Inactive Pokey Windows 7 Laptop

Avast thinks TFC has a virus, but I disabled the antivirus program long enough to download the file. Surely this is a false positive.

 

Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
SpywareBlaster 5.2
Secunia PSI (2.0.0.4003)
Java 8 Update 60
Java 8 Update 65
Adobe Flash Player 20.0.0.235
Mozilla Firefox (42.0)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 10-06-2014
Ran by newert3 (administrator) on 17-12-2015 at 22:46:26
Running from "C:\Users\newert3\Desktop "
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Sophos scan is running slow as did the other scans.

 

Sophos scan is clean, but it took a few hours to complete. CPU is still running high.

 

Process CPU Private Bytes Working Set PID Description Company Name Command Line
System Idle Process 0 K 24 K 0
System 1.18 252 K 3,796 K 4
Interrupts 0.42 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 400 K 1,000 K 328 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe < 0.01 2,384 K 4,748 K 428 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe 1,308 K 2,072 K 480 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 5,384 K 8,136 K 584 Services and Controller app Microsoft Corporation C:\windows\system32\services.exe
svchost.exe 3,708 K 6,448 K 708 Host Process for Windows Services Microsoft Corporation C:\windows\system32\svchost.exe -k DcomLaunch
unsecapp.exe 1,708 K 3,816 K 3796 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation C:\windows\system32\wbem\unsecapp.exe -Embedding
WmiPrvSE.exe 5.32 5,424 K 7,968 K 3872 WMI Provider Host Microsoft Corporation C:\windows\system32\wbem\wmiprvse.exe
WmiPrvSE.exe 2,284 K 5,916 K 4724 WMI Provider Host Microsoft Corporation C:\windows\system32\wbem\wmiprvse.exe -Embedding
svchost.exe 0.01 4,464 K 6,828 K 788 Host Process for Windows Services Microsoft Corporation C:\windows\system32\svchost.exe -k RPCSS
svchost.exe 19,900 K 17,788 K 836 Host Process for Windows Services Microsoft Corporation C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 15,908 K 16,132 K 4360 Windows Audio Device Graph Isolation Microsoft Corporation C:\windows\system32\AUDIODG.EXE 0x980
svchost.exe < 0.01 136,600 K 133,348 K 940 Host Process for Windows Services Microsoft Corporation C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
WUDFHost.exe 1,808 K 3,040 K 2992 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-63330b9e-607f-4706-9b22-9f071ce28a95 -SystemEventPortName:HostProcess-d413542e-0f30-48ff-963f-c8b810471e6b -IoCancelEventPortName:HostProcess-e597a667-102b-46c1-b1ce-8c8b0d919e0b -NonStateChangingEventPortName:HostProcess-8b5312a7-b536-4613-9764-750d091faee1 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4ffa0088-a1a1-4838-afc7-3ee23016874a
dwm.exe 0.54 47,304 K 21,828 K 1048 Desktop Window Manager Microsoft Corporation "C:\windows\system32\Dwm.exe "
svchost.exe 0.01 10,764 K 15,352 K 968 Host Process for Windows Services Microsoft Corporation C:\windows\system32\svchost.exe -k LocalService
svchost.exe 90.68 173,312 K 117,636 K 992 Host Process for Windows Services Microsoft Corporation C:\windows\system32\svchost.exe -k netsvcs
taskeng.exe 1,496 K 4,920 K 4792 Task Scheduler Engine Microsoft Corporation taskeng.exe {4DAA9F67-4949-4D42-88CB-7A89A9994E2E}
svchost.exe < 0.01 27,748 K 22,660 K 1068 Host Process for Windows Services Microsoft Corporation C:\windows\system32\svchost.exe -k NetworkService
AvastSvc.exe 0.02 67,528 K 41,072 K 1212 avast! Service AVAST Software "C:\Program Files\AVAST Software\Avast\AvastSvc.exe "
spoolsv.exe 8,448 K 9,540 K 1328 Spooler SubSystem App Microsoft Corporation C:\windows\System32\spoolsv.exe
svchost.exe 14,640 K 13,240 K 1372 Host Process for Windows Services Microsoft Corporation C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
ReflectService.exe 1,964 K 3,556 K 1864 Reflect Service - Enables mounting of images Paramount Software UK Ltd "C:\Program Files\Macrium\Reflect\ReflectService.exe "
