Reply to thread

Message

SysInternals SIGCHECK

SysInternals Sigcheck scans the system & verifies digital certification.

Mark Russinovich explains the use of Sigcheck in this 2012 Microsoft TechEd video (starts at 1638s) - Malware Hunting with the Sysinternals Tools -

[MEDIA=youtube]Wuy_Pm3KaV8#t=1638s[/MEDIA]

Sigcheck is just 1 of 73 stand-alone executables found in the SysInternals Suite, available free from Microsoft TechNet.

To perform a recursive sub-directory scan of \windows (see video @ 1665s):

Download Sigcheck & save to Documents
Bring up an elevated Admin CMD prompt; copy/paste the following (EULA will appear 1st time execution; click "Accept"):

[CODE]
cd /d %windir% & "%userprofile%\documents\sigcheck" -e -s -u * 1>0 & start /max notepad 0
[/CODE]

It will take a few minutes to complete.

A Notepad will open with the results.

[CODE][FONT=Lucida Console]C:\Windows\LSASecretsDump.exe:
Verified: Unsigned
Link date: 06:27 11/29/2009
Publisher: NirSoft
Description: LSASecretsDump
Product: LSASecretsDump
Version: 1.21
File version: 1.21
C:\Windows\ST6UNST.EXE:
Verified: Unsigned
Link date: 00:37 02/24/2004
Publisher: Microsoft Corporation
Description: Visual Basic Setup Toolkit Uninstaller
Product: Microsoft® Visual Basic for Windows
Version: 6.00.9782
File version: 6.00.9782
C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\58196a9215d9ed7453d4da854cd40581\ComSvcConfig.ni.exe:
Verified: Unsigned
Link date: 02:43 09/29/2010
Publisher: Microsoft Corporation
Description: ComSvcConfig.exe
Product: Microsoft® .NET Framework
Version: 3.0.4506.5420
File version: 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\09c2fc2e6fb391b9b68b220a4ca9a83e\dfsvc.ni.exe:
Verified: Unsigned
Link date: 01:43 06/04/2009
Publisher: Microsoft Corporation
Description: dfsvc.exe
Product: Microsoft® .NET Framework
Version: 2.0.50727.4927
File version: 2.0.50727.4927 (NetFXspW7.050727-4900)
C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\68d7de90f7a20fdcc7bed5f513ff5a5f\MSBuild.ni.exe:
Verified: Unsigned
Link date: 20:46 05/22/2009
Publisher: Microsoft Corporation
Description: MSBuild.exe
Product: Microsoft® .NET Framework
Version: 3.5.30729.4926
File version: 3.5.30729.4926 built by: NetFXw7
C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\3b2ef6e84430a07a5b87a4fd2ac68969\Narrator.ni.exe:
Verified: Unsigned
Link date: 01:30 11/20/2010
Publisher: Microsoft Corporation
Description: Narrator
Product: Microsoft® Windows® Operating System
Version: 6.1.7601.17514
File version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4887489f50210be650432a982d01800f\PresentationFontCache.ni.exe:
Verified: Unsigned
Link date: 21:22 05/22/2009
Publisher: Microsoft Corporation
Description: PresentationFontCache.exe
Product: Microsoft® .NET Framework
Version: 3.0.6920.4902
File version: 3.0.6920.4902 built by: NetFXw7
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\405750446c2533817879ccad7b30dc54\SMSvcHost.ni.exe:
Verified: Unsigned
Link date: 02:43 09/29/2010
Publisher: Microsoft Corporation
Description: SMSvcHost.exe
Product: Microsoft® .NET Framework
Version: 3.0.4506.5420
File version: 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4aa9a083362ad7a5bf3b126745c69a74\WsatConfig.ni.exe:
Verified: Unsigned
Link date: 02:43 09/29/2010
Publisher: Microsoft Corporation
Description: MB Version update tool
Product: Microsoft® .NET Framework
Version: 3.0.4506.5420
File version: 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\fdb14e50d68f95342dc03c610c19d809\ComSvcConfig.ni.exe:
Verified: Unsigned
Link date: 02:43 09/29/2010
Publisher: Microsoft Corporation
Description: ComSvcConfig.exe
Product: Microsoft® .NET Framework
Version: 3.0.4506.5420
File version: 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0c0332e0630632b7d4ebe502bb38f4a0\dfsvc.ni.exe:
Verified: Unsigned
Link date: 01:43 06/04/2009
Publisher: Microsoft Corporation
Description: dfsvc.exe
Product: Microsoft® .NET Framework
Version: 2.0.50727.4927
File version: 2.0.50727.4927 (NetFXspW7.050727-4900)
C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\94db84eb2d96fbeb8d5e33bbfd414848\MSBuild.ni.exe:
Verified: Unsigned
Link date: 03:09 09/29/2010
Publisher: Microsoft Corporation
Description: MSBuild.exe
Product: Microsoft® .NET Framework
Version: 3.5.30729.5420
File version: 3.5.30729.5420 built by: Win7SP1
C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\3691df557cb72328949d008ae3828d3e\Narrator.ni.exe:
Verified: Unsigned
Link date: 01:30 11/20/2010
Publisher: Microsoft Corporation
Description: Narrator
Product: Microsoft® Windows® Operating System
Version: 6.1.7601.17514
File version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\39d46439b9a28783911227cb0af99358\PresentationFontCache.ni.exe:
Verified: Unsigned
Link date: 21:22 05/22/2009
Publisher: Microsoft Corporation
Description: PresentationFontCache.exe
Product: Microsoft® .NET Framework
Version: 3.0.6920.4902
File version: 3.0.6920.4902 built by: NetFXw7
C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\6fb4d4415f90e7895a985570ad1d7dad\SMSvcHost.ni.exe:
Verified: Unsigned
Link date: 02:43 09/29/2010
Publisher: Microsoft Corporation
Description: SMSvcHost.exe
Product: Microsoft® .NET Framework
Version: 3.0.4506.5420
File version: 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\021d15f8a9ff41bdada8a84fa6c37628\WsatConfig.ni.exe:
Verified: Unsigned
Link date: 02:43 09/29/2010
Publisher: Microsoft Corporation
Description: MB Version update tool
Product: Microsoft® .NET Framework
Version: 3.0.4506.5420
File version: 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v4.0.30319_32\Blend\17c655baddb5885e03ca6085a787109d\Blend.ni.exe:
Verified: Unsigned
Link date: 21:45 05/25/2010
Publisher: Microsoft Corporation
Description: Microsoft Expression Blend 4
Product: n/a
Version: 4.0.20525.0
File version: 4.0.20525.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\f42140074d38463c2d48c012d60d98cd\ComSvcConfig.ni.exe:
Verified: Unsigned
Link date: 05:40 03/18/2010
Publisher: Microsoft Corporation
Description: ComSvcConfig.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_32\Design\3fdedfe9baa08afc3d7904af82f764db\Design.ni.exe:
Verified: Unsigned
Link date: 09:59 05/16/2010
Publisher: Microsoft Corporation
Description: Microsoft Expression Design
Product: n/a
Version: 7.0.20516.0
File version: 7.0.20516.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\46477be438c431f09e4d23ec47604f8e\dfsvc.ni.exe:
Verified: Unsigned
Link date: 04:17 03/18/2010
Publisher: Microsoft Corporation
Description: dfsvc.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_32\EEScreen\bb304bd4e5daa58ad8de3931ba7b5029\EEScreen.ni.exe:
Verified: Unsigned
Link date: 03:30 05/25/2010
Publisher: Microsoft Corporation
Description: Expression Encoder Screen Capture
Product: n/a
Version: 4.0.1639.0
File version: 4.0.1639.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\Encoder\a1a7e7861adfcfd0a7f325dc08228abf\Encoder.ni.exe:
Verified: Unsigned
Link date: 03:32 05/25/2010
Publisher: Microsoft Corporation
Description: Encoder
