Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Regular "syswow64/rundll32.exe" blocking notifications

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Regular "syswow64/rundll32.exe" blocking notifications

Unread postby Konig » April 23rd, 2016, 5:49 am


I've had "spotty" browsing performance for a while now, but put it down to shoddy rural internet; Chrome would sometimes get stuck loading a page, but a refresh or two usually gets it unstuck - usually this throws up a DNS server error, though this could be unrelated. In addition, I'm regularly (every 20 mins or so) getting notified by MalwareBytes that a "C:\Windows\SysWOW64\rundll32.exe" has been blocked, and no amount of scanning is picking it up as a virus. I'm loath to delete it outright as it could be a legit system file.
You do not have the required permissions to view the files attached to this post.
Active Member
Posts: 2
Joined: April 23rd, 2016, 5:36 am
Register to Remove

Re: Regular "syswow64/rundll32.exe" blocking notifications

Unread postby pgmigg » April 23rd, 2016, 11:26 am

Hello Konig ,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Failure to post replies within 72 hours will result in this thread being closed
User avatar
Posts: 5181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Regular "syswow64/rundll32.exe" blocking notifications

Unread postby pgmigg » April 23rd, 2016, 11:55 am

Hello Konig,

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
  4. Click on the Change/Remove button to uninstall it.
  5. When the program have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 3.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select "Run As Administrator..." to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 4.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Microsoft Windows 7 Ultimate
Can you tell me how you obtained your copy of Microsoft Windows 7 Ultimate?
Where did the Microsoft Windows 7 Ultimate operating system come from?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Your decision about P2P programs
  3. Contents of CKFiles.txt log file
  4. Contents of a log created by MGADiag.exe
  5. Contents of SysInfo scan
  6. Answer to my question related to operating system installed of your computer


Failure to post replies within 72 hours will result in this thread being closed
User avatar
Posts: 5181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Regular "syswow64/rundll32.exe" blocking notifications

Unread postby Konig » April 24th, 2016, 12:25 am

Hi pgmigg, thanks for your help!

Here's the results you asked for;

A. Do you have any problems executing the instructions?

Nope, everything went fine as far as I can tell thanks!

B. Your decision about P2P programs

uTorrent is deleted as per your instructions. Best not to take any chances!

C. Contents of CKFiles.txt log file

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\bluestacks\userdata\inputmapper\com.fluik.plumbercrack.cfg
c:\program files (x86)\bluestacks\userdata\inputmapper\com.polarbit.crackingsands.cfg
c:\program files (x86)\bluestacks\userdata\inputmapper\com.polarbit.crackingsandsads.cfg
c:\program files (x86)\bluestacks\userdata\inputmapper\org.supergonk.safecrackerpremium.cfg
c:\program files (x86)\mod organizer\mods\skyrim hd v1 5 full - towns\textures\architecture\markarth\crackrock4.dds
c:\program files (x86)\mod organizer\mods\skyrim hd v1 5 full - towns\textures\architecture\markarth\crackrock4b.dds
c:\program files (x86)\mod organizer\mods\skyrim hd v1 5 full - towns\textures\architecture\markarth\crackrock4b_n.dds
c:\program files (x86)\mod organizer\mods\skyrim hd v1 5 full - towns\textures\architecture\markarth\crackrock4var2.dds
c:\program files (x86)\mod organizer\mods\skyrim hd v1 5 full - towns\textures\architecture\markarth\crackrock4var3.dds
c:\program files (x86)\mod organizer\mods\skyrim hd v1 5 full - towns\textures\architecture\markarth\crackrock4_n.dds
c:\program files (x86)\mod organizer\mods\skyrim hd v1 5 full - towns\textures\architecture\windhelm\wholdcrackedbrick.dds
c:\program files (x86)\mod organizer\mods\skyrim hd v1 5 full - towns\textures\architecture\windhelm\wholdcrackedbrick2.dds
c:\program files (x86)\project zomboid\media\sound\crackwood.ogg
c:\program files (x86)\project zomboid\zombie\erosion\categories\streetcracks$1.class
c:\program files (x86)\project zomboid\zombie\erosion\categories\streetcracks$categorydata.class
c:\program files (x86)\project zomboid\zombie\erosion\categories\streetcracks.class
c:\program files (x86)\project zomboid\zombie\erosion\categories\wallcracks$1.class
c:\program files (x86)\project zomboid\zombie\erosion\categories\wallcracks$categorydata.class
c:\program files (x86)\project zomboid\zombie\erosion\categories\wallcracks.class
c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\dsfixkeys.ini
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_base.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_ruins.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_ruins_fx.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_upper.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_upper_fx.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\levels\textures\noise_cracked.tex
c:\program files (x86)\steam\steamapps\common\dont_starve\data\scripts\components\wisecracker.lua
c:\program files (x86)\steam\steamapps\common\dont_starve\mods\screecher\levels\textures\noise_cracked.tex
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\eve\effects\glasscracks.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack1.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack2.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack3.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack4.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack5.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack6.dds
c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\data\decision\craig\crack1.ped
c:\program files (x86)\steam\steamapps\common\mountblade warband\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\assetbundles\prefabs\objectbundle\animat_crackling_bolt.unity3d
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\assetbundles\prefabs\objectbundle\crackling_bolt.unity3d
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\assetbundles\prefabs\objectbundle\keygeneric.unity3d
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\assetbundles\prefabs\objectbundle\px1_spellbind_minor_crackling_bolt.unity3d
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\assetbundles\prefabs\objectbundle\px1_spellbind_minor_crackling_bolt_ability.unity3d
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\assetbundles\prefabs\objectbundle\quest_item_wurm_egg_cracked.unity3d
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\assetbundles\prefabs\objectbundle\scroll_of_crackling_bolt_l3.unity3d
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\data\conversations\px2_04_eyeless_stronghold\px2_04_si_crack.conversation
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\data_expansion2\localized\de\text\conversations\px2_04_eyeless_stronghold\px2_04_si_crack.stringtable
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\data_expansion2\localized\en\text\conversations\px2_04_eyeless_stronghold\px2_04_si_crack.stringtable
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\data_expansion2\localized\es\text\conversations\px2_04_eyeless_stronghold\px2_04_si_crack.stringtable
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\data_expansion2\localized\fr\text\conversations\px2_04_eyeless_stronghold\px2_04_si_crack.stringtable
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\data_expansion2\localized\it\text\conversations\px2_04_eyeless_stronghold\px2_04_si_crack.stringtable
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\data_expansion2\localized\pl\text\conversations\px2_04_eyeless_stronghold\px2_04_si_crack.stringtable
c:\program files (x86)\steam\steamapps\common\pillars of eternity\pillarsofeternity_data\data_expansion2\localized\ru\text\conversations\px2_04_eyeless_stronghold\px2_04_si_crack.stringtable
c:\program files (x86)\steam\steamapps\common\xcom 2\xcomgame\cookedpcconsole\fx_impact_decals_explosion_cracks_sf.upk
c:\users\caleb\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 32bit.rar
c:\users\caleb\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 64bit.rar
c:\users\caleb\downloads\adobe photoshop cs5 extended\crack\apcs5 - crack read me.txt
c:\users\caleb\downloads\transcribe version 8.21.2 for windows\keygen.exe
c:\users\caleb\downloads\transcribe version 8.21.2 for windows\virustotal antivirus scan for transcribe keygen.pdf
c:\users\caleb\music\itunes\itunes media\music\augie march\moo you bloody choir\08 thin captain crackers.m4a
c:\users\caleb\music\itunes\itunes media\music\the spinto band\nice and nicely done\06 crack the whip.m4a
scanner sequence 3.ZZ.11.TBAPHZ
----- EOF -----

D. Contents of a log created by MGADiag.exe

Diagnostic Report (1.9.0027.0):
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {2B71C0D2-BA4E-45B0-9699-65E1DFEB249F}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2B71C0D2-BA4E-45B0-9699-65E1DFEB249F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-531710900-1525272955-1805011950</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-890FXA-UD5</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F4</Version><SMBIOSVersion major="2" minor="4"/><Date>20100723000000.000000+000</Date></BIOS><HWID>956E3B07018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GBT </OEMID><OEMTableID>GBTUACPI</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-3622012
Installation ID: 003095044790838760828502019785503184370703631845834340
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 24/4/2016 2:10:40 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:1:2015 06:45
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->

OEM Activation 1.0 Data-->

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value

E. Contents of SysInfo scan

Tech Support Guy System Info Utility version
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X6 1100T Processor, AMD64 Family 16 Model 10 Stepping 0
Processor Count: 6
RAM: 8189 Mb
Graphics Card: AMD Radeon HD 6800 Series, 1024 Mb
Hard Drives: C: Total - 953766 MB, Free - 67460 MB; D: Total - 953866 MB, Free - 805563 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-890FXA-UD5
Antivirus: None

F. Answer to my question related to operating system installed of your computer

Unfortunately I don't have an answer for this one; this computer was given to me a few years ago by my dad, who has since passed away. Are you thinking it's cracked or something? Because I wouldn't put it past him :?

Again, thanks for your assistance with this! :)
Active Member
Posts: 2
Joined: April 23rd, 2016, 5:36 am

Re: Regular "syswow64/rundll32.exe" blocking notifications

Unread postby pgmigg » April 24th, 2016, 11:05 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • Illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :

  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
  • Link to your closed topic.

Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Posts: 5181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware