10:37 - 000000000 ___SD C:\Windows\system32\lxss
2021-01-06 04:15 - 2021-01-06 04:16 - 000000000 ____D C:\Users\Austin\Desktop\scan
2021-01-06 04:11 - 2021-01-06 04:17 - 000000000 ____D C:\FRST
2021-01-06 04:07 - 2021-01-06 04:07 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-06 04:05 - 2021-01-06 04:11 - 000249632 _____ C:\Windows\ntbtlog.txt
2021-01-05 16:37 - 2021-01-05 16:37 - 000004122 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{09BF61D2-8D29-4332-904A-E0701F502A09}
2021-01-05 16:33 - 2021-01-05 16:33 - 000000000 ____D C:\Users\Austin\AppData\Local\PeerDistRepub
2021-01-05 16:32 - 2021-01-05 16:32 - 000000000 ____D C:\New folder
2021-01-05 05:48 - 2021-01-05 05:49 - 000000000 ____D C:\Windows\system32\MRT
2021-01-05 05:38 - 2021-01-05 05:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd
2021-01-05 05:38 - 2021-01-05 05:38 - 000000000 ____D C:\Program Files\Ext2Fsd
2021-01-05 05:38 - 2017-11-02 13:53 - 000826360 _____ (www.ext2fsd.com) C:\Windows\system32\Drivers\ext2fsd.sys
2021-01-05 05:33 - 2021-01-05 05:33 - 002679928 _____ (Ext2Fsd Group ) C:\Users\Austin\Downloads\Ext2Fsd-0.69.exe
2021-01-05 05:15 - 2021-01-05 05:15 - 000000000 ___HD C:\$WinREAgent
2021-01-05 05:11 - 2021-01-05 05:30 - 000000000 ____D C:\Users\Austin\AppData\Local\PlaceholderTileLogoFolder
2020-11-19 01:33 - 2020-11-19 02:00 - 000033186 _____ C:\Users\Austin\Desktop\newtest.txt
2020-11-19 01:08 - 2020-11-19 01:08 - 000001176 _____ C:\Users\Austin\Desktop\test2.txt
2020-11-19 00:37 - 2021-01-05 16:25 - 000003618 _____ C:\Users\Austin\Desktop\test.txt
2020-11-19 00:26 - 2020-11-19 00:26 - 000000000 ____D C:\Users\Austin\AppData\Local\Comms
2020-11-19 00:00 - 2021-01-05 05:11 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-864308899-1269609554-1642943260-1001
2020-11-19 00:00 - 2021-01-05 05:11 - 000000000 ___RD C:\Users\Austin\OneDrive
2020-11-18 23:59 - 2020-11-18 23:59 - 000000000 ____D C:\Users\Austin\AppData\Local\Publishers
2020-11-18 23:58 - 2021-01-06 04:07 - 000000000 ____D C:\Users\Austin
2020-11-18 23:58 - 2021-01-05 16:07 - 000000000 ____D C:\Users\Austin\AppData\Local\ConnectedDevicesPlatform
2020-11-18 23:58 - 2021-01-05 05:19 - 000000000 ____D C:\Users\Austin\AppData\Local\Packages
2020-11-18 23:58 - 2021-01-05 05:11 - 000002366 _____ C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-11-18 23:58 - 2020-11-18 23:58 - 000000020 ___SH C:\Users\Austin\ntuser.ini
2020-11-18 23:58 - 2020-11-18 23:58 - 000000000 ___RD C:\Users\Austin\3D Objects
2020-11-18 23:58 - 2020-11-18 23:58 - 000000000 ____D C:\Windows\CSC
2020-11-18 23:58 - 2020-11-18 23:58 - 000000000 ____D C:\Users\Austin\AppData\Roaming\Adobe
2020-11-18 23:58 - 2020-11-18 23:58 - 000000000 ____D C:\Users\Austin\AppData\Local\VirtualStore
2020-11-18 23:56 - 2020-11-18 23:56 - 000000000 _SHDL C:\Documents and Settings
2020-11-18 23:54 - 2021-01-06 04:09 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-18 23:54 - 2021-01-06 04:05 - 000008192 ___SH C:\DumpStack.log.tmp
2020-11-18 23:54 - 2020-11-18 23:54 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-864308899-1269609554-1642943260-500
2020-11-18 23:54 - 2020-11-18 23:54 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-11-18 23:52 - 2020-11-18 23:52 - 000003392 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2581045244-1966194565-327955926-500
2020-11-18 23:49 - 2020-11-18 23:49 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-11-18 23:48 - 2021-01-05 05:19 - 000000000 ____D C:\ProgramData\Packages
2020-11-18 23:48 - 2021-01-05 05:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-18 23:46 - 2021-01-05 05:18 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-18 23:46 - 2021-01-05 05:18 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-18 23:46 - 2020-11-18 23:56 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-18 23:46 - 2020-11-18 23:56 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-18 23:43 - 2021-01-06 04:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-11-18 23:43 - 2021-01-05 16:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-18 23:43 - 2021-01-05 05:23 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-11-18 23:43 - 2020-11-18 23:54 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2020-11-18 23:43 - 2020-11-18 23:43 - 000000000 ____D C:\Windows\ServiceProfiles
2020-11-18 18:53 - 2020-11-18 18:53 - 000000000 ____D C:\ProgramData\ssh
2020-11-18 18:50 - 2020-11-18 18:50 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-11-18 18:50 - 2020-11-18 18:50 - 000580096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2020-11-18 18:50 - 2020-11-18 18:50 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2020-11-18 18:50 - 2020-11-18 18:50 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll
2020-11-18 18:50 - 2020-11-18 18:50 - 000204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2020-11-18 18:50 - 2020-11-18 18:50 - 000137016 _____ C:\Windows\system32\HvsiManagementApi.dll
2020-11-18 18:50 - 2020-11-18 18:50 - 000111616 _____ C:\Windows\system32\RDVGHelper.exe