Product: Expression Encoder
Version: 4.0.1639.0
File version: 4.0.1639.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\Expression.DevServer\8a8bcc94f4868f27eba190e65e2864d2\Expression.DevServer.ni.exe:
Verified: Unsigned
Link date: 03:45 07/04/2011
Publisher: n/a
Description: Microsoft Expression Development Server
Product: n/a
Version: 4.0.1303.0
File version: 4.0.1303.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\ExpressionWeb\bcc5cae21fd94efae54b984d4b2ceff7\ExpressionWeb.ni.exe:
Verified: Unsigned
Link date: 03:56 07/04/2011
Publisher: Microsoft Corporation
Description: Microsoft Expression Web 4
Product: Microsoft Expression Web 4
Version: 4.0.1303.0
File version: 4.0.1303.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\357904603025093857c712ea72108779\Microsoft.Workflow.Compiler.ni.exe:
Verified: Unsigned
Link date: 05:40 03/18/2010
Publisher: Microsoft Corporation
Description: Microsoft.Workflow.Compiler.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\95987fd4d0e565a611d7fc39f14e31b3\MSBuild.ni.exe:
Verified: Unsigned
Link date: 04:42 03/18/2010
Publisher: Microsoft Corporation
Description: MSBuild.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 built by: RTMRel
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\1e1386796a1995ba88cecd52cbe5c8e3\SMSvcHost.ni.exe:
Verified: Unsigned
Link date: 05:39 03/18/2010
Publisher: Microsoft Corporation
Description: SMSvcHost.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\bb6763a59a1c917c214c239f7cc5aab4\WsatConfig.ni.exe:
Verified: Unsigned
Link date: 05:40 03/18/2010
Publisher: Microsoft Corporation
Description: MB Version update tool
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\7e75d18be3dfb255760c6f319a3b89b6\ComSvcConfig.ni.exe:
Verified: Unsigned
Link date: 05:40 03/18/2010
Publisher: Microsoft Corporation
Description: ComSvcConfig.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\7556d108505633af76ca7651ea12d79c\dfsvc.ni.exe:
Verified: Unsigned
Link date: 04:17 03/18/2010
Publisher: Microsoft Corporation
Description: dfsvc.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\11a577a0a2a11f0a618e4e6e3ece2163\Microsoft.Workflow.Compiler.ni.exe:
Verified: Unsigned
Link date: 05:40 03/18/2010
Publisher: Microsoft Corporation
Description: Microsoft.Workflow.Compiler.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\6a224cc42688bd4baf6ea6743cf51a0c\MSBuild.ni.exe:
Verified: Unsigned
Link date: 09:17 03/18/2010
Publisher: Microsoft Corporation
Description: MSBuild.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 built by: RTMRel
C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\ae8dd08ebc15514d21c6e57314dc8d0c\MSBuild.ni.exe:
Verified: Unsigned
Link date: 09:17 03/18/2010
Publisher: Microsoft Corporation
Description: MSBuild.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 built by: RTMRel
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\b22341a364e193c7159c266841076ea0\SMSvcHost.ni.exe:
Verified: Unsigned
Link date: 05:39 03/18/2010
Publisher: Microsoft Corporation
Description: SMSvcHost.exe
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\768b26b22fc0aac237ed0620b8774451\WsatConfig.ni.exe:
Verified: Unsigned
Link date: 05:40 03/18/2010
Publisher: Microsoft Corporation
Description: MB Version update tool
Product: Microsoft® .NET Framework
Version: 4.0.30319.1
File version: 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\Auto Refresh Pro\uninstall.exe:
Verified: Unsigned
Link date: 10:41 11/06/2008
Publisher: n/a
Description: Setup Application
Product: Setup Factory 8.0 Runtime
Version: 8.1.1006.0
File version: 8.1.1006.0
C:\Windows\Installer\$PatchCache$\Managed\D139D8F5032B3F749A0CC0C84A953A23\4.0.1165\xWeb.Expression.DevServer.exe:
Verified: Unsigned
Link date: 17:23 05/24/2010
Publisher: n/a
Description: Microsoft Expression Development Server
Product: n/a
Version: 4.0.1165.0
File version: 4.0.1165.0
C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe:
Verified: Unsigned
Link date: 00:52 08/02/2010
Publisher: Flexera Software, Inc.
Description: InstallShield
Product: InstallShield
Version: 17.0
File version: 17.0.714
C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe:
Verified: Unsigned
Link date: 00:52 08/02/2010
Publisher: Flexera Software, Inc.
Description: InstallShield
Product: InstallShield
Version: 17.0
File version: 17.0.714
C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\ARPPRODUCTICON.exe:
Verified: Unsigned
Link date: 00:43 05/10/2008
Publisher: Acresso Software Inc.
Description: InstallShield
Product: InstallShield
Version: 15.0
File version: 15.0.498
C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\NewShortcut1.exe:
Verified: Unsigned
Link date: 00:43 05/10/2008
Publisher: Acresso Software Inc.
Description: InstallShield
Product: InstallShield
Version: 15.0
File version: 15.0.498
C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\NewShortcut2_E92C273FB9F642AAB106402602207308.exe:
Verified: Unsigned
Link date: 00:43 05/10/2008
Publisher: Acresso Software Inc.
Description: InstallShield
Product: InstallShield
Version: 15.0
File version: 15.0.498
C:\Windows\Installer\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}\Icon0E6ED660.exe:
Verified: Unsigned
Link date: 11:56 08/22/1997
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a
C:\Windows\Installer\{B34596EA-E180-4313-A82A-DE0955F39B27}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe:
Verified: Unsigned
Link date: 15:24 11/30/2000
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a
C:\Windows\Installer\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}\IconEF5C48881.exe:
Verified: Unsigned
Link date: 11:56 08/22/1997
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a
C:\Windows\JMCR_DIR\JMInsDrv.exe:
Verified: Unsigned
Link date: 22:49 09/22/2008
Publisher: JMicron Technology Corporation
Description: JMicron Driver Installation Program
Product: JMicron Driver Installation Program
Version: 1.00.00.00
File version: 1.00.00.00 built by: WinDDK
C:\Windows\JMCR_DIR\setup.exe:
Verified: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Link date: 22:42 10/21/2008
Publisher: JMicron Technology Corp.
Description: JMicron Setup Application
Product: JMicron Setup Application
Version: 1, 1, 0, 6
File version: 1, 1, 0, 6
C:\Windows\System32\dsfkregsvr.exe:
Verified: Unsigned
Link date: 00:06 02/09/2010
Publisher: Microsoft Corporation
Description: Application for registering kernel COM Objects
Product: Microsoft® Windows® Operating System
Version: 6.1.7600.16385
File version: 6.1.7600.16385 (win7_wdk.100208-1538)
C:\Windows\System32\dxcpl.exe:
Verified: Unsigned
Link date: 00:24 02/10/2012
Publisher: Microsoft Corporation
Description: Microsoft DirectX Control Panel
Product: Microsoft® DirectX for Windows®
Version: 4.08.01.0612
File version: 4.08.01.0612
C:\Windows\SysWOW64\dxcpl.exe:
Verified: Unsigned
Link date: 00:49 02/10/2012
Publisher: Microsoft Corporation
Description: Microsoft DirectX Control Panel
Product: Microsoft® DirectX for Windows®
Version: 4.08.01.0612
File version: 4.08.01.0612[/FONT]
[/CODE]

