Do I have a virus?

rk79 · Aug 16, 2009

I am a long-time lurker here as I have struggled with my own Vista, but I promised to help get my sister's computer optimized before she starts classes tomorrow, which has pushed me to posting.

She took her Dell Inspiron 1501 (Vista Home Basic) into the Geek Squad, and they told her she had a virus. I haven't been able to find a virus after running both Avast and Malwarebytes several times.

I think the problem was that she filled up her C-drive, so I backed everything up with Carbonite, moved all of her media to a portable external, plugged in a USB for ReadyBoost (.5 GB of extra RAM is on its way here from Crucial), ran disk cleanup and defrag, and installed all critical updates from Windows.

Anyway, it's still a little slow and the CPU spikes to 100 for what seems like no good reason. Would someone mind looking over the following tasklist to see if I am overlooking some malware or other drain on her CPU? If so, thanks in advance:

Code:

Image Name: System Idle Process
PID: 0
Services: N/A
 
Image Name: System
PID: 4
Services: N/A
 
Image Name: smss.exe
PID: 372
Services: N/A
 
Image Name: csrss.exe
PID: 448
Services: N/A
 
Image Name: wininit.exe
PID: 500
Services: N/A
 
Image Name: csrss.exe
PID: 508
Services: N/A
 
Image Name: winlogon.exe
PID: 556
Services: N/A
 
Image Name: services.exe
PID: 584
Services: N/A
 
Image Name: lsass.exe
PID: 604
Services: KeyIso
SamSs
 
Image Name: lsm.exe
PID: 612
Services: N/A
 
Image Name: svchost.exe
PID: 768
Services: DcomLaunch
PlugPlay
 
Image Name: svchost.exe
PID: 852
Services: RpcSs
 
Image Name: svchost.exe
PID: 884
Services: WinDefend
 
Image Name: Ati2evxx.exe
PID: 952
Services: Ati External Event Utility
 
Image Name: svchost.exe
PID: 1036
Services: Audiosrv
Dhcp
Eventlog
lmhosts
WPCSvc
wscsvc
 
Image Name: svchost.exe
PID: 1060
Services: AudioEndpointBuilder
EMDMgmt
Netman
PcaSvc
SysMain
TabletInputService
TrkWks
UxSms
WdiSystemHost
Wlansvc
WPDBusEnum
wudfsvc
 
Image Name: svchost.exe
PID: 1076
Services: AeLookupSvc
Appinfo
BITS
Browser
EapHost
IKEEXT
iphlpsvc
LanmanServer
MMCSS
ProfSvc
RasMan
Schedule
seclogon
SENS
ShellHWDetection
Themes
Winmgmt
wuauserv
 
Image Name: audiodg.exe
PID: 1152
Services: N/A
 
Image Name: svchost.exe
PID: 1176
Services: gpsvc
 
Image Name: SLsvc.exe
PID: 1196
Services: slsvc
 
Image Name: svchost.exe
PID: 1232
Services: EventSystem
FDResPub
LanmanWorkstation
netprofm
nsi
SSDPSRV
SstpSvc
upnphost
W32Time
WebClient
WinHttpAutoProxySvc
 
Image Name: svchost.exe
PID: 1368
Services: Dnscache
KtmRm
napagent
NlaSvc
TapiSrv
TermService
 
Image Name: Ati2evxx.exe
PID: 1380
Services: N/A
 
Image Name: aswUpdSv.exe
PID: 1560
Services: aswUpdSv
 
Image Name: ashServ.exe
PID: 1572
Services: avast! Antivirus
 
Image Name: spoolsv.exe
PID: 1856
Services: Spooler
 
Image Name: svchost.exe
PID: 1880
Services: BFE
DPS
MpsSvc
 
Image Name: AppleMobileDeviceService.exe
PID: 192
Services: Apple Mobile Device
 
Image Name: CarboniteService.exe
PID: 268
Services: CarboniteService
 
Image Name: svchost.exe
PID: 400
Services: PolicyAgent
 
Image Name: rpcnet.exe
PID: 440
Services: Rpcnet
 
Image Name: svchost.exe
PID: 1392
Services: stisvc
 
Image Name: svchost.exe
PID: 2100
Services: WerSvc
 
Image Name: SearchIndexer.exe
PID: 2196
Services: WSearch
 
Image Name: XAudio.exe
PID: 2244
Services: XAudioService
 
Image Name: taskeng.exe
PID: 2620
Services: N/A
 
Image Name: taskeng.exe
PID: 2712
Services: N/A
 
Image Name: dwm.exe
PID: 2780
Services: N/A
 
Image Name: explorer.exe
PID: 2804
Services: N/A
 
Image Name: SynTPEnh.exe
PID: 3040
Services: N/A
 
Image Name: iTunesHelper.exe
PID: 3068
Services: N/A
 
Image Name: ashDisp.exe
PID: 3080
Services: N/A
 
Image Name: sttray.exe
PID: 3092
Services: N/A
 
Image Name: CarboniteUI.exe
PID: 3140
Services: N/A
 
Image Name: unsecapp.exe
PID: 3480
Services: N/A
 
Image Name: WmiPrvSE.exe
PID: 3576
Services: N/A
 
Image Name: VSSVC.exe
PID: 3304
Services: VSS
 
Image Name: iPodService.exe
PID: 2688
Services: iPod Service
 
Image Name: svchost.exe
PID: 3928
Services: swprv
 
Image Name: WUDFHost.exe
PID: 2556
Services: N/A
 
Image Name: Ymsgr_tray.exe
PID: 3236
Services: N/A
 
Image Name: chrome.exe
PID: 1640
Services: N/A
 
Image Name: chrome.exe
PID: 1252
Services: N/A
 
Image Name: chrome.exe
PID: 3924
Services: N/A
 
Image Name: taskmgr.exe
PID: 2940
Services: N/A
 
Image Name: cmd.exe
PID: 1512
Services: N/A
 
Image Name: WmiPrvSE.exe
PID: 2040
Services: N/A
 
Image Name: tasklist.exe
PID: 3176
Services: N/A

kword88 · Aug 16, 2009

you can definitely disable anything to do with chrome or itunes. these might help too"
Process Explorer - Free software downloads and software reviews - CNET Download.com

Startup Manager » Download

and if you are really anal retentive:D Windows Vista Service Pack 2 Service Configurations by Black Viper

Ojaser6 · Aug 16, 2009

Why don't you just back everything up and reinstall Windows? Or you can use system restore to restore the PC back to when you are sure there was no problem.

Or maybe it's a problem with your registry. Try downloading a registry cleaner and clean your registry.

Frostmourne · Aug 17, 2009

Try running sophos anti-rootkit scanner too. The list seems clean. Overall

rk79 · Aug 17, 2009

Thanks kword88. I will check those out.

Ojaser6, unfortunately, my sister's Dell has been slow since she got it, so I wouldn't know when to restore it to (they sold her a Vista machine with only 500 MB of RAM; I put in a 1 GB stick immediately, and I am going ahead and replacing the 500 MB stick now).

rk79 · Aug 17, 2009

Thanks for looking over the list Frostmourne.

Do I have a virus?

rk79

New Member

My Computer

System One

kword88

My Computer

System One

Ojaser6

My Computer

System One

Frostmourne

Banned

My Computer

System One

rk79

New Member

My Computer

System One

rk79

New Member

My Computer

System One