About a week ago, I noticed strange behavior on my pc while gaming. I updated drivers, and it fixed the stuttering. On running a Malwarebytes scan, I believe something called bitcoin.miner or something came up. It's tough to provide a coherent narrative from then until now, but I will do my best. Any help that you can provide is very appreciated. I am literally at my wit's end. I always been around and comfortable with computers, since the C=64, but this has me beat.
1. Sometime after running the initial scan, I googled a bit about what that virus does, and it lead me to a site with several of the standard rootkit detectors and fixes. However, I was really shocked that most of these reputable sites would have so much ad-ware on the pages to download he fixes. I'd then realized this malware was redirecting.
2. I went to my wife's computer (a laptop) to swap some files to a flash drive. I then noticed that she had the same issues, as does my son's laptop. At this point,at my wife's laptop, I actually saw folders opening....I asked my wife if she'd opened her bills excel sheet and she hadn't! I immediately shut her system off and told my son to disconnect from the internet.
3. I spent pretty much the next three days awake trying to handle the issue on my own system. I keep a spare Hiren's CD around, and no matter what route I took to diagnose or repair the problem, this thing prevents it--or sends false clears. Stuff like R-Kill or GMER would send me to a BSOD.
4. A friend explained bootkits in detail and offered a suggestion. I went out and bought a new hard drive. I disconnected all other drives. I installed Windows 7 onto the new drive, and bolstered up for slowly reconnecting each drive to clear it up.
5. In the process of cleaning the first drive, my new Windows 7 had become infected again. I read up on loading Gparted and changing flags on the hidden partitions (I find one 10 meg or so hidden partition for each drive). Needless to say, I have 4 SATA drives and I actually thought I'd made some progress on my system when in finally snapping the last (I thought mbr-clean-drive) in, I broke the PCI Express slot straight off my motherboard. My system is currently out of commission!
6. I decided to load GParted on my wife's system. I deleted the hidden partition and did a complete HP Restore. Hers is one of the lapsops with an actual partition with a system recovery. I recovered it, and all day have been running Malware Bytes and TDSS to check it. I thought I was in the clear wih her.
7. About 30 minutes ago, I heard her HD spinning and thought I would check on it. Although no virus checker had shown anything, I noticed that something called TrustedInstaller was running at 100% CPU. The thing was hot as fire. I loaded Autoruns and noticed several processes that were out of wack, including ones named Catchme.sys as well as Ipinip or something. I've shut it down.
My one godsend is that I can browse/download with my Android phone and swap files and such with an otg cable (i think it's called). On searching those two crazy autorun processes, I realized I can't do this alone. I'm spent, and frustrated, and it's been upsetting for my entire family.
All that being said. I will follow steps I am given verbatim. If I am to run initial scans, please let me know if I should do so in safe mode. I know that most all of the suggested first downloads (from her system) like Combofix are redirected or when ran, throw up a UAC warning (I turned it off and it still did) or an immediate "Windows needs to update...",