Verify that images are digitally signed and dump version information with this simple command-line utility.
usage: sigcheck [-a][-h][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file] <file or directory>
|-a||Show extended version information|
|-c||Look for signature in the specified catalog file|
|-e||Scan executable images only (regardless of their extension)|
|-h||Show file hashes|
|-i||Show catalog name and image signers|
|-n||Only show file version number|
|-q||Quiet (no banner)|
|-r||Disable check for certificate revocation|
|-u||Show unsigned files only|
One way to use the tool is to check for unsigned files in your \Windows\System32 directories with this command:
sigcheck -u -e c:\windows\system32
You should investigate the purpose of any files that are not signed.