C chased11 Active member Joined Sep 24, 2017 Posts 25 Jan 22, 2019 #1 Dear friends, I have for a long time seen my Win 10 Home installation been degraded. BSOD´s and latency-problems occuring, permissions changed, files missing etc etc. Using MBAR showed IMAGE FILE EXECUTION OPTIONS regarding MRT, MsMpEng and SvcHost, aka Trojan Agent and Security Hijack. Entries were deleted but I am not 100% sure they were not false positives. But I can still see i.e problems relating to Windows Defender etc. So I checked the booting process and found some interesting facts: ntbtlog shows that boot- and systems-files related to Win Defender "sometimes" at first boots allright but then the log tells me they don´t. Several tries occurs. We are talking about between 2-3 up to 16 attemts. Going further I used Autorun, Driverview and InstalledDriverList to find out more. Came to the fact-conclusion that WdBoot and HWPolicy are never booted which implies confirmation of the strange behavior of Win Defender and why my system/registry have been manipulated without giving me any clear messages or notice. Device Manager i.e lacks any info about installed drivers! Administrative Shares have been active(hidden) in spite of other settings. Windows Update is not working on Automat and new drivers are not installed on the same basis. Win Firewall is instable(graphic interface). Window Remote Management Service have since long been disabled by me. Today the system says this service is "disabled with delayed start"? InstalledDriverList also show there are 3 hidden dumpfiles(dumping original dump-files) in the booting process. dump_diskdump.sys dump_dumpfe.sys dump_storahei.sys My system is remotely controlled for sure. I have seen it live also, happening before my eyes. 4 ports are always open and while I was checking several connected IP-addresses without corresponding name-adress I found out their host certificates did not correspond to their IP-addresses. While I was doing this work my system started to respond strange. Normal sites that I visited started to give error-messages about safety(would not be reached by Firefox). Before I closed the internet-connection one of the open local ports readed "close combat". I can show several registry-settings that comply with the use of Remote Desktop control. Please help!