Autoruns Sysinternals and their VirusTotal hash submission feature is a godsend.

Ran Bitdefender Premium, McAfee, Norton, Kaspersky, Malwarebytes, Hitman Pro, TDSSKiller, and so many more. All came-up clean. The offline search for Bitdefender did alert me to a lot of RealTek folders being password protected, but that was the extend. All the others gave a clean bill of health.

Ran Autoruns Sysinternals and did the VirusTotal hash submission for all files and it was like a Christmas tree: Image Hijacks, RealTek audio rootkits, Google update rootkits, Windows Defender rootkits, you name it. I deleted them all. Now I've been going all day with no problems, no people taking control of my mouse and going to Russian websites directly in front of my eyes.

From the beginning, one day I saw my mouse moving and trying to log into my cryptocurrency wallets from within the laptop desktop. I'm like: whatttttttttttt is this? I went into the system folder and there was a Russian version of TeamViewer running in the background. When I tried to restart I saw that these invisible programs would be holding up the restart. Did some research and, yea, it was a rootkit that did a Teamviewer virtualization. I think I got it from my VPN dropping at a Starbucks. I actually had my VPN drop at the library the other day and during that 5 minute span I leaked my Facebook info. Within 2 minutes I got a message that I was trying to brute force from Florida, 3000 miles away.

Anyway, I did a reset and the rootkit blocked it after it installed it for an hour so after the reset all of my files were there and configurations were the same. I tried going into the Security user permissions and I noticed that a ton of TrustedInstaller permissions were set to special and that I, as the user/administrator, was blocked out of a ton of folders. So I had to reset that back into my control then updated the drivers. This would always be almost immediately undone. Several times I tried to uninstall a key rootkit program and the mouse would start shaking, like this Russian dude is trying to frustrate me to the point that I wouldn't be able to click to uninstall. Then my track pad was disabled so I had to plug in a usb mouse to gain control of the mouse. I actually got to the point where I thought I could do a fresh win 10 reinstall from a USB. Did that but almost immediately I saw that my mouse started moving again. I took the hard drive to be zeroed out, paid $50 to do so, and when I got it back I did a fresh USB reinstall and, again, the controlling my mouse was still there. At this point I was considering becoming a Linux/Mac user for life.

After putting in dozens of hours I tried Autoruns and was able to get insights into the offending programs. So once rootkit processes were disabled I restarted and, boom, I have control again. I think I've got it all, but in the past I thought I did and, lo and behold, after a few weeks my mouse was moving on its own again. But this time I think I've got it, given the sheer number of malware programs running. A toast to you Vlad, you may have won many battles, but I--it seems--have won the war.