Very high RAM usage Rundll32.exe

29 Jul 2013   #31

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Please download MGADiag and save it to your desktop.

Double click icon on your desktop.

Click on the button

Click on the button

Paste the log inside the box . Highlight all of the text then code wrap in between [CODE][/CODE] by pressing on the # icon on the top .

29 Jul 2013   #32

Windows 7 Home Premium x64

Everything is up to date
29 Jul 2013   #33

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

How's the PC ? Is the issue you were having fixed ?

RogueKiller for 32bit <==== Download Link

RogueKiller for 64bit <==== Download Link

Click on one of the links above that goes with your Windows 7 bit versions

Save to the Desktop.

Close all windows and browsers

Right click on and choose

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.
29 Jul 2013   #34

Windows 7 Home Premium x64

29 Jul 2013   #35

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Rerun RogueKiller and click on Delete button .
30 Jul 2013   #36

Windows 7 Home Premium x64

Ok its all done
30 Jul 2013   #37

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Download HitManPro

64-Bit Version OS HitmanPro_x64

32-Bit Version OS HitmanPro

Save to the Desktop

Right click on HitmanPro.exe and choose

When HitmanPro opens up click on Settings uncheck Scan for tracking cookies . Click on OK . Then click on the Next button

Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

Let it scan the PC once its done Click Next

Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next

Upload the log . Locate in C:\ ProgramData\Hitman Pro\Logs
30 Jul 2013   #38

Windows 7 Home Premium x64

30 Jul 2013   #39

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Can you copy and paste the log contents please ? I'm on an iPad I see boxes .
30 Jul 2013   #40

Windows 7 Home Premium x64


   Computer name . . . . : RAZOR-PC
   Windows . . . . . . . :
   User name . . . . . . : Razor-PC\Razor
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-29 23:13:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 47s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 16

   Objects scanned . . . : 1,160,052
   Files scanned . . . . : 20,811
   Remnants scanned  . . : 260,623 files / 878,618 keys

Suspicious files ____________________________________________________________

      Size . . . . . . . : 112,318 bytes
      Age  . . . . . . . : 0.2 days (2013-07-29 19:31:51)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 373836F7F83ADAEE99AD9163CA849160710B38C74F3D7413E5E3A771ECEFACDE
      Version  . . . . . :
      Fuzzy  . . . . . . : 28.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Program is running but currently exposes no human-computer interface (GUI).
         Authors name is missing in version info. This is not common to most programs.
         Time indicates that the file appeared recently on this computer.
         File resides in a temporary folder. This is not typical for most programs.
         The file is in use by one or more active processes.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -14.3s C:\Windows\Minidump\072913-15615-01.dmp
         -14.1s C:\ProgramData\NVIDIA\Resource.dat
         -13.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07292013-193137-00000003-ffffffff.bin
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{22A4FA1F-2397-4A1C-93D2-A8DE072FDC45}
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D12D118D-D542-48FB-8276-00A085AAA6A8}
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5DB1247D-7E0D-42E4-A711-7471D1A6B26C}
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{67555861-C812-49A7-B329-08550AA27B42}
         -2.8s C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\b151e52b0a130264561852d04b19a67d_8b918a3e-2aca-4654-bb25-4cc3f9c9d412
         -2.8s C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\7e89cd8675fe80ee3c50fca1c179b4fe_8b918a3e-2aca-4654-bb25-4cc3f9c9d412
         -2.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D8688A48-07F0-469A-86AD-D1607D9E9182}
         -1.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3DE4296B-C002-4E5C-BC7E-0D17CA67C7E6}
         -0.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A24001F5-6746-48D7-B878-40C9B7111635}
         -0.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9E275964-99F2-4D5D-AF65-4430BF99D99C}
         -0.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{557327BE-3CF8-480F-B2B2-0B7E1085E4AD}
         -0.1s C:\Users\Razor\AppData\Local\Temp\jusched.log
         -0.1s C:\Users\Razor\AppData\Local\Temp\AdobeARM.log
          0.0s C:\Users\Razor\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\
          0.0s C:\Users\Razor\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
          1.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CB5EDAD6-041B-4756-AE58-0247EE888216}
          1.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C5AAA094-C9C7-44F5-B259-84DCE15A8880}
          1.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EBC10513-5D62-486A-93B7-A9FE5D943946}
          1.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FB520599-E26E-4628-96D4-985ABAC5BD71}
          1.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BA46EA54-CEBE-45B3-AA09-A7BA3D4922A6}
          2.0s C:\Users\Razor\AppData\Local\Temp\JET7C9E.tmp
          3.6s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTSteam Event Tracing.etl
          3.8s C:\Users\Razor\AppData\Local\Temp\WPDNSE\
          4.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DE006847-4489-4133-AF78-158485419278}
          5.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af913084bcc985133c8bb10ec5fdc3a4_8b918a3e-2aca-4654-bb25-4cc3f9c9d412
          9.4s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_0cc49971\
          9.4s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_0cc49971\Report.wer
          9.8s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
          9.8s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
         10.1s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
         10.1s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
         10.3s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
         10.7s C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-1861358065-294713551-414045126-1000.dat
         14.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8C9087EA-DB53-497E-90CA-01E7C639B6A0}
         35.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A56796AE-0C69-4305-AF57-8B0DE06C0C0F}
         38.8s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
         39.4s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
         39.6s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
         41.9s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
         42.1s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
         57.2s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
         59.2s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
         64.7s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
         66.5s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
         66.7s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
         67.0s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
         70.4s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