2020-11-18 18:50 - 2020-11-18 18:50 - 000101688 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 004898144 _____ (Microsoft Corporation) C:\Windows\system32\rtmpltfm.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 003860832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpltfm.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-11-18 18:49 - 2020-11-18 18:49 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 001822256 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-11-18 18:49 - 2020-11-18 18:49 - 001393472 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-11-18 18:49 - 2020-11-18 18:49 - 001354080 _____ (Microsoft Corporation) C:\Windows\system32\rtmpal.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 001333248 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 001309504 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2020-11-18 18:49 - 2020-11-18 18:49 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2020-11-18 18:49 - 2020-11-18 18:49 - 001091936 _____ (Microsoft Corporation) C:\Windows\system32\rtmcodecs.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 001032544 _____ (Microsoft Corporation) C:\Windows\system32\ortcengine.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000980320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpal.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000915296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmcodecs.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000732000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ortcengine.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000707544 _____ C:\Windows\system32\TextShaping.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000645120 _____ C:\Windows\system32\WindowManagementAPI.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2020-11-18 18:49 - 2020-11-18 18:49 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2020-11-18 18:49 - 2020-11-18 18:49 - 000455168 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2020-11-18 18:49 - 2020-11-18 18:49 - 000306176 _____ C:\Windows\system32\HeatCore.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2020-11-18 18:49 - 2020-11-18 18:49 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000266240 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2020-11-18 18:49 - 2020-11-18 18:49 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2020-11-18 18:49 - 2020-11-18 18:49 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2020-11-18 18:49 - 2020-11-18 18:49 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2020-11-18 18:49 - 2020-11-18 18:49 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-11-18 18:49 - 2020-11-18 18:49 - 000112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
2020-11-18 18:49 - 2020-11-18 18:49 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb
2020-11-18 18:49 - 2020-11-18 18:49 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-11-18 18:49 - 2020-11-18 18:49 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-11-18 18:49 - 2020-11-18 18:49 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2020-11-18 18:49 - 2020-11-18 18:49 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2020-11-18 18:49 - 2020-11-18 18:49 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-11-18 18:49 - 2020-11-18 18:49 - 000056672 _____ (Microsoft Corporation) C:\Windows\system32\rtmmvrortc.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000055376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmmvrortc.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000047472 _____ C:\Windows\SysWOW64\umpdc.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000045880 _____ C:\Windows\system32\HvSocket.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000029696 _____ (The ICU Project) C:\Windows\system32\icuuc.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000025088 _____ (The ICU Project) C:\Windows\system32\icuin.dll
2020-11-18 18:49 - 2020-11-18 18:49 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
2020-11-18 18:49 - 2020-11-18 18:49 - 000009391 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-11-18 18:48 - 2020-11-18 18:48 - 004227116 _____ C:\Windows\system32\DefaultHrtfs.bin
2020-11-18 18:48 - 2020-11-18 18:48 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2020-11-18 18:48 - 2020-11-18 18:48 - 000455168 _____ C:\Windows\system32\ssdm.dll
2020-11-18 18:48 - 2020-11-18 18:48 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-18 18:48 - 2020-11-18 18:48 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-11-18 18:48 - 2020-11-18 18:48 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-11-18 18:48 - 2020-11-18 18:48 - 000165376 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2020-11-18 18:48 - 2020-11-18 18:48 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-11-18 18:48 - 2020-11-18 18:48 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-11-18 18:48 - 2020-11-18 18:48 - 000064552 _____ C:\Windows\system32\umpdc.dll
2020-11-18 18:48 - 2020-11-18 18:48 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2020-11-18 18:48 - 2020-11-18 18:48 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-11-18 15:26 - 2019-12-07 01:08 - 000413738 __RSH C:\bootmgr
2020-11-18 15:26 - 2019-12-07 01:08 - 000000001 ___SH C:\BOOTNXT