psia.exe 14,324 K 20,368 K 1920 Secunia PSI Agent Secunia "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
TeamViewer_Service.exe 4,524 K 7,236 K 1156 TeamViewer 10 TeamViewer GmbH "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe "
TODDSrv.exe < 0.01 1,336 K 2,304 K 432 TDCSrv Application TOSHIBA Corporation C:\windows\system32\TODDSrv.exe
TosCoSrv.exe 2,208 K 2,280 K 1532 TOSHIBA Power Saver TOSHIBA Corporation "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "
svchost.exe < 0.01 48,256 K 5,140 K 2156 Host Process for Windows Services Microsoft Corporation C:\windows\System32\svchost.exe -k secsvcs
WLIDSVC.EXE < 0.01 6,828 K 8,688 K 2184 Microsoft® Windows Live ID Service Microsoft Corp. "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "
WLIDSVCM.EXE 1,028 K 1,648 K 2336 Microsoft® Windows Live ID Service Monitor Microsoft Corp. WLIDSvcM.exe 2184
sua.exe 1,208 K 2,672 K 2760 Secunia Update Agent Secunia "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
svchost.exe 2,220 K 4,112 K 2964 Host Process for Windows Services Microsoft Corporation C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 0.01 8,220 K 14,232 K 1292 Host Process for Windows Services Microsoft Corporation C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
wmpnetwk.exe 0.01 11,164 K 13,380 K 2916 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe "
SearchIndexer.exe 0.01 24,708 K 13,724 K 644 Microsoft Windows Search Indexer Microsoft Corporation C:\windows\system32\SearchIndexer.exe /Embedding
taskhost.exe 0.01 7,580 K 8,052 K 2776 Host Process for Windows Tasks Microsoft Corporation "taskhost.exe "
svchost.exe 3,488 K 7,508 K 2748 Host Process for Windows Services Microsoft Corporation C:\windows\System32\svchost.exe -k LocalServicePeerNet
TrustedInstaller.exe 38,156 K 41,868 K 5084 Windows Modules Installer Microsoft Corporation C:\windows\servicing\TrustedInstaller.exe
lsass.exe 0.03 5,932 K 10,104 K 600 Local Security Authority Process Microsoft Corporation C:\windows\system32\lsass.exe
lsm.exe 2,320 K 2,972 K 608 Local Session Manager Service Microsoft Corporation C:\windows\system32\lsm.exe
csrss.exe 0.07 2,372 K 10,188 K 492 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 2,508 K 4,440 K 528 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 0.05 32,464 K 47,424 K 2596 Windows Explorer Microsoft Corporation C:\windows\Explorer.EXE
SynTPEnh.exe < 0.01 8,028 K 8,664 K 1620 Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
SynTPHelper.exe 924 K 1,752 K 3544 Synaptics Pointing Device Helper Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
Eraser.exe < 0.01 40,248 K 27,308 K 2368 Eraser The Eraser Project "C:\Program Files\Eraser\Eraser.exe" --atRestart
ClassicStartMenu.exe 3,052 K 4,776 K 1028 Classic Start Menu IvoSoft "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
sidebar.exe 24,488 K 41,948 K 3104 Windows Desktop Gadgets Microsoft Corporation "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
avastui.exe 0.04 18,360 K 25,740 K 3580 avast! Antivirus AVAST Software "C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
procexp.exe 2,140 K 7,256 K 3064 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\newert3\Desktop\process explorer\procexp.exe"
procexp64.exe 1.58 22,720 K 43,548 K 3844 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\newert3\Desktop\process explorer\procexp.exe "

 

Thanks, Broni.

For what it's worth, this problem cropped up recently after letting the laptop sit dormant for a few weeks. Just before starting this thread, I restored a working image from August with Macrium Reflect, but the CPU resource issue remained. I have another image from June, but not sure if I want to go that far back just yet.

Did you confirm the presence of malware?

 

So I take it this laptop was clean before I started this thread?