Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-01-2015 Ran by berger (administrator) on XP-75CF98363E2C on 06-01-2015 14:02:45 Running from C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\Nowy folder Loaded Profile: berger (Available profiles: berger) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\Program Files\CoreTemp32\Core Temp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION SearchScopes: HKU\S-1-5-21-343818398-1757981266-839522115-1003 -> {1E69A14C-02A0-4B0D-BF70-1C1E66677AD4} URL = http://www.google.com/search?hl=pl&q={searchTerms} DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1394986474062 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031 FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flashblock - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-27] FF Extension: DownloadHelper - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-26] FF Extension: anonymoX - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\client@anonymox.net.xpi [2014-12-10] FF Extension: Saved Password Editor - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-02-03] FF Extension: Google Translator for Firefox - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\translator@zoli.bod.xpi [2014-01-05] FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-12-29] FF Extension: Adblock Plus - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-27] FF Extension: DownThemAll! - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-06-15] FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-26] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] () S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-27] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] () S3 appliand; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.) R3 appliandMP; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.) S3 etdrv; C:\WINDOWS\etdrv.sys [17488 2014-07-26] (Windows (R) 2000 DDK provider) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119656 2011-07-08] (NVIDIA Corporation) R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R3 ALSysIO; \??\C:\DOCUME~1\BERGER~2.XP-\USTAWI~1\Temp\ALSysIO.sys [X] U5 GVTDrv; C:\WINDOWS\system32\Drivers\GVTDrv.sys [24944 2014-07-26] () S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-06 14:02 - 2015-01-06 13:51 - 01115136 _____ (Farbar) C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\FRST.exe 2015-01-06 13:52 - 2015-01-06 14:02 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\Nowy folder 2015-01-04 18:42 - 2015-01-04 18:42 - 00036363 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\.recently-used.xbel 2015-01-02 17:54 - 2015-01-02 17:59 - 329727610 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\Quilter.rmvb 2014-12-27 16:24 - 2015-01-06 14:02 - 00000000 ____D () C:\FRST 2014-12-27 14:02 - 2014-12-27 14:02 - 00000460 __RSH () C:\Documents and Settings\All Users.WINDOWS\ntuser.pol 2014-12-27 13:47 - 2014-12-27 13:47 - 00006060 _____ () C:\WINDOWS\wmp11.log 2014-12-27 13:36 - 2014-12-27 13:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Windows Genuine Advantage 2014-12-27 13:33 - 2014-12-27 13:41 - 00001160 _____ () C:\WINDOWS\wmsetup.log 2014-12-27 13:33 - 2014-12-27 13:33 - 00005606 _____ () C:\WINDOWS\KB2834904-v2.log 2014-12-27 13:33 - 2014-12-27 13:33 - 00005358 _____ () C:\WINDOWS\WMFDist11.log 2014-12-27 00:26 - 2014-12-27 00:25 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-12-27 00:26 - 2014-12-27 00:25 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-12-27 00:25 - 2014-12-27 00:25 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-12-27 00:25 - 2014-12-27 00:25 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-12-27 00:25 - 2014-12-27 00:25 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-12-27 00:25 - 2014-12-27 00:25 - 00000000 ____D () C:\Program Files\Java 2014-12-26 23:58 - 2014-12-26 23:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-23 17:58 - 2014-12-23 17:59 - 04732102 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\HUD_by_Tosyk.7z 2014-12-20 22:38 - 2014-12-20 22:47 - 65724106 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\d7dc233.flv 2014-12-18 23:02 - 2014-12-27 14:52 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\d ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-06 14:03 - 2012-04-18 16:09 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Temp 2015-01-06 14:02 - 2012-04-18 16:09 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit 2015-01-06 13:59 - 2014-03-16 17:56 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2015-01-06 13:59 - 2014-03-16 17:56 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-01-06 13:59 - 2012-04-18 16:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-06 13:58 - 2014-03-16 17:55 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt 2015-01-06 13:58 - 2012-04-18 16:09 - 00000188 ___SH () C:\Documents and Settings\berger.XP-75CF98363E2C\ntuser.ini 2015-01-06 13:58 - 2012-04-18 16:00 - 01392285 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-06 13:55 - 2012-04-18 16:09 - 00000000 __SHD () C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Historia 2015-01-06 13:53 - 2012-04-18 17:51 - 00000000 ___SD () C:\Documents and Settings\Default User.WINDOWS\Ustawienia lokalne\Historia 2015-01-06 13:53 - 2012-04-18 16:09 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C 2015-01-06 13:53 - 2012-04-18 16:08 - 00000000 ___HD () C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Historia 2015-01-06 13:53 - 2012-04-18 16:08 - 00000000 ___HD () C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Historia 2015-01-06 13:52 - 2012-04-18 17:50 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji 2015-01-06 13:52 - 2012-04-18 16:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Powertoys for Windows XP 2015-01-06 13:52 - 2012-04-18 16:09 - 00000000 __RHD () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji 2015-01-06 13:49 - 2011-11-07 16:39 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2015-01-06 13:00 - 2012-04-18 17:52 - 01254156 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-06 13:00 - 2001-10-26 17:15 - 00555448 _____ () C:\WINDOWS\system32\perfh015.dat 2015-01-06 13:00 - 2001-10-26 17:15 - 00104478 _____ () C:\WINDOWS\system32\perfc015.dat 2015-01-05 23:53 - 2012-04-18 18:20 - 00005607 _____ () C:\WINDOWS\zmodeler.INI 2015-01-05 23:44 - 2014-02-09 22:27 - 00000000 ____D () C:\Program Files\ZModeler 2015-01-05 20:46 - 2012-04-18 19:03 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\.gimp-2.6 2015-01-04 18:38 - 2012-04-18 19:04 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\gtk-2.0 2015-01-03 22:25 - 2014-11-17 18:12 - 00000000 ____D () C:\AdwCleaner 2015-01-02 22:25 - 2014-03-20 23:51 - 00000000 ____D () C:\Program Files\SpeedFan 2015-01-02 15:32 - 2014-03-16 18:14 - 00923043 _____ () C:\WINDOWS\setupapi.log 2015-01-01 22:30 - 2012-04-18 17:51 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2015-01-01 22:30 - 2012-04-18 16:09 - 00000000 ___RD () C:\Documents and Settings\berger.XP-75CF98363E2C\Menu Start\Programy 2015-01-01 15:08 - 2012-04-18 20:19 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-12-31 22:22 - 2012-05-27 15:32 - 00005120 ___SH () C:\WINDOWS\system32\Thumbs.db 2014-12-31 20:03 - 2014-11-01 17:26 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-30 21:23 - 2012-04-18 19:53 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\vlc 2014-12-29 16:24 - 2014-05-15 20:22 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\by 2014-12-28 15:21 - 2011-11-07 16:14 - 00000000 ____D () C:\Program Files\WinRAR 2014-12-27 17:20 - 2011-11-07 16:10 - 00000000 ____D () C:\Program Files\Foxit Software 2014-12-27 15:27 - 2012-08-03 21:03 - 00000460 __RSH () C:\Documents and Settings\berger.XP-75CF98363E2C\ntuser.pol 2014-12-27 15:13 - 2011-11-07 15:04 - 00000000 ____D () C:\WINDOWS\Registration 2014-12-27 14:02 - 2012-04-18 17:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS 2014-12-27 13:36 - 2001-07-21 23:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-27 13:08 - 2012-04-18 16:43 - 00000010 _____ () C:\WINDOWS\GSetup.ini 2014-12-26 23:54 - 2014-03-16 15:11 - 00000000 ____D () C:\Program Files\Mozilla 2014-12-26 23:53 - 2012-04-18 17:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Pulpit 2014-12-26 20:45 - 2012-04-18 16:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000 2014-12-26 20:45 - 2012-04-18 16:08 - 00000000 __SHD () C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000 2014-12-24 23:03 - 2013-12-25 22:18 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\MPC-HC 2014-12-23 17:27 - 2012-04-19 14:50 - 00380040 ___SH () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\Thumbs.db 2014-12-13 15:08 - 2012-04-18 20:14 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Real 2014-12-13 14:45 - 2014-04-27 22:54 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\NVIDIA 2014-12-13 14:45 - 2011-11-12 13:17 - 00000000 ____D () C:\Program Files\ALLPlayer 2014-12-13 13:59 - 2001-07-21 23:16 - 00000208 _____ () C:\WINDOWS\win.ini 2014-12-11 16:06 - 2014-07-11 21:15 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Dane aplikacji\Adobe 2014-12-11 16:06 - 2012-04-18 17:32 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-12-11 16:06 - 2012-04-18 17:32 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================