Sigcheck switches -

[CODE][FONT=Lucida Console][COLOR="#555555"]C:\Users\PalmDesert\Documents>[/COLOR][B]sigcheck /?[/B]

[NO-PARSE]Sigcheck v1.91 - File version and signature viewer
Copyright (C) 2004-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: sigcheck [-a][-h][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file] <file or directory>
 -a Show extended version information
 -c Look for signature in the specified catalog file
 -e Scan executable images only (regardless of their extension)
 -h Show file hashes
 -i Show catalog name and image signers
 -m Dump manifest
 -n Only show file version number
 -q Quiet (no banner)
 -r Disable check for certificate revocation
 -s Recurse subdirectories
 -u Show unsigned files only
 -v Csv output[/NO-PARSE] [/FONT][/CODE]

Additional info - https://www.sysnative.com/forums/bsod-kernel-dump-analysis-debugging-information/3377-sysinternals-sigcheck-system32-syswow64-sysnative.html

Regards. . .

jcgriff2

<blockquote data-quote="jcgriff2" data-source="post: 46771" data-attributes="member: 1">
<img src="https://www.sysnative.com/SysnativeTutorials/windows/Windows8LOGO_200x67.jpg" alt="" class="fr-fic fr-dii fr-draggable " data-size="" style="" /> SysInternals SIGCHECK<a href="http://technet.microsoft.com/en-us/sysinternals/bb897441" target="_blank">SysInternals Sigcheck</a> scans the system &amp; verifies digital certification. <a href="https://www.sysnative.com/SysnativeTutorials/Sigcheck/05-15-2013_Sigcheck1_t_461x285.png" target="_blank"><img src="https://www.sysnative.com/SysnativeTutorials/Sigcheck/05-15-2013_Sigcheck1_t_461x285.png" alt="" class="fr-fic fr-dii fr-draggable " data-size="" style="" /></a>Mark Russinovich explains the use of Sigcheck in this 2012 <a href="http://www.youtube.com/user/TECHED" target="_blank">Microsoft TechEd</a> video&nbsp; (starts at 1638s) - Malware Hunting with the Sysinternals Tools -[MEDIA=youtube]Wuy_Pm3KaV8#t=1638s[/MEDIA]Sigcheck is just 1 of 73 stand-alone executables found in the <a href="http://technet.microsoft.com/en-us/sysinternals/bb842062" target="_blank">SysInternals Suite</a>, available free from Microsoft TechNet.

To perform a recursive sub-directory scan of \windows (see <a href="http://www.youtube.com/watch?feature=player_detailpage&amp;v=Wuy_Pm3KaV8#t=1665s" target="_blank">video @ 1665s</a>):

<ol>
<li data-xf-list-type="ol">Download <a href="http://live.sysinternals.com/sigcheck.exe" target="_blank">Sigcheck</a> &amp; save to Documents</li>
<li data-xf-list-type="ol">Bring up an elevated <a href="https://www.sysnative.com/forums/windows-7-%7C-windows-vista-tutorials/5582-open-elevated-command-prompt-window-windows-windows-vista-7-a.html" target="_blank">Admin CMD prompt</a>; copy/paste the following (EULA will appear 1st time execution; click &quot;Accept&quot;):</li>
</ol>

[CODE]
cd /d %windir% &amp; &quot;%userprofile%\documents\sigcheck&quot; -e -s -u *&nbsp; 1&gt;0 &amp; start /max notepad 0
[/CODE]It will take a few minutes to complete.