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2028-11-19 10:37 - 2019-12-07 01:09 - 000222008 _____ (Microsoft Corporation) C:\Windows\system32\NetMgmtIF.dll
2028-11-19 10:37 - 2019-12-07 01:09 - 000151352 _____ C:\Windows\system32\nmscrub.exe
2028-11-19 10:37 - 2019-12-07 01:09 - 000142648 _____ (Microsoft Corporation) C:\Windows\system32\nmbind.exe
2028-11-19 10:37 - 2019-12-07 01:09 - 000123704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2028-11-19 10:37 - 2019-12-07 01:09 - 000107048 _____ (Microsoft Corporation) C:\Windows\system32\p9np.dll
2028-11-19 10:37 - 2019-12-07 01:09 - 000091152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\p9rdr.sys
2028-11-19 10:37 - 2019-12-07 01:09 - 000081208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p9np.dll
2028-11-19 10:37 - 2019-12-07 01:09 - 000015880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxss.sys
2028-11-19 10:33 - 2019-12-06 23:29 - 000000000 ____D C:\Windows\Panther
2021-01-06 04:12 - 2019-12-07 01:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-01-06 04:12 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2021-01-05 16:33 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-05 16:33 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2021-01-05 16:06 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2021-01-05 16:06 - 2019-12-07 01:03 - 000262144 _____ C:\Windows\system32\config\BBI
2021-01-05 05:30 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-05 05:23 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {35e178f8-18c3-11ea-853f-b50a1afdc935}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {35e178fa-18c3-11ea-853f-b50a1afdc935}
displaymessageoverride Recovery
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {35e178f8-18c3-11ea-853f-b50a1afdc935}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {35e178fa-18c3-11ea-853f-b50a1afdc935}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{35e178fb-18c3-11ea-853f-b50a1afdc935}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{35e178fb-18c3-11ea-853f-b50a1afdc935}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {35e178f8-18c3-11ea-853f-b50a1afdc935}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {35e178fa-18c3-11ea-853f-b50a1afdc935}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {35e178fb-18c3-11ea-853f-b50a1afdc935}
description Windows Recovery
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by Austin (06-01-2021 04:18:42)
Running from C:\Users\Austin\Desktop\scan
Windows 10 Pro Version 20H2 19042.631 (X64) (2020-11-19 07:56:29)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-864308899-1269609554-1642943260-500 - Administrator - Disabled)
Austin (S-1-5-21-864308899-1269609554-1642943260-1001 - Administrator - Enabled) => C:\Users\Austin
DefaultAccount (S-1-5-21-864308899-1269609554-1642943260-503 - Limited - Disabled)
Guest (S-1-5-21-864308899-1269609554-1642943260-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-864308899-1269609554-1642943260-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ext2Fsd 0.69 (HKLM\...\Ext2Fsd_is1) (Version: 0.69 - Matt Wu)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-864308899-1269609554-1642943260-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2019-12-07] (Skype)
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2020.812.0_x64__79rhkp1fndgsc [2021-01-05] (Canonical Group Limited)
Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-864308899-1269609554-1642943260-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-01-2021 05:13:45 Windows Update
19-11-2028 10:37:23 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: USB Root Hub (USB 3.0)
Description: USB Root Hub (USB 3.0)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB HUBs)
Service: USBHUB3
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: System Interrupt Controller
Description: System Interrupt Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/05/2021 04:37:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IESettingSync.exe, version: 11.0.19041.610, time stamp: 0xed1188fb
Faulting module name: IESettingSync.exe, version: 11.0.19041.610, time stamp: 0xed1188fb
Exception code: 0xc0000005
Fault offset: 0x0000000000025982
Faulting process id: 0x230c
Faulting application start time: 0x01d6e3c41c2fdfad
Faulting application path: C:\Windows\system32\IESettingSync.exe
Faulting module path: C:\Windows\system32\IESettingSync.exe
Report Id: 0e192eaa-ce1b-44f4-a78d-57d187c34a16
Faulting package full name:
Faulting package-relative application ID:

Error: (01/05/2021 05:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-NLVAP9M)
Description: Microsoft.VCLibs.140.00_8wekyb3d8bbwe-2147024893

Error: (01/05/2021 05:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-NLVAP9M)
Description: Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe-2147024893

Error: (01/05/2021 05:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-NLVAP9M)
Description: Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe-2147024893

Error: (01/05/2021 05:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-NLVAP9M)
Description: Microsoft.Services.Store.Engagement_8wekyb3d8bbwe-2147024893

Error: (01/05/2021 05:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-NLVAP9M)
Description: Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe-2147024893

Error: (01/05/2021 05:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-NLVAP9M)
Description: Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe-2147024893

Error: (01/05/2021 05:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-NLVAP9M)
Description: Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe-2147024893


System errors:
=============
Error: (01/06/2021 04:18:42 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NLVAP9M)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/06/2021 04:17:10 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NLVAP9M)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/06/2021 04:17:00 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NLVAP9M)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/06/2021 04:17:00 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NLVAP9M)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/06/2021 04:16:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NLVAP9M)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/06/2021 04:16:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NLVAP9M)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/06/2021 04:16:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NLVAP9M)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/06/2021 04:16:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NLVAP9M)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


Windows Defender:
===================================
Date: 2021-01-06 04:15:32.8740000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1700.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2021-01-06 04:05:30.9210000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-01-05 16:17:42.0470000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1700.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-01-05 05:36:41.1550000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1700.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-01-05 05:22:34.6240000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 4101 07/10/2019
Motherboard: ASUSTeK COMPUTER INC. SABERTOOTH X99
Processor: Intel® Core™ i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 32%
Total physical RAM: 8102.7 MB
Available physical RAM: 5505.78 MB
Total Virtual: 9382.7 MB
Available Virtual: 7035.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:437.13 GB) NTFS
Drive d: () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
Drive e: (ESD-USB) (Removable) (Total:14.42 GB) (Free:4.05 GB) FAT32

\\?\Volume{05539dea-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: EA40FEE3)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 05539DEA)
Partition 1: (Active) - (Size=50 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=499 MB) - (Type=27)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 14.4 GB) (Disk ID: F6F0BBE7)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0C)

==================== End of Addition.txt =======================


ListParts by Farbar Version: 31-07-2014
Ran by Austin (administrator) on 06-01-2021 at 04:23:06
WIN_81 (X64)
Running From: C:\Users\Austin\Desktop\scan
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 8102.7 MB
Available physical RAM: 5462.41 MB
Total Pagefile: 9382.7 MB
Available Pagefile: 7000.32 MB
Total Virtual: 131072 MB
Available Virtual: 131067.83 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.22 GB) (Free:437.12 GB) NTFS
2 Drive d: () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
3 Drive e: (ESD-USB) (Removable) (Total:14.42 GB) (Free:4.05 GB) FAT32


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 476 GB 476 GB
Disk 1 Online 465 GB 1024 KB
Disk 2 Online 14 GB 0 B

Partitions of Disk 0:
===============


Disk ID: EA40FEE3

There are no partitions on this disk to show.

