Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014 Ran by pcrow (administrator) on SKYNET on 19-11-2014 17:25:35 Running from C:\Users\pcrow\Desktop Loaded Profile: pcrow (Available profiles: pcrow) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Joyent, Inc) C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\node.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Wistron) C:\Windows\SysWOW64\CtrlPanel.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\acerIR\IRSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (PointGrab LTD) C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe () C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe (PointGrab LTD) C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGPanel.exe (Wistron) C:\Windows\SysWOW64\CtrlPanel.exe (Corp) C:\Program Files\acerIR\IRListenApp.exe () C:\Users\pcrow\AppData\Roaming\Adobe\winup.exe (ITE Tech. Inc.) C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Google Inc.) C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\eozdxlivfin.exe (Google Inc.) C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\eozdxlivfin.exe (Google Inc.) C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\eozdxlivfin.exe (Google Inc.) C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\eozdxlivfin.exe (Google Inc.) C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\eozdxlivfin.exe (Google Inc.) C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\eozdxlivfin.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] () HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [WCtrlPanel] => C:\Windows\SysWOW64\CtrlPanel.exe [229376 2011-05-20] (Wistron) HKLM-x32\...\Run: [IRApp] => C:\Program Files\acerIR\IRListenApp.exe [359424 2012-05-14] (Corp) HKLM-x32\...\Run: [CIRAP] => C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe [604304 2012-07-06] (ITE Tech. Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\Run: [Yftlvkwxrffc] => regsvr32.exe /s "C:\Users\pcrow\AppData\Local\Microsoft\Yftlvkwxrffc.dll" <===== ATTENTION HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\Run: [GoogleUpdate] => C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [20747520 2014-11-14] () HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\MountPoints2: {45092f40-94ac-11e2-be69-806e6f6e6963} - "E:\Installer.exe" HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hand Gesture Control.lnk ShortcutTarget: Hand Gesture Control.lnk -> C:\Windows\Installer\{4B145183-E986-4585-ADDF-0C73DB575112}\NewShortcut2_B6E756492E054C52892B86CE7391EFC9.exe (Flexera Software LLC) Startup: C:\Users\pcrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winup.lnk ShortcutTarget: winup.lnk -> C:\Users\pcrow\AppData\Roaming\Adobe\winup.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com SearchScopes: HKLM -> DefaultScope {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM -> {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 -> DefaultScope {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 -> {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKU\S-1-5-21-4001245620-4163921732-3684489738-1001 -> DefaultScope {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = SearchScopes: HKU\S-1-5-21-4001245620-4163921732-3684489738-1001 -> {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) FireFox: ======== FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations) R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-09] (Acer Incorporated) R2 CtrlPanel; C:\Windows\SysWOW64\CtrlPanel.exe [229376 2011-05-20] (Wistron) [File not signed] R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 IRSrv; C:\Program Files\acerIR\IRSrv.exe [179712 2012-05-10] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed] R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed] R2 PGService; C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe [53616 2012-08-22] (PointGrab LTD) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation) R3 ITECIRfilter; C:\Windows\system32\DRIVERS\ITECIRfilter.sys [18064 2012-06-20] (ITE Tech. Inc. ) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) R3 PQAWRwa; C:\Windows\SysWOW64\PQAWDrv.sys [12384 2008-03-01] () [File not signed] R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider) S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 17:25 - 2014-11-19 17:28 - 00013681 _____ () C:\Users\pcrow\Desktop\FRST.txt 2014-11-19 17:24 - 2014-11-19 17:25 - 00000000 ____D () C:\FRST 2014-11-19 17:24 - 2014-11-19 12:54 - 02117120 _____ (Farbar) C:\Users\pcrow\Desktop\frst64.exe 2014-11-15 12:18 - 2014-11-15 14:08 - 32507072 _____ (Microsoft Corporation) C:\Users\pcrow\Desktop\Windows-KB890830-x64-V5.18.exe 2014-11-15 11:57 - 2014-11-15 12:07 - 00000000 ____D () C:\AdwCleaner 2014-11-15 11:53 - 2014-11-15 11:56 - 02140160 _____ () C:\Users\pcrow\Desktop\AdwCleaner.exe 2014-11-15 11:22 - 2014-11-19 17:23 - 00000000 ____D () C:\Users\pcrow\Fixes 2014-11-14 17:24 - 2014-11-19 17:20 - 00000000 _____ () C:\ProgramData\@system.temp 2014-11-14 17:24 - 2014-11-15 13:25 - 00000256 ____H () C:\ProgramData\@system3.att 2014-11-14 17:24 - 2014-11-14 17:24 - 00000480 ____H () C:\Users\pcrow\AppData\Roaming\麽鎒駓覜 2014-11-14 17:24 - 2014-11-14 17:24 - 00000000 ____D () C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7 2014-11-14 17:23 - 2014-11-14 17:23 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-10-31 15:09 - 2014-10-31 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Editor 2014-10-31 15:08 - 2014-10-31 15:08 - 00000000 ____D () C:\Users\pcrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hero Editor 2014-10-31 15:07 - 2014-10-31 15:07 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2014-10-31 15:07 - 2014-10-31 15:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2014-10-31 14:40 - 2014-10-31 14:44 - 00001167 _____ () C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk 2014-10-31 14:40 - 2014-10-31 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 17:29 - 2013-08-23 19:43 - 00000000 ____D () C:\Users\pcrow\AppData\Local\CrashDumps 2014-11-19 17:27 - 2012-07-26 02:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-19 17:24 - 2013-08-23 17:47 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4001245620-4163921732-3684489738-1001 2014-11-19 17:19 - 2013-10-02 17:41 - 00000000 ____D () C:\Program Files (x86)\ATT 2014-11-19 17:19 - 2013-03-24 13:17 - 00000868 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-11-19 17:19 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-19 03:13 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-11-16 12:12 - 2013-03-24 13:17 - 00000870 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-11-15 14:08 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-11-15 12:11 - 2013-08-23 17:40 - 01266223 _____ () C:\Windows\WindowsUpdate.log 2014-11-15 12:07 - 2012-12-03 12:42 - 00019478 _____ () C:\Windows\PFRO.log 2014-11-15 11:22 - 2013-08-23 17:40 - 00000000 ____D () C:\Users\pcrow 2014-11-14 19:32 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-14 19:14 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-14 19:14 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-11-14 17:23 - 2013-08-23 17:41 - 00000000 ____D () C:\Users\pcrow\AppData\Roaming\Adobe 2014-11-14 16:18 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-11-12 18:57 - 2013-08-23 20:53 - 00000000 ____D () C:\Users\pcrow\AppData\Local\Deployment 2014-11-10 20:50 - 2013-08-25 21:40 - 00135551 _____ () C:\Users\pcrow\Documents\The Index.xlsx 2014-10-31 23:26 - 2013-08-29 00:19 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-31 14:18 - 2014-04-02 18:55 - 00000000 ____D () C:\ubuntu 2014-10-31 14:18 - 2013-08-23 19:18 - 00000000 ____D () C:\Users\pcrow\Games Some content of TEMP: ==================== C:\Users\pcrow\AppData\Local\Temp\COMAP.EXE C:\Users\pcrow\AppData\Local\Temp\mmykhst.dll C:\Users\pcrow\AppData\Local\Temp\ose00000.exe C:\Users\pcrow\AppData\Local\Temp\pyl11AA.tmp.exe C:\Users\pcrow\AppData\Local\Temp\pyl3F75.tmp.exe C:\Users\pcrow\AppData\Local\Temp\pyl429E.tmp.exe C:\Users\pcrow\AppData\Local\Temp\pyl5500.tmp.exe C:\Users\pcrow\AppData\Local\Temp\pyl682B.tmp.exe C:\Users\pcrow\AppData\Local\Temp\Quarantine.exe C:\Users\pcrow\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-04 06:39 ==================== End Of Log ============================