I'm not sure if I have\had an infection or just some problem with Windows 7 but really appreciate any help you could give me. I believe I may have been infected with some kind of virus or malware. I have been running Windows 7 RC with F-Secure anti-virus. I have been working with it for a few months and all has been OK. The other day I noticed that the system was responding much slower than usual and I noticed that CPU utilisation was at 100%. Looking into this I noticed that processes like dllhost.exe and svchost.exe were consuming an entire core's worth of CPU (25%). Things like bringing up the volume control or showing all running processes for users took minutes to appear if at all. I have disconnected the network now to prevent any virus "talking back to home".
I have followed the initial instructions of the malware and spyware cleaning guide as follows (software and updates were all copied over using USB stick from another PC):
- TFC - Ran this and rebooted as it prompted and the above issues seem resolved now. Still continued with other steps in case traces were left elsewhere
- System Restore - New restore point created manually as program did not run on Win7
- ERUNT - Run as instrcuted
- Malwarebytes - Run as instructed and logs attached
- Virus Scan - Run with F-Secure and then F-Secure uninstalled and replaced with Avast and updated. No viruses. I have also scanned using AVG and avast from Linux
- Windows Updates - Was up to date prior to infection (right up to latest windows defender update) and have not updated as did not want PC on network
- Reboot test - As stated above TFC seemed to stop the issue OK. Some occasional logons have since taken up to 5 minutes to proceed beyond "logging in" message (usually this has been instant). I have not seen this behaviour before now but all seems OK after login. Looking in eventviewer the only clue seems to be a check for windows licence may take some time.
- RootRepeal - Unable to run as not 64 bit compatible. I am most concerned that there is a root kit behind all this. Is there anything else I can run to detect these on 64 bit systems?
- OTL log - attached
Any help you can provide would be appreciated.
Thanks,
Julez