======================================================================================================

Partitions of Disk 1:
===============


Disk ID: 05539DEA

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 50 MB 1024 KB
Partition 2 Primary 465 GB 51 MB
Partition 3 Recovery 499 MB 465 GB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 System Rese NTFS Partition 50 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 465 GB Healthy Boot

======================================================================================================

Disk: 1
Partition 3
Type : 27
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 499 MB Healthy Hidden

======================================================================================================

Partitions of Disk 2:
===============


Disk ID: F6F0BBE7

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E ESD-USB FAT32 Removable 14 GB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: EA40FEE3

==============================
Partitions of Disk 1:
===============
Disk ID: 05539DEA
Partition 1: (Active) - (Size=50 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=499 MB) - (Type=27)

==============================
Partitions of Disk 2:
===============
Disk ID: F6F0BBE7
Partition 1: (Active) - (Size=14 GB) - (Type=0C)


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {35e178f8-18c3-11ea-853f-b50a1afdc935}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {35e178fa-18c3-11ea-853f-b50a1afdc935}
displaymessageoverride Recovery
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {35e178f8-18c3-11ea-853f-b50a1afdc935}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {35e178fa-18c3-11ea-853f-b50a1afdc935}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{35e178fb-18c3-11ea-853f-b50a1afdc935}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{35e178fb-18c3-11ea-853f-b50a1afdc935}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {35e178f8-18c3-11ea-853f-b50a1afdc935}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {35e178fa-18c3-11ea-853f-b50a1afdc935}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {35e178fb-18c3-11ea-853f-b50a1afdc935}
description Windows Recovery
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

Device:
DevInst: 1
DevInstParent: 4
DevicePath: \\?\usb#vid_1a2c&pid_2d43#6&f58aefc&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
DeviceDescription: USB Composite Device
FriendlyName:
LocationInformation: Port_#0004.Hub_#0003
PDOName: \Device\USBPDO-5
ClassGuid: {36fc9e60-c465-11cf-8056-444553540000} (class=USB)
InterfaceClassGuid: {a5dcbf10-6530-11d2-901f-00c04fb951ed} (iface=GUID_DEVINTERFACE_USB_DEVICE)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 1(DevInstId: USB\VID_1A2C&PID_2D43\6&F58AEFC&0&4)
DevInst: 5(DevInstId: USB\VID_1A2C&PID_2D43&MI_00\7&4D1E52E&0&0000)
DevInst: 6(DevInstId: HID\VID_1A2C&PID_2D43&MI_00\8&231FAE75&0&0000)
DevInst: 7(DevInstId: USB\VID_1A2C&PID_2D43&MI_01\7&4D1E52E&0&0001)
DevInst: 8(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL01\8&FEF9237&0&0000)
DevInst: 9(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL02\8&FEF9237&0&0001)
DevInst: 10(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL03\8&FEF9237&0&0002)
DevInst: 11(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL04\8&FEF9237&0&0003)
DevInst: 12(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL05\8&FEF9237&0&0004)
DevInst: 13(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL06\8&FEF9237&0&0005)
VID: 0x1a2c
PID: 0x2d43
Serial:

Device:
DevInst: 2
DevInstParent: 14
DevicePath: \\?\usb#vid_275d&pid_0ba6#5&1cc0e58a&1&14#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
DeviceDescription: USB Input Device
FriendlyName:
LocationInformation: Port_#0014.Hub_#0001
PDOName: \Device\USBPDO-4
ClassGuid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} (class=HIDClass)
InterfaceClassGuid: {a5dcbf10-6530-11d2-901f-00c04fb951ed} (iface=GUID_DEVINTERFACE_USB_DEVICE)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 2(DevInstId: USB\VID_275D&PID_0BA6\5&1CC0E58A&1&14)
DevInst: 15(DevInstId: HID\VID_275D&PID_0BA6\6&2E8F1D98&0&0000)
VID: 0x275d
PID: 0x0ba6
Serial:

