Solved Very high RAM usage Rundll32.exe

VistaKing · Jul 29, 2013

Inside C:\Windows

Tip

ADDED : File ends in .dmp

Razor505 · Jul 29, 2013

VistaKing said:
Inside C:\Windows

Tip

ADDED : File ends in .dmp

There are dmps in minidumps, and a file called memory.dmp

VistaKing · Jul 29, 2013

Upload them

Razor505 · Jul 29, 2013

VistaKing said:
Upload them

I cannot upload them, it says I need admin permission, but I am logged in as admin.

VistaKing · Jul 29, 2013

Use the tool in this tutorial

:ar: http://www.sevenforums.com/bsod-help-support/96879-blue-screen-death-bsod-posting-instructions.html

Razor505 · Jul 29, 2013

View attachment Razor.zip

VistaKing · Jul 29, 2013

This is what I am seeing from the .dmp files

7-29-2013
SnakeEyes.sys
7-26-2013
nvlddmkm.sys
7-21-2013
ASUSstpt.sys - ASUS USB 3.0 Boost Storage Driver
Image name: ASUSstpt.sys
Timestamp:Thu Sep 15 09:24:31 2011

7-9-2013
ASUSstpt.sys

7-8-2013
SnakeEyes.sys
ASUSstpt.sys

7-7-2013
ASUSstpt.sys

7-6-2013
ASUSstpt.sys

7-5-2013
storport.sys

7-3-2013
SnakeEyes.sys

Update :

ASUSumsc.sys - Asmedia USB 3.0 Driver

storport.sys - Asmedia SATA Controller and AMD AHCI Driver

SnakeEyes.sys - Corsair M65 Gaming Mouse

nvlddmkm.sys - Graphic Driver(NVIDIA GeForce GTX 660)

VistaKing · Jul 29, 2013

The specs in your profile show you have an Acer but the dmp file shows your motherboard is an Asus SABRETOOTH

Razor505 · Jul 29, 2013

VistaKing said:
The specs in your profile show you have an Acer but the dmp file shows your motherboard is an Asus SABRETOOTH

I forgot to update my specs, because this is a custom built computer.

VistaKing · Jul 29, 2013

Let me know when you have updated the drivers .

VistaKing · Jul 29, 2013

Please download MGADiag and save it to your desktop.

:ar: Double click

icon on your desktop.

:ar: Click on the

button

:ar: Click on the

button

:ar: Paste the log inside the box . Highlight all of the text then code wrap in between [CODE][/CODE] by pressing on the # icon on the top .

Razor505 · Jul 30, 2013

Everything is up to date

VistaKing · Jul 30, 2013

How's the PC ? Is the issue you were having fixed ?

RogueKiller for 32bit <==== Download Link

RogueKiller for 64bit <==== Download Link

:ar: Click on one of the links above that goes with your Windows 7 bit versions

:ar: Save to the Desktop.

:ar: Close all windows and browsers

:ar: Right click on

and choose

:ar: Press: SCAN

:ar: provide the RKreport.txt (Mode: Scan) in your reply.

Razor505 · Jul 30, 2013

View attachment RKreport[0]_S_07292013_221630.txt
Mode: Scan

VistaKing · Jul 30, 2013

Rerun RogueKiller and click on Delete button .

Razor505 · Jul 30, 2013

Ok its all done

VistaKing · Jul 30, 2013

Download

HitManPro

64-Bit Version OS :ar: HitmanPro_x64

32-Bit Version OS :ar: HitmanPro

:ar: Save to the Desktop

:ar: Right click on HitmanPro.exe and choose

:ar: When HitmanPro opens up click on Settings uncheck Scan for tracking cookies . Click on OK . Then click on the Next button

:ar: Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

:ar: Let it scan the PC once its done Click Next

:ar: Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next

Upload the log . Locate in C:\ ProgramData\Hitman Pro\Logs

Razor505 · Jul 30, 2013

View attachment HitmanPro_20130729_2314.log

VistaKing · Jul 30, 2013

Can you copy and paste the log contents please ? I'm on an iPad I see boxes .

Razor505 · Jul 30, 2013

Code:

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : RAZOR-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Razor-PC\Razor
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-29 23:13:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 47s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 16

   Objects scanned . . . : 1,160,052
   Files scanned . . . . : 20,811
   Remnants scanned  . . : 260,623 files / 878,618 keys

Suspicious files ____________________________________________________________

   C:\Users\Razor\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
      Size . . . . . . . : 112,318 bytes
      Age  . . . . . . . : 0.2 days (2013-07-29 19:31:51)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 373836F7F83ADAEE99AD9163CA849160710B38C74F3D7413E5E3A771ECEFACDE
      Product
      Description
      Version  . . . . . : 5.3.2.2
      Copyright
      Fuzzy  . . . . . . : 28.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Program is running but currently exposes no human-computer interface (GUI).
         Authors name is missing in version info. This is not common to most programs.
         Time indicates that the file appeared recently on this computer.
         File resides in a temporary folder. This is not typical for most programs.
         The file is in use by one or more active processes.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -14.3s C:\Windows\Minidump\072913-15615-01.dmp
         -14.1s C:\ProgramData\NVIDIA\Resource.dat
         -13.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MpWppTracing-07292013-193137-00000003-ffffffff.bin
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{22A4FA1F-2397-4A1C-93D2-A8DE072FDC45}
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D12D118D-D542-48FB-8276-00A085AAA6A8}
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5DB1247D-7E0D-42E4-A711-7471D1A6B26C}
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{67555861-C812-49A7-B329-08550AA27B42}
         -2.8s C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\b151e52b0a130264561852d04b19a67d_8b918a3e-2aca-4654-bb25-4cc3f9c9d412
         -2.8s C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\7e89cd8675fe80ee3c50fca1c179b4fe_8b918a3e-2aca-4654-bb25-4cc3f9c9d412
         -2.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D8688A48-07F0-469A-86AD-D1607D9E9182}
         -1.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3DE4296B-C002-4E5C-BC7E-0D17CA67C7E6}
         -0.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A24001F5-6746-48D7-B878-40C9B7111635}
         -0.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9E275964-99F2-4D5D-AF65-4430BF99D99C}
         -0.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{557327BE-3CF8-480F-B2B2-0B7E1085E4AD}
         -0.1s C:\Users\Razor\AppData\Local\Temp\jusched.log
         -0.1s C:\Users\Razor\AppData\Local\Temp\AdobeARM.log
          0.0s C:\Users\Razor\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\
          0.0s C:\Users\Razor\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
          1.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CB5EDAD6-041B-4756-AE58-0247EE888216}
          1.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C5AAA094-C9C7-44F5-B259-84DCE15A8880}
          1.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EBC10513-5D62-486A-93B7-A9FE5D943946}
          1.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FB520599-E26E-4628-96D4-985ABAC5BD71}
          1.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BA46EA54-CEBE-45B3-AA09-A7BA3D4922A6}
          2.0s C:\Users\Razor\AppData\Local\Temp\JET7C9E.tmp
          3.6s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTSteam Event Tracing.etl
          3.8s C:\Users\Razor\AppData\Local\Temp\WPDNSE\
          4.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DE006847-4489-4133-AF78-158485419278}
          5.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af913084bcc985133c8bb10ec5fdc3a4_8b918a3e-2aca-4654-bb25-4cc3f9c9d412
          9.4s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_0cc49971\
          9.4s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_0cc49971\Report.wer
          9.8s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
          9.8s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
         10.1s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
         10.1s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
         10.3s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
         10.7s C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-1861358065-294713551-414045126-1000.dat
         14.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8C9087EA-DB53-497E-90CA-01E7C639B6A0}
         35.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A56796AE-0C69-4305-AF57-8B0DE06C0C0F}
         38.8s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
         39.4s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
         39.6s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
         41.9s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
         42.1s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
         57.2s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
         59.2s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
         64.7s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
         66.5s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
         66.7s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
         67.0s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
         70.4s C:\Users\Razor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025

Solved Very high RAM usage Rundll32.exe

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

New member

My Computer My Computer

Similar threads

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer