Deeply iinfected

Archive
1

A little background:

I have an eight-core AMD 3.1 GHz processor with a NVIDIA GeForce GT 545 with 3 GB of RAM, with the latest driver 314.22 installed. My OS is Windows 7 Home Premium Service Pack 1 64-bit. I use NIS 2013 plus others.

I guess it started about two months ago when the PNY 32GB USB flash drive that I used for ReadyBoost, stopped working. I just thought maybe the flash drive was defective. I soon noticed my OS freezing when I first booted up. I would enter my password, see the welcome screen, see my desktop and a few icons in the task bar, and then it would freeze. I would shut down by holding the power button for a few seconds. Then I turned my computer back on and when asked I started Windows normally. My computer would work then. This happened occasionally. Then about two weeks ago I noticed some changes to a play list on Windows Media Player. A song (a file from my computer) was being added, many times, to play lists. Two days ago I noticed that the play list that I listen to most stated that there where 953 items with 167,569,213 hours. I finally realized something was terribly wrong. It is getting worse; Friday I tried to transfer photos from my digital camera to my computer. My computer did not recognize that I had my camera connected, although it did recognize when it was disconnected (I could tell by system sounds.) Now when I do a search, the option to "see more results" is not there.

     I scan my system every day with NIS, SuperAntiSpyware Professional, Spybot Search and Destroy and Malwarebytes Anti-Malware (Pro). Yes I am just a little bit paranoid. I found out last week after a problem with the patch from NIS, when I had to use NRnR.exe that Malwarebytes was incompatible with NIS. I don't know why NIS did not tell me this before I paid for Malwarebytes Pro last year. I left Malwarebytes on my system but only use it to scan (not real-time protection.) My scans revealed nothing. Saturday I used Malwarebytes. The flash scan and quick scan revealed nothing, but the full scan revealed "My Projects\Extracted MDF_MDS\BG 1\_ISDel.exe (Spyware.Zbot)" It was quarantined and removed. Friday night I used NPE. In safe mode as instructed it found nothing. I tried it in normal mode just to see and it found rikvm_38F51D56.sys, which it turns out is an actual Cyberlink file. After perusing the forums here I could not find anything to help me other than learning about the Cyberlink file. I fear that my system is deeply infected.

       Saturday I downloaded HiJackThis from Major Geeks and, after scanning it with everything, I installed it. I was finally able to get a log after I changed the compatibility to Windows XP SP2.

  I also downloaded and ran tdsskiller which found nothing and adwcleaner which was denied access to notepad.

   I tried to use the Norton Bootable Recovery Tool that I burned to a DVD sometime in September of 2012; I followed the instructions and used the Legacy boot for my DVD drive. The screen turned Norton-yellow like it was going to start but then stated that it could not find a file.

I ran the MS Security Scanner, it found VirTool:Win32/Obfuscator.XZ which it did nothing about and HackTool:Win32/Keygen which it partially removed. I tried to remove VirTool:Win32/Obfuscator.XZ manually with the instructions I found here; http://blog.teesupport.com/how-to-remove-virtoolwin32obfuscator-xz-completely-and-effectively-step-by-step-removal/ but the registry items that I needed to delete were not there. I did reboot to safe mode and deleted the folder where VirTool:Win32/Obfuscator.XZ was located.

      I made up my mind to return my computer to factory condition. While checking program files that I would need to reinstall; I looked at properties and found unknown users listed in the security tab.

   I am very careful about getting a virus. When I get emails from friends that contain images or videos I download them and run all four scans before I open them. I never open attachments from unknowns. Every time I download a new file I always scan with all four programs before I open or install the file. I got a virus on my first computer in 1996 (anyone remember DOS and Windows 3.1?) I never wanted to get another one. :( I am now on my fifth computer since then. Every time I get a new computer I transfer all of my files. I have accumulated a large number of image, music and video files and I am hoping that I will not lose them. I do not understand how I got infected with all of this security.

   So I have a few questions if anyone can help;

 

1)     The files for the HP factory recovery are on the C: drive, will a factory reinstall definitely remove the virus, trojan, malware?

2)     Should I contact HP to get a hard copy of the recovery media instead?

3)     I installed my old hard drive as a second hard drive (drive F :) when I first got my new computer. Do I have to physically disconnect it before I do a factory reinstall? Or Can I just uninstall it from the device manager and BIOS?

4)     Is it possible that my other hard drive (F :) will be infected as well?

5)     If my F: drive is infected, will it be easier to clean with a factory clean C: drive or do I just risk infecting the newly recovered C: drive?

 

Thank you to all who would take the time to help!