Device:
DevInst: 3
DevInstParent: 14
DevicePath: \\?\usb#vid_1e1d&pid_1105#0700070897fc2722b855#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
DeviceDescription: USB Mass Storage Device
FriendlyName:
LocationInformation: Port_#0020.Hub_#0001
PDOName: \Device\USBPDO-6
ClassGuid: {36fc9e60-c465-11cf-8056-444553540000} (class=USB)
InterfaceClassGuid: {a5dcbf10-6530-11d2-901f-00c04fb951ed} (iface=GUID_DEVINTERFACE_USB_DEVICE)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 3(DevInstId: USB\VID_1E1D&PID_1105\0700070897FC2722B855)
DevInst: 16(DevInstId: USBSTOR\DISK&VEN_KANGURU&PROD_FLASH_TRUST&REV_PMAP\0700070897FC2722B855&0)
VID: 0x1e1d
PID: 0x1105
Serial: 0700070897FC2722B855
USBSTOR:
DevInst: 16
DevInstParent: 3
DevicePath: \\?\usbstor#disk&ven_kanguru&prod_flash_trust&rev_pmap#0700070897fc2722b855&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
DeviceDescription: Disk drive
FriendlyName: Kanguru Flash Trust USB Device
LocationInformation:
PDOName: \Device\0000004c
ClassGuid: {4d36e967-e325-11ce-bfc1-08002be10318} (class=DiskDrive)
InterfaceClassGuid: {53f56307-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_DISK)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 16(DevInstId: USBSTOR\DISK&VEN_KANGURU&PROD_FLASH_TRUST&REV_PMAP\0700070897FC2722B855&0)
Product Name: Flash Trust
Vendor Name: Kanguru
Serial:
Device Number (index in interface): 2
Drive Letter: E
Dos Device Name: \Device\HarddiskVolume5
Volume Name: \\?\Volume{24864d7c-4fb3-11eb-ba76-14dda9ee8f54}\
DriveType: DRIVE_REMOVABLE
StorInterfaceClassGuid: {53f56307-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_DISK)
Total Bytes: 15484321792
Free Bytes: 4343767040
VOLUME:
DevInst: 22
DevInstParent: 23
DevicePath: \\?\storage#volume#_??_usbstor#disk&ven_kanguru&prod_flash_trust&rev_pmap#0700070897fc2722b855&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
DeviceDescription: Volume
FriendlyName:
LocationInformation:
PDOName: \Device\HarddiskVolume5
ClassGuid: {71a27cdd-812a-11d0-bec7-08002be2092f} (class=Volume)
InterfaceClassGuid: {53f5630d-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_VOLUME)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 22(DevInstId: STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_KANGURU&PROD_FLASH_TRUST&REV_PMAP#0700070897FC2722B855&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B})
Device Number (index in interface): 2
Drive Letter: E
Dos Device Name: \Device\HarddiskVolume5
Volume Name: \\?\Volume{24864d7c-4fb3-11eb-ba76-14dda9ee8f54}\
DriveType: DRIVE_REMOVABLE
StorInterfaceClassGuid: {53f56307-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_DISK)
Total Bytes: 15484321792
Free Bytes: 4343767040

----- map VolumeName with drive letter:-----
letter C: driveType:DRIVE_FIXED DeviceNumber 1 DosName \Device\HarddiskVolume2
letter D: driveType:DRIVE_FIXED DeviceNumber 1 DosName \Device\HarddiskVolume3
letter E: driveType:DRIVE_REMOVABLE DeviceNumber 2 DosName \Device\HarddiskVolume5
letter H: driveType:DRIVE_NO_ROOT_DIR DeviceNumber 4294967295 DosName \Device\HarddiskVolume4


----- Add devices:-----
DevInst: 1
DevInstParent: 4
DevicePath: \\?\usb#vid_1a2c&pid_2d43#6&f58aefc&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
DeviceDescription: USB Composite Device
FriendlyName:
LocationInformation: Port_#0004.Hub_#0003
PDOName: \Device\USBPDO-5
ClassGuid: {36fc9e60-c465-11cf-8056-444553540000} (class=USB)
InterfaceClassGuid: {a5dcbf10-6530-11d2-901f-00c04fb951ed} (iface=GUID_DEVINTERFACE_USB_DEVICE)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 1(DevInstId: USB\VID_1A2C&PID_2D43\6&F58AEFC&0&4)
DevInst: 5(DevInstId: USB\VID_1A2C&PID_2D43&MI_00\7&4D1E52E&0&0000)
DevInst: 6(DevInstId: HID\VID_1A2C&PID_2D43&MI_00\8&231FAE75&0&0000)
DevInst: 7(DevInstId: USB\VID_1A2C&PID_2D43&MI_01\7&4D1E52E&0&0001)
DevInst: 8(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL01\8&FEF9237&0&0000)
DevInst: 9(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL02\8&FEF9237&0&0001)
DevInst: 10(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL03\8&FEF9237&0&0002)
DevInst: 11(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL04\8&FEF9237&0&0003)
DevInst: 12(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL05\8&FEF9237&0&0004)
DevInst: 13(DevInstId: HID\VID_1A2C&PID_2D43&MI_01&COL06\8&FEF9237&0&0005)
VID: 0x1a2c
PID: 0x2d43
Serial:

DevInst: 2
DevInstParent: 14
DevicePath: \\?\usb#vid_275d&pid_0ba6#5&1cc0e58a&1&14#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
DeviceDescription: USB Input Device
FriendlyName:
LocationInformation: Port_#0014.Hub_#0001
PDOName: \Device\USBPDO-4
ClassGuid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} (class=HIDClass)
InterfaceClassGuid: {a5dcbf10-6530-11d2-901f-00c04fb951ed} (iface=GUID_DEVINTERFACE_USB_DEVICE)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 2(DevInstId: USB\VID_275D&PID_0BA6\5&1CC0E58A&1&14)
DevInst: 15(DevInstId: HID\VID_275D&PID_0BA6\6&2E8F1D98&0&0000)
VID: 0x275d
PID: 0x0ba6
Serial:

DevInst: 3
DevInstParent: 14
DevicePath: \\?\usb#vid_1e1d&pid_1105#0700070897fc2722b855#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
DeviceDescription: USB Mass Storage Device
FriendlyName:
LocationInformation: Port_#0020.Hub_#0001
PDOName: \Device\USBPDO-6
ClassGuid: {36fc9e60-c465-11cf-8056-444553540000} (class=USB)
InterfaceClassGuid: {a5dcbf10-6530-11d2-901f-00c04fb951ed} (iface=GUID_DEVINTERFACE_USB_DEVICE)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 3(DevInstId: USB\VID_1E1D&PID_1105\0700070897FC2722B855)
DevInst: 16(DevInstId: USBSTOR\DISK&VEN_KANGURU&PROD_FLASH_TRUST&REV_PMAP\0700070897FC2722B855&0)
VID: 0x1e1d
PID: 0x1105
Serial: 0700070897FC2722B855



----- Add stores:-----
----- GUID_DEVINTERFACE_DISK:-----
DevInst: 16
DevInstParent: 3
DevicePath: \\?\usbstor#disk&ven_kanguru&prod_flash_trust&rev_pmap#0700070897fc2722b855&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
DeviceDescription: Disk drive
FriendlyName: Kanguru Flash Trust USB Device
LocationInformation:
PDOName: \Device\0000004c
ClassGuid: {4d36e967-e325-11ce-bfc1-08002be10318} (class=DiskDrive)
InterfaceClassGuid: {53f56307-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_DISK)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 16(DevInstId: USBSTOR\DISK&VEN_KANGURU&PROD_FLASH_TRUST&REV_PMAP\0700070897FC2722B855&0)
Product Name: Flash Trust
Vendor Name: Kanguru
Serial:
Device Number (index in interface): 2
Drive Letter: _
Dos Device Name:
Volume Name:
DriveType: DRIVE_UNKNOWN
StorInterfaceClassGuid: {00000000-0000-0000-0000-000000000000} (iface=)
Total Bytes: 0
Free Bytes: 0

----- GUID_DEVINTERFACE_CDROM:-----
----- GUID_DEVINTERFACE_FLOPPY:-----


----- Add volumes to stores:-----
DevInst: 19
DevInstParent: 23
DevicePath: \\?\storage#volume#{6cda1d33-2a3c-11eb-ba70-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
DeviceDescription: Volume
FriendlyName:
LocationInformation:
PDOName: \Device\HarddiskVolume1
ClassGuid: {71a27cdd-812a-11d0-bec7-08002be2092f} (class=Volume)
InterfaceClassGuid: {53f5630d-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_VOLUME)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 19(DevInstId: STORAGE\VOLUME\{6CDA1D33-2A3C-11EB-BA70-806E6F6E6963}#0000000000100000)
Device Number (index in interface): 4294967295
Drive Letter: _
Dos Device Name:
Volume Name: <failed to map VolInfo for VolName=\\?\Volume{05539dea-0000-0000-0000-100000000000}\!!!> Mountpoint=\\?\storage#volume#{6cda1d33-2a3c-11eb-ba70-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ winErr=234
DriveType: DRIVE_UNKNOWN
StorInterfaceClassGuid: {00000000-0000-0000-0000-000000000000} (iface=)
Total Bytes: 0
Free Bytes: 0

