Hey all,
I am running an HP Laptop with Windows 7 (64-bit), which was made in April 2010 and I purchased new in September. My current location is Germany, and for the past few months I've been living in a student dorm arrangement. This dorm has only two options for free netz, which is an unencrypted Ethernet LAN in my room and a unsecured wireless connection on campus. We log in with user names (so only other university students use the network) but other than that, we're on our own in terms of computer safety.
Knowing this I installed GData Internet Security 2011, thinking that'd keep everything secure. I must have made a mistake, and a week ago I noticed I was running 100% of my processes all the time (I posted here in the wrong forum about it, too, I'm sorry.)
Wanting to be independent I went to Major Geeks and ran their malware removal protocol for Windows 7 (except combofix). So I ran Malwarebytes AntiMalware, SUPERAntiSpyware, HijackThis, CCleaner and GData. The log for Hijackthis before I removed anything is posted below.
HijackThis was not able to scan the Hosts file. I noticed I was running about 15 IE processes, although I use Chrome. Also, CCleaner found way more tmp files in IE than in either of the browsers that I actually use, and running the cleaner didn't delete the processes in question. So after trying to uninstall IE (Turns out you can't do that) I went into the Help+Maintenance window and disabled Internet Explorer from there. That cut down the CPU% getting used by about 1/3.
I then saved a System Image on my 1TB external HD in case I bleeped up and accidentally deleted system32 or something.
Running Superantispyware found a trojan (Trojan/Gen) and a crapload of cookies, which I got rid of.
I defragmented the disk.
After that I updated GData (which was current then, but I tried it) and turned up the firewall to maximum security. It started blocking weird queries from other computers that live on my LAN network, but it still hasn't found any viruses.
Today I went back to the Help+Maintenance window to do the Complete Health Check and it highlit some of my drivers for the Synaptics touchpad, HP Support Assistant, Realtek Audio Driver, and Intel RST Drivers as "needing updates". It also warned me that System Restore and the HP Support Assistant were disable. Trying to fix these issues in H+M didn't do anything - even when the downloads and installations were complete the task would never end.
So I manually downloaded the drivers for the RST and the touchpad, and updated those, but I am having a hard time getting the one for the speakers. Realtek's site is obnoxiously slow and I already accidentally downloaded and briefly installed some suspect "Driver Navigator" from a company called "Easyware" which said it was from Realtek. (I've already uninstalled that.) I don't know whether I should follow HP's recommendation to get their "Support Assistant" (which I have disabled) or to enable System Restore.
Not wanting to leave anything out I got a copy of Sophos Anti-Rootkit. I'm going to post this, then run it for rootkits. I'll post if I find anything.
My CPU is still working harder than it ought to be, so I ask, is there something I missed? I'm including a Hijackthis log from before, when I had the original problem (with my notes on the log) and a log from today. Do you all have any recommendations about what to do next?
I've attached two hijackthis logs - one from before I did anything and one from today, as well a DDS log. Can you help me?
thank you.
- calyx
I'm not trying to bump - that would be selfish.
I wanted to attach one more file. Here is the log from Sophos Anti-Rootkit
EDIT: Topics and posts merged ~BP
Edited by Budapest, 28 January 2011 - 04:03 PM.