A Notepad will open with the results.[CODE][FONT=Lucida Console]C:\Windows\LSASecretsDump.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 06:27 11/29/2009
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; NirSoft
&nbsp; &nbsp; Description:&nbsp; &nbsp; LSASecretsDump
&nbsp; &nbsp; Product:&nbsp; &nbsp; LSASecretsDump
&nbsp; &nbsp; Version:&nbsp; &nbsp; 1.21
&nbsp; &nbsp; File version:&nbsp; &nbsp; 1.21
C:\Windows\ST6UNST.EXE:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:37 02/24/2004
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Visual Basic Setup Toolkit Uninstaller
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® Visual Basic for Windows
&nbsp; &nbsp; Version:&nbsp; &nbsp; 6.00.9782
&nbsp; &nbsp; File version:&nbsp; &nbsp; 6.00.9782
C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\58196a9215d9ed7453d4da854cd40581\ComSvcConfig.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 02:43 09/29/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; ComSvcConfig.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.0.4506.5420
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\09c2fc2e6fb391b9b68b220a4ca9a83e\dfsvc.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 01:43 06/04/2009
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; dfsvc.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 2.0.50727.4927
&nbsp; &nbsp; File version:&nbsp; &nbsp; 2.0.50727.4927 (NetFXspW7.050727-4900)
C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\68d7de90f7a20fdcc7bed5f513ff5a5f\MSBuild.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 20:46 05/22/2009
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MSBuild.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.5.30729.4926
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.5.30729.4926 built by: NetFXw7
C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\3b2ef6e84430a07a5b87a4fd2ac68969\Narrator.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 01:30 11/20/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Narrator
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® Windows® Operating System
&nbsp; &nbsp; Version:&nbsp; &nbsp; 6.1.7601.17514
&nbsp; &nbsp; File version:&nbsp; &nbsp; 6.1.7601.17514 (win7sp1_rtm.101119-1850)
C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4887489f50210be650432a982d01800f\PresentationFontCache.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 21:22 05/22/2009
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; PresentationFontCache.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.0.6920.4902
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.0.6920.4902 built by: NetFXw7
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\405750446c2533817879ccad7b30dc54\SMSvcHost.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 02:43 09/29/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; SMSvcHost.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.0.4506.5420
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4aa9a083362ad7a5bf3b126745c69a74\WsatConfig.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 02:43 09/29/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MB Version update tool
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.0.4506.5420
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\fdb14e50d68f95342dc03c610c19d809\ComSvcConfig.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 02:43 09/29/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; ComSvcConfig.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.0.4506.5420
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0c0332e0630632b7d4ebe502bb38f4a0\dfsvc.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 01:43 06/04/2009
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; dfsvc.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 2.0.50727.4927
&nbsp; &nbsp; File version:&nbsp; &nbsp; 2.0.50727.4927 (NetFXspW7.050727-4900)
C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\94db84eb2d96fbeb8d5e33bbfd414848\MSBuild.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 03:09 09/29/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MSBuild.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.5.30729.5420
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.5.30729.5420 built by: Win7SP1
C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\3691df557cb72328949d008ae3828d3e\Narrator.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 01:30 11/20/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Narrator
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® Windows® Operating System
&nbsp; &nbsp; Version:&nbsp; &nbsp; 6.1.7601.17514
&nbsp; &nbsp; File version:&nbsp; &nbsp; 6.1.7601.17514 (win7sp1_rtm.101119-1850)
C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\39d46439b9a28783911227cb0af99358\PresentationFontCache.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 21:22 05/22/2009
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; PresentationFontCache.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.0.6920.4902
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.0.6920.4902 built by: NetFXw7
C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\6fb4d4415f90e7895a985570ad1d7dad\SMSvcHost.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 02:43 09/29/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; SMSvcHost.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.0.4506.5420
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\021d15f8a9ff41bdada8a84fa6c37628\WsatConfig.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 02:43 09/29/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MB Version update tool
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 3.0.4506.5420
&nbsp; &nbsp; File version:&nbsp; &nbsp; 3.0.4506.5420 (Win7SP1.030729-5400)
C:\Windows\assembly\NativeImages_v4.0.30319_32\Blend\17c655baddb5885e03ca6085a787109d\Blend.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 21:45 05/25/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft Expression Blend 4
&nbsp; &nbsp; Product:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.20525.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.20525.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\f42140074d38463c2d48c012d60d98cd\ComSvcConfig.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 05:40 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; ComSvcConfig.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_32\Design\3fdedfe9baa08afc3d7904af82f764db\Design.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 09:59 05/16/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft Expression Design
&nbsp; &nbsp; Product:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Version:&nbsp; &nbsp; 7.0.20516.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 7.0.20516.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\46477be438c431f09e4d23ec47604f8e\dfsvc.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 04:17 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; dfsvc.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_32\EEScreen\bb304bd4e5daa58ad8de3931ba7b5029\EEScreen.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 03:30 05/25/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Expression Encoder Screen Capture
&nbsp; &nbsp; Product:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.1639.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.1639.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\Encoder\a1a7e7861adfcfd0a7f325dc08228abf\Encoder.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 03:32 05/25/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Encoder
&nbsp; &nbsp; Product:&nbsp; &nbsp; Expression Encoder
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.1639.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.1639.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\Expression.DevServer\8a8bcc94f4868f27eba190e65e2864d2\Expression.DevServer.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 03:45 07/04/2011
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft Expression Development Server
&nbsp; &nbsp; Product:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.1303.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.1303.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\ExpressionWeb\bcc5cae21fd94efae54b984d4b2ceff7\ExpressionWeb.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 03:56 07/04/2011
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft Expression Web 4
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft Expression Web 4
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.1303.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.1303.0
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\357904603025093857c712ea72108779\Microsoft.Workflow.Compiler.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 05:40 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft.Workflow.Compiler.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\95987fd4d0e565a611d7fc39f14e31b3\MSBuild.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 04:42 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MSBuild.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 built by: RTMRel
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\1e1386796a1995ba88cecd52cbe5c8e3\SMSvcHost.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 05:39 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; SMSvcHost.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\bb6763a59a1c917c214c239f7cc5aab4\WsatConfig.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 05:40 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MB Version update tool
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\7e75d18be3dfb255760c6f319a3b89b6\ComSvcConfig.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 05:40 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; ComSvcConfig.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\7556d108505633af76ca7651ea12d79c\dfsvc.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 04:17 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; dfsvc.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\11a577a0a2a11f0a618e4e6e3ece2163\Microsoft.Workflow.Compiler.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 05:40 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft.Workflow.Compiler.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\6a224cc42688bd4baf6ea6743cf51a0c\MSBuild.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 09:17 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MSBuild.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 built by: RTMRel
C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\ae8dd08ebc15514d21c6e57314dc8d0c\MSBuild.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 09:17 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MSBuild.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 built by: RTMRel
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\b22341a364e193c7159c266841076ea0\SMSvcHost.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 05:39 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; SMSvcHost.exe
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\768b26b22fc0aac237ed0620b8774451\WsatConfig.ni.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 05:40 03/18/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; MB Version update tool
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® .NET Framework
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.30319.1
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.30319.1 (RTMRel.030319-0100)
C:\Windows\Auto Refresh Pro\uninstall.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 10:41 11/06/2008
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Description:&nbsp; &nbsp; Setup Application
&nbsp; &nbsp; Product:&nbsp; &nbsp; Setup Factory 8.0 Runtime
&nbsp; &nbsp; Version:&nbsp; &nbsp; 8.1.1006.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 8.1.1006.0
C:\Windows\Installer\$PatchCache$\Managed\D139D8F5032B3F749A0CC0C84A953A23\4.0.1165\xWeb.Expression.DevServer.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 17:23 05/24/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft Expression Development Server
&nbsp; &nbsp; Product:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.0.1165.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.0.1165.0
C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:52 08/02/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Flexera Software, Inc.
&nbsp; &nbsp; Description:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Product:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Version:&nbsp; &nbsp; 17.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 17.0.714
C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:52 08/02/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Flexera Software, Inc.
&nbsp; &nbsp; Description:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Product:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Version:&nbsp; &nbsp; 17.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 17.0.714
C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\ARPPRODUCTICON.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:43 05/10/2008
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Acresso Software Inc.
&nbsp; &nbsp; Description:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Product:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Version:&nbsp; &nbsp; 15.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 15.0.498
C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\NewShortcut1.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:43 05/10/2008
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Acresso Software Inc.
&nbsp; &nbsp; Description:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Product:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Version:&nbsp; &nbsp; 15.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 15.0.498
C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\NewShortcut2_E92C273FB9F642AAB106402602207308.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:43 05/10/2008
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Acresso Software Inc.
&nbsp; &nbsp; Description:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Product:&nbsp; &nbsp; InstallShield
&nbsp; &nbsp; Version:&nbsp; &nbsp; 15.0
&nbsp; &nbsp; File version:&nbsp; &nbsp; 15.0.498
C:\Windows\Installer\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}\Icon0E6ED660.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 11:56 08/22/1997
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Description:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Product:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Version:&nbsp; &nbsp; n/a
&nbsp; &nbsp; File version:&nbsp; &nbsp; n/a
C:\Windows\Installer\{B34596EA-E180-4313-A82A-DE0955F39B27}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 15:24 11/30/2000
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Description:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Product:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Version:&nbsp; &nbsp; n/a
&nbsp; &nbsp; File version:&nbsp; &nbsp; n/a
C:\Windows\Installer\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}\IconEF5C48881.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 11:56 08/22/1997
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Description:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Product:&nbsp; &nbsp; n/a
&nbsp; &nbsp; Version:&nbsp; &nbsp; n/a
&nbsp; &nbsp; File version:&nbsp; &nbsp; n/a
C:\Windows\JMCR_DIR\JMInsDrv.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 22:49 09/22/2008
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; JMicron Technology Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; JMicron Driver Installation Program
&nbsp; &nbsp; Product:&nbsp; &nbsp; JMicron Driver Installation Program
&nbsp; &nbsp; Version:&nbsp; &nbsp; 1.00.00.00
&nbsp; &nbsp; File version:&nbsp; &nbsp; 1.00.00.00 built by: WinDDK
C:\Windows\JMCR_DIR\setup.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 22:42 10/21/2008
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; JMicron Technology Corp.
&nbsp; &nbsp; Description:&nbsp; &nbsp; JMicron Setup Application
&nbsp; &nbsp; Product:&nbsp; &nbsp; JMicron Setup Application
&nbsp; &nbsp; Version:&nbsp; &nbsp; 1, 1, 0, 6
&nbsp; &nbsp; File version:&nbsp; &nbsp; 1, 1, 0, 6
C:\Windows\System32\dsfkregsvr.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:06 02/09/2010
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Application for registering kernel COM Objects
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® Windows® Operating System
&nbsp; &nbsp; Version:&nbsp; &nbsp; 6.1.7600.16385
&nbsp; &nbsp; File version:&nbsp; &nbsp; 6.1.7600.16385 (win7_wdk.100208-1538)
C:\Windows\System32\dxcpl.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:24 02/10/2012
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft DirectX Control Panel
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® DirectX for Windows®
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.08.01.0612
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.08.01.0612
C:\Windows\SysWOW64\dxcpl.exe:
&nbsp; &nbsp; Verified:&nbsp; &nbsp; Unsigned
&nbsp; &nbsp; Link date:&nbsp; &nbsp; 00:49 02/10/2012
&nbsp; &nbsp; Publisher:&nbsp; &nbsp; Microsoft Corporation
&nbsp; &nbsp; Description:&nbsp; &nbsp; Microsoft DirectX Control Panel
&nbsp; &nbsp; Product:&nbsp; &nbsp; Microsoft® DirectX for Windows®
&nbsp; &nbsp; Version:&nbsp; &nbsp; 4.08.01.0612
&nbsp; &nbsp; File version:&nbsp; &nbsp; 4.08.01.0612[/FONT]
[/CODE]Sigcheck switches - [CODE][FONT=Lucida Console][COLOR=&quot;#555555&quot;]C:\Users\PalmDesert\Documents&gt;[/COLOR][B]sigcheck /?[/B]

[NO-PARSE]Sigcheck v1.91 - File version and signature viewer
Copyright (C) 2004-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: sigcheck [-a][-h][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file] &lt;file or directory&gt;
&nbsp;&nbsp; -a&nbsp; &nbsp;&nbsp; Show extended version information
&nbsp;&nbsp; -c&nbsp; &nbsp;&nbsp; Look for signature in the specified catalog file
&nbsp;&nbsp; -e&nbsp; &nbsp;&nbsp; Scan executable images only (regardless of their extension)
&nbsp;&nbsp; -h&nbsp; &nbsp;&nbsp; Show file hashes
&nbsp;&nbsp; -i&nbsp; &nbsp;&nbsp; Show catalog name and image signers
&nbsp;&nbsp; -m&nbsp; &nbsp;&nbsp; Dump manifest
&nbsp;&nbsp; -n&nbsp; &nbsp;&nbsp; Only show file version number
&nbsp;&nbsp; -q&nbsp; &nbsp;&nbsp; Quiet (no banner)
&nbsp;&nbsp; -r&nbsp; &nbsp;&nbsp; Disable check for certificate revocation
&nbsp;&nbsp; -s&nbsp; &nbsp;&nbsp; Recurse subdirectories
&nbsp;&nbsp; -u&nbsp; &nbsp;&nbsp; Show unsigned files only
&nbsp;&nbsp; -v&nbsp; &nbsp;&nbsp; Csv output[/NO-PARSE] [/FONT][/CODE]Additional info - <a href="https://www.sysnative.com/forums/bsod-kernel-dump-analysis-debugging-information/3377-sysinternals-sigcheck-system32-syswow64-sysnative.html" target="_blank">https://www.sysnative.com/forums/bsod-kernel-dump-analysis-debugging-information/3377-sysinternals-sigcheck-system32-syswow64-sysnative.html</a>