DevInst: 20
DevInstParent: 23
DevicePath: \\?\storage#volume#{6cda1d33-2a3c-11eb-ba70-806e6f6e6963}#0000000003300000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
DeviceDescription: Volume
FriendlyName:
LocationInformation:
PDOName: \Device\HarddiskVolume2
ClassGuid: {71a27cdd-812a-11d0-bec7-08002be2092f} (class=Volume)
InterfaceClassGuid: {53f5630d-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_VOLUME)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 20(DevInstId: STORAGE\VOLUME\{6CDA1D33-2A3C-11EB-BA70-806E6F6E6963}#0000000003300000)
DevInst: 24(DevInstId: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1)
DevInst: 25(DevInstId: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2)
Device Number (index in interface): 1
Drive Letter: C
Dos Device Name: \Device\HarddiskVolume2
Volume Name: \\?\Volume{05539dea-0000-0000-0000-300300000000}\
DriveType: DRIVE_FIXED
StorInterfaceClassGuid: {53f56307-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_DISK)
Total Bytes: 499528343552
Free Bytes: 469334097920

DevInst: 21
DevInstParent: 23
DevicePath: \\?\storage#volume#{6cda1d33-2a3c-11eb-ba70-806e6f6e6963}#0000007451700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
DeviceDescription: Volume
FriendlyName:
LocationInformation:
PDOName: \Device\HarddiskVolume3
ClassGuid: {71a27cdd-812a-11d0-bec7-08002be2092f} (class=Volume)
InterfaceClassGuid: {53f5630d-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_VOLUME)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 21(DevInstId: STORAGE\VOLUME\{6CDA1D33-2A3C-11EB-BA70-806E6F6E6963}#0000007451700000)
Device Number (index in interface): 1
Drive Letter: D
Dos Device Name: \Device\HarddiskVolume3
Volume Name: \\?\Volume{05539dea-0000-0000-0000-705174000000}\
DriveType: DRIVE_FIXED
StorInterfaceClassGuid: {53f56307-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_DISK)
Total Bytes: 523235328
Free Bytes: 86888448

DevInst: 22
DevInstParent: 23
DevicePath: \\?\storage#volume#_??_usbstor#disk&ven_kanguru&prod_flash_trust&rev_pmap#0700070897fc2722b855&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
DeviceDescription: Volume
FriendlyName:
LocationInformation:
PDOName: \Device\HarddiskVolume5
ClassGuid: {71a27cdd-812a-11d0-bec7-08002be2092f} (class=Volume)
InterfaceClassGuid: {53f5630d-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_VOLUME)
Interface Flags: 1 The device is active.
Connectivity Subtree:
DevInst: 22(DevInstId: STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_KANGURU&PROD_FLASH_TRUST&REV_PMAP#0700070897FC2722B855&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B})
Device Number (index in interface): 2
Drive Letter: E
Dos Device Name: \Device\HarddiskVolume5
Volume Name: \\?\Volume{24864d7c-4fb3-11eb-ba76-14dda9ee8f54}\
DriveType: DRIVE_REMOVABLE
StorInterfaceClassGuid: {53f56307-b6bf-11d0-94f2-00a0c91efb8b} (iface=GUID_DEVINTERFACE_DISK)
Total Bytes: 15484321792
Free Bytes: 4343767040

----- Enumeration Done with success-----
security_runs_blue
Active Member
 
Posts: 2
Joined: January 9th, 2021, 10:30 pm
Advertisement
Register to Remove

Re: EFI Bootkit

Unread postby mAL_rEm018 » January 10th, 2021, 4:42 pm

Posting at multiple forums

You have already started a topic regarding this problem at another forum:
possible bios bootkit, please prove me wrong

May I draw your attention to the ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.
See the section here where we tell you why this is not a good idea.


This topic is now closed
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2623
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware