Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01 Ran by BOREK (administrator) on BOREK-1 on 12-12-2014 11:08:57 Running from C:\Documents and Settings\BOREK\Moje dokumenty\Pobrane Loaded Profile: BOREK (Available profiles: BOREK) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 7 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Atheros) C:\WINDOWS\system32\acs.exe (Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5226600 2014-11-21] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1229272821-1343024091-725345543-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1229272821-1343024091-725345543-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1229272821-1343024091-725345543-1005 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1229272821-1343024091-725345543-1005 -> {27B011E5-1F0E-4B49-A545-170776A27CFE} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} Toolbar: HKU\S-1-5-21-1229272821-1343024091-725345543-1005 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\BOREK\Dane aplikacji\Mozilla\Firefox\Profiles\15b72szx.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: https://www.google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1229272821-1343024091-725345543-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: hdplugin - C:\Documents and Settings\BOREK\Dane aplikacji\Mozilla\Firefox\Profiles\15b72szx.default\Extensions\jid0-aSChrRyNMdJxBmorrZFa2r4Vv4w@jetpack.xpi [2014-12-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-24] FF Extension: No Name - wrc@avast.com [Not Found] Chrome: ======= CHR Profile: C:\Documents and Settings\BOREK\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acs; C:\WINDOWS\system32\acs.exe [364628 2007-04-06] (Atheros) [File not signed] R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [430080 2006-11-22] (ATI Technologies Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-15] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation) S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices) R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [546112 2007-04-05] (Atheros Communications, Inc.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-15] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-15] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-15] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-15] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-15] () R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2829824 2006-11-22] (ATI Technologies Inc.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-21] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-21] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-21] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 SDVC05; C:\WINDOWS\System32\Drivers\SDVC05.sys [18088 2003-07-22] (HaSoInTech) [File not signed] S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57216 2007-05-14] (Atheros Communications, Inc.) S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X] S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X] S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 Btcsrusb; System32\Drivers\btcusb.sys [X] S3 BTHidEnum; system32\DRIVERS\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 hSONYPVh; \??\C:\DOCUME~1\BOREK\USTAWI~1\Temp\hSONYPVh.sys [X] S4 IntelIde; No ImagePath S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X] S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 Tosrfcom; No ImagePath S3 VComm; system32\DRIVERS\VComm.sys [X] S3 VcommMgr; System32\Drivers\VcommMgr.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 11:05 - 2014-12-12 11:09 - 00000000 ____D () C:\FRST 2014-12-12 10:40 - 2014-12-12 10:46 - 00000000 ____D () C:\AdwCleaner 2014-12-12 10:33 - 2014-12-12 10:33 - 00015360 ___SH () C:\Documents and Settings\BOREK\Moje dokumenty\Thumbs.db 2014-12-10 09:26 - 2014-12-10 09:26 - 00000000 ____D () C:\Documents and Settings\BOREK\Pulpit\dom 2014-12-01 23:03 - 2014-12-01 23:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-16 13:34 - 2014-11-16 13:34 - 00000000 ____D () C:\WAR2 2014-11-16 10:43 - 2014-11-28 18:12 - 00000000 ____D () C:\Program Files\War2Combat 2014-11-16 10:43 - 2014-11-16 10:43 - 00001664 _____ () C:\Documents and Settings\BOREK\Pulpit\War2Combat.lnk 2014-11-16 10:43 - 2014-11-16 10:43 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Warcraft 2 Combat Edition 2014-11-15 09:44 - 2014-11-15 09:44 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-11-15 09:44 - 2014-11-15 09:44 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 11:09 - 2013-03-06 13:43 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-12 11:09 - 2007-11-11 12:59 - 00000000 ____D () C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp 2014-12-12 11:08 - 2014-06-12 06:54 - 00000000 ____D () C:\Documents and Settings\BOREK\Moje dokumenty\Pobrane 2014-12-12 11:03 - 2012-07-06 06:16 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-12 10:50 - 2007-11-11 12:49 - 01391299 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-12 10:48 - 2014-03-21 18:51 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-12-12 10:48 - 2012-07-09 17:34 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-12-12 10:48 - 2012-07-06 06:16 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-12 10:48 - 2007-11-11 13:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-12 10:48 - 2007-11-11 13:40 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-12 10:48 - 2007-11-11 12:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-12 10:46 - 2007-11-11 12:58 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-12 10:34 - 2007-11-11 12:59 - 00000188 ___SH () C:\Documents and Settings\BOREK\ntuser.ini 2014-12-12 10:33 - 2007-11-11 12:59 - 00000000 ___RD () C:\Documents and Settings\BOREK\Ulubione 2014-12-12 10:33 - 2007-11-11 12:59 - 00000000 ___RD () C:\Documents and Settings\BOREK\Moje dokumenty 2014-12-12 10:26 - 2007-11-11 12:47 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-12-11 21:23 - 2012-02-15 13:00 - 00036864 _____ () C:\Documents and Settings\BOREK\Pulpit\RACHUNKI ANIA.xls 2014-12-11 21:23 - 2007-11-11 12:59 - 00000000 ____D () C:\Documents and Settings\BOREK\Pulpit 2014-12-10 10:11 - 2012-06-02 11:50 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-12-10 10:11 - 2011-07-23 10:43 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-12-10 06:02 - 2013-07-20 08:18 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-10 05:58 - 2007-11-11 15:33 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-06 14:49 - 2004-08-04 13:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-05 10:02 - 2007-12-24 14:40 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2014-12-02 20:43 - 2012-10-02 09:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-02 18:03 - 2007-11-11 12:59 - 00000000 ___HD () C:\Documents and Settings\BOREK\Ustawienia lokalne\Dane aplikacji 2014-12-02 15:49 - 2014-03-01 10:52 - 00004492 _____ () C:\WINDOWS\wmsetup.log 2014-12-01 14:14 - 2007-11-29 10:56 - 00000000 ____D () C:\Documents and Settings\BOREK\Gadu-Gadu 2014-11-25 16:27 - 2014-10-13 20:01 - 00000486 ____H () C:\Documents and Settings\BOREK\Pulpit\[Premiu.pl.Planes.2013.PLDUB.MD.480p.BRRip.XviD.AC3-J25.avi.ini 2014-11-25 16:27 - 2014-07-07 19:17 - 00000444 ____H () C:\Documents and Settings\BOREK\Pulpit\Safe.2012.PL.BRRip.XviD-BiDA.avi.ini 2014-11-22 09:53 - 2011-05-24 13:49 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-11-21 08:35 - 2008-04-03 08:33 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-11-16 12:08 - 2007-11-11 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-11-16 10:43 - 2007-11-11 13:37 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-11-15 09:44 - 2014-04-25 12:05 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-11-15 09:44 - 2013-03-06 06:35 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-11-15 09:44 - 2013-03-06 06:35 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-11-15 09:44 - 2013-03-06 06:35 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-11-15 09:44 - 2007-11-11 13:27 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-11-15 09:44 - 2007-11-11 13:27 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys Some content of TEMP: ==================== C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\fp_pl_pfs_installer-1.exe C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\fp_pl_pfs_installer.exe C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\hpzmsi01.exe C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\hpzscr01.exe C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\ICReinstall_VirtualDub(13335).exe C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\setup_wm.exe C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================