Regards. . .

jcgriff2</blockquote>

[QUOTE="jcgriff2, post: 46771, member: 1"] [CENTER] [/CENTER] [IMG]https://www.sysnative.com/SysnativeTutorials/windows/Windows8LOGO_200x67.jpg[/IMG] [INDENT=6][COLOR=#454545][FONT=meiryo ui][U][SIZE=6]SysInternals SIGCHECK[/SIZE][/U][/FONT][/COLOR][/INDENT] [INDENT=2][URL="http://technet.microsoft.com/en-us/sysinternals/bb897441"][SIZE=3][FONT=Meiryo Ui]SysInternals Sigcheck[/FONT][/SIZE][/URL] scans the system & verifies digital certification. [/INDENT] [indent=3][URL="https://www.sysnative.com/SysnativeTutorials/Sigcheck/05-15-2013_Sigcheck1_t_461x285.png"][IMG]https://www.sysnative.com/SysnativeTutorials/Sigcheck/05-15-2013_Sigcheck1_t_461x285.png[/IMG][/URL][/indent] [INDENT=2][SIZE=3]Mark Russinovich explains the use of Sigcheck in this 2012 [URL="http://www.youtube.com/user/TECHED"]Microsoft TechEd[/URL] video (starts at 1638s) - [FONT=meiryo ui][I][B]Malware Hunting with the Sysinternals Tools[/B][/I][/FONT] -[/SIZE][/INDENT] [MEDIA=youtube]Wuy_Pm3KaV8#t=1638s[/MEDIA] [INDENT=2][SIZE=3][FONT=Meiryo Ui]Sigcheck is just 1 of 73 stand-alone executables found in the [URL="http://technet.microsoft.com/en-us/sysinternals/bb842062"]SysInternals Suite[/URL], available free from Microsoft TechNet. To perform a recursive sub-directory scan of \windows (see [URL="http://www.youtube.com/watch?feature=player_detailpage&v=Wuy_Pm3KaV8#t=1665s"]video @ 1665s[/URL]): [LIST=1] [*]Download [URL="http://live.sysinternals.com/sigcheck.exe"]Sigcheck[/URL] & save to Documents [*]Bring up an elevated [URL="https://www.sysnative.com/forums/windows-7-%7C-windows-vista-tutorials/5582-open-elevated-command-prompt-window-windows-windows-vista-7-a.html"]Admin CMD prompt[/URL]; copy/paste the following (EULA will appear 1st time execution; click "Accept"): [/LIST][/FONT][/SIZE][/INDENT] [INDENT=3][CODE] cd /d %windir% & "%userprofile%\documents\sigcheck" -e -s -u * 1>0 & start /max notepad 0 [/CODE][/INDENT] [INDENT=2][SIZE=3][FONT=Meiryo Ui]It will take a few minutes to complete. A Notepad will open with the results.[/FONT][/SIZE][/INDENT] [INDENT=3][CODE][FONT=Lucida Console]C:\Windows\LSASecretsDump.exe: Verified: Unsigned Link date: 06:27 11/29/2009 Publisher: NirSoft Description: LSASecretsDump Product: LSASecretsDump Version: 1.21 File version: 1.21 C:\Windows\ST6UNST.EXE: Verified: Unsigned Link date: 00:37 02/24/2004 Publisher: Microsoft Corporation Description: Visual Basic Setup Toolkit Uninstaller Product: Microsoft® Visual Basic for Windows Version: 6.00.9782 File version: 6.00.9782 C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\58196a9215d9ed7453d4da854cd40581\ComSvcConfig.ni.exe: Verified: Unsigned Link date: 02:43 09/29/2010 Publisher: Microsoft Corporation Description: ComSvcConfig.exe Product: Microsoft® .NET Framework Version: 3.0.4506.5420 File version: 3.0.4506.5420 (Win7SP1.030729-5400) C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\09c2fc2e6fb391b9b68b220a4ca9a83e\dfsvc.ni.exe: Verified: Unsigned Link date: 01:43 06/04/2009 Publisher: Microsoft Corporation Description: dfsvc.exe Product: Microsoft® .NET Framework Version: 2.0.50727.4927 File version: 2.0.50727.4927 (NetFXspW7.050727-4900) C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\68d7de90f7a20fdcc7bed5f513ff5a5f\MSBuild.ni.exe: Verified: Unsigned Link date: 20:46 05/22/2009 Publisher: Microsoft Corporation Description: MSBuild.exe Product: Microsoft® .NET Framework Version: 3.5.30729.4926 File version: 3.5.30729.4926 built by: NetFXw7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\3b2ef6e84430a07a5b87a4fd2ac68969\Narrator.ni.exe: Verified: Unsigned Link date: 01:30 11/20/2010 Publisher: Microsoft Corporation Description: Narrator Product: Microsoft® Windows® Operating System Version: 6.1.7601.17514 File version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4887489f50210be650432a982d01800f\PresentationFontCache.ni.exe: Verified: Unsigned Link date: 21:22 05/22/2009 Publisher: Microsoft Corporation Description: PresentationFontCache.exe Product: Microsoft® .NET Framework Version: 3.0.6920.4902 File version: 3.0.6920.4902 built by: NetFXw7 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\405750446c2533817879ccad7b30dc54\SMSvcHost.ni.exe: Verified: Unsigned Link date: 02:43 09/29/2010 Publisher: Microsoft Corporation Description: SMSvcHost.exe Product: Microsoft® .NET Framework Version: 3.0.4506.5420 File version: 3.0.4506.5420 (Win7SP1.030729-5400) C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4aa9a083362ad7a5bf3b126745c69a74\WsatConfig.ni.exe: Verified: Unsigned Link date: 02:43 09/29/2010 Publisher: Microsoft Corporation Description: MB Version update tool Product: Microsoft® .NET Framework Version: 3.0.4506.5420 File version: 3.0.4506.5420 (Win7SP1.030729-5400) C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\fdb14e50d68f95342dc03c610c19d809\ComSvcConfig.ni.exe: Verified: Unsigned Link date: 02:43 09/29/2010 Publisher: Microsoft Corporation Description: ComSvcConfig.exe Product: Microsoft® .NET Framework Version: 3.0.4506.5420 File version: 3.0.4506.5420 (Win7SP1.030729-5400) C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0c0332e0630632b7d4ebe502bb38f4a0\dfsvc.ni.exe: Verified: Unsigned Link date: 01:43 06/04/2009 Publisher: Microsoft Corporation Description: dfsvc.exe Product: Microsoft® .NET Framework Version: 2.0.50727.4927 File version: 2.0.50727.4927 (NetFXspW7.050727-4900) C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\94db84eb2d96fbeb8d5e33bbfd414848\MSBuild.ni.exe: Verified: Unsigned Link date: 03:09 09/29/2010 Publisher: Microsoft Corporation Description: MSBuild.exe Product: Microsoft® .NET Framework Version: 3.5.30729.5420 File version: 3.5.30729.5420 built by: Win7SP1 C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\3691df557cb72328949d008ae3828d3e\Narrator.ni.exe: Verified: Unsigned Link date: 01:30 11/20/2010 Publisher: Microsoft Corporation Description: Narrator Product: Microsoft® Windows® Operating System Version: 6.1.7601.17514 File version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\39d46439b9a28783911227cb0af99358\PresentationFontCache.ni.exe: Verified: Unsigned Link date: 21:22 05/22/2009 Publisher: Microsoft Corporation Description: PresentationFontCache.exe Product: Microsoft® .NET Framework Version: 3.0.6920.4902 File version: 3.0.6920.4902 built by: NetFXw7 C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\6fb4d4415f90e7895a985570ad1d7dad\SMSvcHost.ni.exe: Verified: Unsigned Link date: 02:43 09/29/2010 Publisher: Microsoft Corporation Description: SMSvcHost.exe Product: Microsoft® .NET Framework Version: 3.0.4506.5420 File version: 3.0.4506.5420 (Win7SP1.030729-5400) C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\021d15f8a9ff41bdada8a84fa6c37628\WsatConfig.ni.exe: Verified: Unsigned Link date: 02:43 09/29/2010 Publisher: Microsoft Corporation Description: MB Version update tool Product: Microsoft® .NET Framework Version: 3.0.4506.5420 File version: 3.0.4506.5420 (Win7SP1.030729-5400) C:\Windows\assembly\NativeImages_v4.0.30319_32\Blend\17c655baddb5885e03ca6085a787109d\Blend.ni.exe: Verified: Unsigned Link date: 21:45 05/25/2010 Publisher: Microsoft Corporation Description: Microsoft Expression Blend 4 Product: n/a Version: 4.0.20525.0 File version: 4.0.20525.0 C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\f42140074d38463c2d48c012d60d98cd\ComSvcConfig.ni.exe: Verified: Unsigned Link date: 05:40 03/18/2010 Publisher: Microsoft Corporation Description: ComSvcConfig.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_32\Design\3fdedfe9baa08afc3d7904af82f764db\Design.ni.exe: Verified: Unsigned Link date: 09:59 05/16/2010 Publisher: Microsoft Corporation Description: Microsoft Expression Design Product: n/a Version: 7.0.20516.0 File version: 7.0.20516.0 C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\46477be438c431f09e4d23ec47604f8e\dfsvc.ni.exe: Verified: Unsigned Link date: 04:17 03/18/2010 Publisher: Microsoft Corporation Description: dfsvc.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_32\EEScreen\bb304bd4e5daa58ad8de3931ba7b5029\EEScreen.ni.exe: Verified: Unsigned Link date: 03:30 05/25/2010 Publisher: Microsoft Corporation Description: Expression Encoder Screen Capture Product: n/a Version: 4.0.1639.0 File version: 4.0.1639.0 C:\Windows\assembly\NativeImages_v4.0.30319_32\Encoder\a1a7e7861adfcfd0a7f325dc08228abf\Encoder.ni.exe: Verified: Unsigned Link date: 03:32 05/25/2010 Publisher: Microsoft Corporation Description: Encoder Product: Expression Encoder Version: 4.0.1639.0 File version: 4.0.1639.0 C:\Windows\assembly\NativeImages_v4.0.30319_32\Expression.DevServer\8a8bcc94f4868f27eba190e65e2864d2\Expression.DevServer.ni.exe: Verified: Unsigned Link date: 03:45 07/04/2011 Publisher: n/a Description: Microsoft Expression Development Server Product: n/a Version: 4.0.1303.0 File version: 4.0.1303.0 C:\Windows\assembly\NativeImages_v4.0.30319_32\ExpressionWeb\bcc5cae21fd94efae54b984d4b2ceff7\ExpressionWeb.ni.exe: Verified: Unsigned Link date: 03:56 07/04/2011 Publisher: Microsoft Corporation Description: Microsoft Expression Web 4 Product: Microsoft Expression Web 4 Version: 4.0.1303.0 File version: 4.0.1303.0 C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\357904603025093857c712ea72108779\Microsoft.Workflow.Compiler.ni.exe: Verified: Unsigned Link date: 05:40 03/18/2010 Publisher: Microsoft Corporation Description: Microsoft.Workflow.Compiler.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\95987fd4d0e565a611d7fc39f14e31b3\MSBuild.ni.exe: Verified: Unsigned Link date: 04:42 03/18/2010 Publisher: Microsoft Corporation Description: MSBuild.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 built by: RTMRel C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\1e1386796a1995ba88cecd52cbe5c8e3\SMSvcHost.ni.exe: Verified: Unsigned Link date: 05:39 03/18/2010 Publisher: Microsoft Corporation Description: SMSvcHost.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\bb6763a59a1c917c214c239f7cc5aab4\WsatConfig.ni.exe: Verified: Unsigned Link date: 05:40 03/18/2010 Publisher: Microsoft Corporation Description: MB Version update tool Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\7e75d18be3dfb255760c6f319a3b89b6\ComSvcConfig.ni.exe: Verified: Unsigned Link date: 05:40 03/18/2010 Publisher: Microsoft Corporation Description: ComSvcConfig.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\7556d108505633af76ca7651ea12d79c\dfsvc.ni.exe: Verified: Unsigned Link date: 04:17 03/18/2010 Publisher: Microsoft Corporation Description: dfsvc.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\11a577a0a2a11f0a618e4e6e3ece2163\Microsoft.Workflow.Compiler.ni.exe: Verified: Unsigned Link date: 05:40 03/18/2010 Publisher: Microsoft Corporation Description: Microsoft.Workflow.Compiler.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\6a224cc42688bd4baf6ea6743cf51a0c\MSBuild.ni.exe: Verified: Unsigned Link date: 09:17 03/18/2010 Publisher: Microsoft Corporation Description: MSBuild.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 built by: RTMRel C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\ae8dd08ebc15514d21c6e57314dc8d0c\MSBuild.ni.exe: Verified: Unsigned Link date: 09:17 03/18/2010 Publisher: Microsoft Corporation Description: MSBuild.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 built by: RTMRel C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\b22341a364e193c7159c266841076ea0\SMSvcHost.ni.exe: Verified: Unsigned Link date: 05:39 03/18/2010 Publisher: Microsoft Corporation Description: SMSvcHost.exe Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\768b26b22fc0aac237ed0620b8774451\WsatConfig.ni.exe: Verified: Unsigned Link date: 05:40 03/18/2010 Publisher: Microsoft Corporation Description: MB Version update tool Product: Microsoft® .NET Framework Version: 4.0.30319.1 File version: 4.0.30319.1 (RTMRel.030319-0100) C:\Windows\Auto Refresh Pro\uninstall.exe: Verified: Unsigned Link date: 10:41 11/06/2008 Publisher: n/a Description: Setup Application Product: Setup Factory 8.0 Runtime Version: 8.1.1006.0 File version: 8.1.1006.0 C:\Windows\Installer\$PatchCache$\Managed\D139D8F5032B3F749A0CC0C84A953A23\4.0.1165\xWeb.Expression.DevServer.exe: Verified: Unsigned Link date: 17:23 05/24/2010 Publisher: n/a Description: Microsoft Expression Development Server Product: n/a Version: 4.0.1165.0 File version: 4.0.1165.0 C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe: Verified: Unsigned Link date: 00:52 08/02/2010 Publisher: Flexera Software, Inc. Description: InstallShield Product: InstallShield Version: 17.0 File version: 17.0.714 C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe: Verified: Unsigned Link date: 00:52 08/02/2010 Publisher: Flexera Software, Inc. Description: InstallShield Product: InstallShield Version: 17.0 File version: 17.0.714 C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\ARPPRODUCTICON.exe: Verified: Unsigned Link date: 00:43 05/10/2008 Publisher: Acresso Software Inc. Description: InstallShield Product: InstallShield Version: 15.0 File version: 15.0.498 C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\NewShortcut1.exe: Verified: Unsigned Link date: 00:43 05/10/2008 Publisher: Acresso Software Inc. Description: InstallShield Product: InstallShield Version: 15.0 File version: 15.0.498 C:\Windows\Installer\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}\NewShortcut2_E92C273FB9F642AAB106402602207308.exe: Verified: Unsigned Link date: 00:43 05/10/2008 Publisher: Acresso Software Inc. Description: InstallShield Product: InstallShield Version: 15.0 File version: 15.0.498 C:\Windows\Installer\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}\Icon0E6ED660.exe: Verified: Unsigned Link date: 11:56 08/22/1997 Publisher: n/a Description: n/a Product: n/a Version: n/a File version: n/a C:\Windows\Installer\{B34596EA-E180-4313-A82A-DE0955F39B27}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe: Verified: Unsigned Link date: 15:24 11/30/2000 Publisher: n/a Description: n/a Product: n/a Version: n/a File version: n/a C:\Windows\Installer\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}\IconEF5C48881.exe: Verified: Unsigned Link date: 11:56 08/22/1997 Publisher: n/a Description: n/a Product: n/a Version: n/a File version: n/a C:\Windows\JMCR_DIR\JMInsDrv.exe: Verified: Unsigned Link date: 22:49 09/22/2008 Publisher: JMicron Technology Corporation Description: JMicron Driver Installation Program Product: JMicron Driver Installation Program Version: 1.00.00.00 File version: 1.00.00.00 built by: WinDDK C:\Windows\JMCR_DIR\setup.exe: Verified: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Link date: 22:42 10/21/2008 Publisher: JMicron Technology Corp. Description: JMicron Setup Application Product: JMicron Setup Application Version: 1, 1, 0, 6 File version: 1, 1, 0, 6 C:\Windows\System32\dsfkregsvr.exe: Verified: Unsigned Link date: 00:06 02/09/2010 Publisher: Microsoft Corporation Description: Application for registering kernel COM Objects Product: Microsoft® Windows® Operating System Version: 6.1.7600.16385 File version: 6.1.7600.16385 (win7_wdk.100208-1538) C:\Windows\System32\dxcpl.exe: Verified: Unsigned Link date: 00:24 02/10/2012 Publisher: Microsoft Corporation Description: Microsoft DirectX Control Panel Product: Microsoft® DirectX for Windows® Version: 4.08.01.0612 File version: 4.08.01.0612 C:\Windows\SysWOW64\dxcpl.exe: Verified: Unsigned Link date: 00:49 02/10/2012 Publisher: Microsoft Corporation Description: Microsoft DirectX Control Panel Product: Microsoft® DirectX for Windows® Version: 4.08.01.0612 File version: 4.08.01.0612[/FONT] [/CODE][/INDENT] [INDENT=2][FONT=Meiryo Ui][SIZE=3]Sigcheck switches - [/SIZE][/FONT][/INDENT] [INDENT=3][CODE][FONT=Lucida Console][COLOR="#555555"]C:\Users\PalmDesert\Documents>[/COLOR][B]sigcheck /?[/B] [NO-PARSE]Sigcheck v1.91 - File version and signature viewer Copyright (C) 2004-2013 Mark Russinovich Sysinternals - www.sysinternals.com usage: sigcheck [-a][-h][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file] <file or directory> -a Show extended version information -c Look for signature in the specified catalog file -e Scan executable images only (regardless of their extension) -h Show file hashes -i Show catalog name and image signers -m Dump manifest -n Only show file version number -q Quiet (no banner) -r Disable check for certificate revocation -s Recurse subdirectories -u Show unsigned files only -v Csv output[/NO-PARSE] [/FONT][/CODE][/indent] [INDENT=2][SIZE=3][FONT=Meiryo Ui]Additional info - [url]https://www.sysnative.com/forums/bsod-kernel-dump-analysis-debugging-information/3377-sysinternals-sigcheck-system32-syswow64-sysnative.html[/url] Regards. . . jcgriff2[/FONT][/SIZE][/INDENT] [/QUOTE]

Verification