New
#1
explorer.exe uses full core pemanently, ntdll.dll!RtlValidateHeap+0x17
After having wasted several days with useless scanner software I've installed an SSD drive and installed Windows 7 on it, which works fine. The disk on which the infected Windows 7 is installed is now used purely for data storage, although I can still boot into the infected Windows if someone likes to explore the problem.
-------------------------------------------------
As soon as I open Windows Explorer, it uses a full core of my 4 core system. I'm running Windows 7 Pro 64 Bit. Process Hacker shows ntdll.dll!RtlValidateHeap+0x170 as start address for the thread that uses the processor resources. I've tried Process Monitor to find out what this thread is doing, but only the thread exit with success (after I've terminated it in Process Hacker) shows up in Process Monitor. A System Restore has brought no change. I can't find anything suspicious in Event Viewer. I've run full scans with Microsoft Security Essentials, Anti-Malware, Hitman Pro and most other programs listed at http://www.bleepingcomputer.com/download/windows/security, to no avail.
The problem also occurs with other programs, e.g. Notepad, as soon as the Windows file dialog is opened, although in that case it is not always ntdll.dll that seems to use the processor resources.
When I boot in safe mode with pretty much everything disabled, Windows Explorer works fine.
DDS.txt and Attach.txt are attached (couldn't post DDS.txt as too long).