Jump to content

Recommended Posts

hello and thank you in advance for your help in resolving this 

I have been battling this thing for well over a year and finally decided to buy another lap top and just start from scratch. upon logging onto the new PC I stupidly added my Microsoft account and the new lap top went haywire. CPU at 100 % Disk at 100 % all types of network activity. It renders me unable to boot into safe mode saying my pass word is incorrect. It seems to create a VM for me to live in and goes out of its way to make all the screens seem legitimate when it tells me that my IT admin has control of these settings (nearly everything is greyed out within important settings) MBAM finds nothing because I don't think it is actually running MBAM but only a virtual clone of it. GMER goes nuts identifying things until it eventually fails and closes. I am tired of all of this and have contemplated just starting anew with a fresh ms account but this one has all of my xbox titles on it and I don't want to go in that direction if I don't have to, It also seems to survive deleting and repartitioning the hard drive and I believe it is within my one drive as well as my android phone. Please help me rid the world of this garbage. I have the MWB support tool zip  would you like that to begin ? Im sorry I looked for the instructions of how and what to post and the rules and such but this is my first time doing any type of forum posting and to be honest I don't really know how to use/interact with them properly. forgive me  

thank you


Link to post
Share on other sites
  • Root Admin

Hello @kevinbadrootkit

Let me have you run the following and we'll see what we can find


Please run the following steps and post back the logs as an attachment when ready.


  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.


Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.


RESTART THE COMPUTER Before running Step 3

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.



Link to post
Share on other sites
  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Thank you




Link to post
Share on other sites

please note that I am unable to start windows defender as the option to do so is greyed out also messages keep popping up saying that the fire wall isn't on yet depending on how I access the options one says it is working and one says it is not 

MB is the only program that will come back 

also this weird chinse apk popped up with no description yesterday and I took a pic with my phone 

again thank you so much for looking into this for me


TDSSKiller. TDSSKiller.

Link to post
Share on other sites
  • Root Admin

RtknGUI64 stands for Realtek HD Audio Manager Graphical User Interface (64-bit)

So far there is nothing in the logs to indicate a rootkit

Why don't you try creating a new Local User account with Admin rights. Don't use any Microsoft Cloud account

Then see how it runs


Link to post
Share on other sites

I will do that .....I ran Microsoft removal tool and it found a Trogen that was hiding from all other programs. When I get home I'll look and see what it was and post a screen shot ....I still feel very weary about it . My bank card texted me again saying "here is the code you requested" I did no such request. Also I had another profile on my xbox one ....just like my gamertag except the last 3 letters were different. Super weird 

Anyway thank you for looking into it ....the fight continues....

Link to post
Share on other sites
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.