Laptop performance has certainly improved - but I still have some sort of malware.
Symptoms are:
- two black command windows flash across screen a minute or two after restarting PC
- shortcut in Startup folder pointing to an exe file in a randomly named subfolder of appdata/roaming
- when I delete that subfolder OR that shortcut, it gets created again - usually quickly, within a minute - as a subfolder with a different name (but the shortcut is always named "Pxoxxoigtw")
- the subfolder contains the exe file (76 kb), which is always named same as a (randomly chosen) legitimate windows executable, along with a dll file (similar naming convention) and an entirely randomly named third file
I thought I outsmarted the scheme by replacing the exe file with some other executable (e.g., notepad.exe), renamed to the filename selected by the malware. Indeed, after restarting, the replacement executable started up, instead of the two command windows. After two more restarts, just to make sure, I removed the shortcut and the folder it pointed to. Half an hour later, the command windows flashed by again, and the shortcut was back in place.
I have no idea what it's doing, but I'm sure it's up to no good, and think it's likely that whatever it's doing was contributing to the gradual slowdown of the laptop. Any ideas on permanently removing it?