Solved Possible ongoing 3rd party interference and massive RAM usage

[Fryzjer]

Since the suspected date of infection, computer gradually slows down, makes more critical errors, CPU behaves like there was always another input queued before mine, windows detects IP conficts in the network (mine's the only one in it), so my claim is that someone took control over it, like a puppetmaster.

Basically at this point my routine is to outrun the malware - start performance monitor right after login, then killing svchost.exe(netsvc) when it's starting to consume more and more resources. In following article How to remove SvcHost.exe malware (Virus Removal Guide) it is stated that the .exe file found in directory any other than C:\Windows\System32 can be considered malware. I've secluded all of the variants:

svchost.exe.mui:
C:\Windows\SysWOW64\pl-PL

C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_506792dd76f7a29c

C:\Windows\System32\pl-PL

C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_ac862e612f5513d2

svchost.exe:
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356

C:\Windows\SysWOW64

In a single folder and I'm tempted to use Bitdefender file shredder on them. I've had to re-asign files' ownership to Admistrator from TrustedInstaller for all of them in the first place.

So, i'm almost certiain that i'm infected. On the other hand so far all proved harmless, and my only clues come from the unusual behavior observed in performance monitor.

 

[Fryzjer]

In addition, BitDefender fails to put up its firewall

 

[TwinHeadedEagle]

Hello,

I don't see obvious signs of infection.

System File Checker

• Press the
  
  on your keyboard. Type cmd and right click >> Run as Administrator.
• Copy/Enter the command below and press Enter:

• sfc /scannow

• Windows will begin with system scan.
• When done, please reboot your system.

System File Checker report:

• Press
  
  + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

• Attach sfcdetails.txt from your Desktop in your next reply.

 

[Fryzjer]

Uploading scan report "sfcdetails" as requested.

 

[TwinHeadedEagle]

How is your PC behaving now?

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Fryzjer]

Windows explorer isn't lagging as much as before, but I'm gonna put it into 24 hour observation, in case some new pattern presents itself.
svchost.exe(netsvc) still consumes a ton of RAM, after I've disabled automatic download and instalation in windows Update (doing it manually from now on.) Whether it's malware or not is beyond my comprehension.

Attaching Farbar reports as requested.

 

[TwinHeadedEagle]

Okay. Your computer isn't infected by the way.

 

[Fryzjer]

That's quite a relief, actually, thank you for helping me clarify the case. As for the performance, at this point even basic navigation is like swimming in concrete - it takes a ton of time to process any input. But I guess since I'm clean that's not Your issue any more. Thanks again for the help