Persistent root/bootkit that has tailored device firmware on my peripherals

[testuser7error@gmail.com]

I'm dealing with a variant of APT-28s root/bootkit payload that affects my windows 10 64-bit machine.
There is absolutely no way I can remove this with any known anti-virus out at the moment. I need someone to come take a look if it's possible to do something with a hand-made removal script.
I simply cannot do anything the traditional way in this case, yes APT-28/Sofacy has stolen crypto from me before and after a new computer this one has grabbed what looks like the same infection.
It's advanced stuff, if anyone is interested in taking a look I thank you in advance.

PM/email me.

[Curson]

Hi,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

[testuser7error@gmail.com]

https://diag.adlice.com/report.php?id=1222c75ab9a24257c8125c31707c7e38

[Curson]

Hi,

• Please download TDSSKiller and save it to your Desktop.
  
• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check Loaded Modules and Detect TDLFS file system. 
  
• If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
  
  
  
  
• Click Start Scan and allow the scan process to run.
  If threats are detected select Skip for all of them unless I instruct you otherwise.
  
• Click Continue
  
  
  
  
• Click Reboot computer
  

Please attach the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically C:\) in your next reply.

Regards.

[testuser7error@gmail.com]

Hi,

• Please download TDSSKiller and save it to your Desktop.
  
• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check Loaded Modules and Detect TDLFS file system. 
  
• If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
  
  
  
  
• Click Start Scan and allow the scan process to run.
  If threats are detected select Skip for all of them unless I instruct you otherwise.
  
• Click Continue
  
  
  
  
• Click Reboot computer
  

Please attach the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically C:\) in your next reply.

Regards.

Kaspersky found nothing. Rescue disk does not let me load. Yesterday Windows Defender detected a newer trojan version, I attached the trojan detection as well.
System is not clean though.

[testuser7error@gmail.com]

Also a newer scan of Roguekiller which catches suspicious registry edit.

https://diag.adlice.com/report.php?id=78e8d70c66c373a69b232faea26b7de8

Also an autorun analyze document by Comodo

[testuser7error@gmail.com]

Spybot logs & .reg files. This some wack shit yo

[Curson]

Hi,

These were likely false positives.
There is nothing suspicous in the logs you posted. Does your computer behave in a strange way ?

Regards.