Solved RogueKiller findings

[changed]

Is there anything to be worried about in this RogueKiller log?

RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Machine [Admin rights]
Mode : Scan -- Date : 03/03/2014 11:23:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) OCZ-VERTEX450 ATA Device +++++
--- User ---
[MBR] 36ec26bed67e782e6897316c5770d1bf
[BSP] 2e58157ac89ddfe257479115d7721ac5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Samsung SSD 840 EVO 120GB ATA Device +++++
--- User ---
[MBR] 389ca5341f22998a0b388f03d8d87e21
[BSP] c9ad68cc04d9f6c44395c84d03f70746 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114370 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) SSD2SC120GC2DH08T-T ATA Device +++++
--- User ---
[MBR] 9c47f011041859b10ffc31d9c5e329e5
[BSP] 2684be1d9cca4c6aaa9f6c66136e8f4c : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Innostor Ext. HDD USB Device +++++
--- User ---
[MBR] 47fede4159459e5c875bf85c0fa5b45e
[BSP] b37d3878718469e348115e14096bcb33 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Innostor Ext. HDD USB Device +++++
--- User ---
[MBR] 209db8755b9c282a81705d0344e845ac
[BSP] 8af94ea496f6ec2fb24fb19b78052907 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_03032014_112321.txt >>

 

[Broni]

No. They're just some custom settings.
Any computer issues?

 

[changed]

Nope no computer issues but in my Comodo defense+ log it keeps repeatedly blocking 3 things.

I trimmed down the log because it just repeats over and over again.

COMODO Internet Security Premium Logs
Table
:
Defense+ Events
Date Created
:
2014-03-03 19:02:06
Records count
:
798
Date/Application/Action/Target
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify Key HKLM\SYSTEM\ControlSet???\Services\clr_optimization_v4.0.30319_32
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenofflinequeuelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenofflinequeuelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
2014-03-03 18:58:15 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify Key HKLM\SYSTEM\ControlSet???\Services\clr_optimization_v4.0.30319_64
2014-03-03 18:57:21 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat
2014-03-03 18:57:21 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Modify Key HKLM\SYSTEM\ControlSet???\Services\clr_optimization_v4.0.30319_64
2014-03-03 18:57:10 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe Modify Key HKLM\SOFTWARE\Wow6432Node\ComodoGroup\Dragon\EnableMessageCenter
2014-03-03 18:57:10 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe Modify File C:\Windows\TEMP\ComodoLogsFolder\dragon_updater.exe.log
2014-03-03 18:55:37 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
2014-03-03 18:55:37 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
2014-03-03 18:55:23 C:\Windows\System32\taskhost.exe Modify Key HKLM\SOFTWARE\Microsoft\Cryptography\AutoEnrollment
2014-03-03 18:55:23 C:\Windows\System32\taskhost.exe Modify Key HKLM\SOFTWARE\Microsoft\Cryptography\AutoEnrollment
2014-03-03 18:55:23 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2014-03-03 18:55:18 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe Modify File C:\Windows\temp\ComodoLogsFolder\dragon_updater.exe.log
2014-03-03 18:55:18 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe Modify Key HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
2014-03-03 18:55:18 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe Modify File C:\Windows\temp\ComodoLogsFolder\dragon_updater.exe.log

 

[Broni]

What those 3 things would be?
I'm not sure what I'm looking for.

 

[changed]

It keeps blocking
mscorsvw.exe which tries to modify the files:
ngenrootstorelock.dat
ngenofflinequeuelock.dat

and it tries to modify the key: HKLM\SYSTEM\ControlSet???\Services\clr_optimization_v4.0.30319_32

 

[Broni]

Those look like legit files.
I think your better option would be to inquire at Comodo forum.
Let me know what they say.

 

[changed]

Will do. Thank you so much for your help. I also wanted to know if I should worry about these entries in autoruns that are highlighted in yellow:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "2/21/2014 10:35 PM"
+ "rdpclip" "" "" "File not found: rdpclip" ""

"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "2/21/2014 10:39 PM"
+ "PrivDog" "" "" "File not found: C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll" ""

"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "2/21/2014 10:39 PM"
+ "PrivDog" "" "" "File not found: C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll" ""


HKLM\System\CurrentControlSet\Services 3/3/2014 2:06 PM
+ "catchme" "" "" "File not found: C:\your_name\catchme.sys" ""
+ "cpuz136" "" "" "File not found: C:\Users\Machine\AppData\Local\Temp\cpuz136\cpuz136_x64.sys" ""
+ "WinRing0_1_2_0" "" "" "File not found: G:\Internet Downloads\openhardwaremonitor-v0.6.0-beta\OpenHardwareMonitor\OpenHardwareMonitor.sys" ""


Anything that I should be worried about?

 

[Broni]

All of those are "File not found" so just make sure all those entries are unchecked.

 

[changed]

Thank you. I appreciate your help. You're awesome Broni. I'll be donating to you shortly.

 

[Broni]

You're very welcome

...and thank you