VirtualBox

Ticket #13187: VBoxStartup.10.log

File VBoxStartup.10.log, 74.3 KB (added by ThomasMoore, 10 years ago)

VirtualBox 4.3.20r96997 Startup Failure

Line 
130ec.3598: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000074 g_uNtVerCombined=0x611db110
230ec.3598: \SystemRoot\System32\ntdll.dll:
330ec.3598: CreationTime: 2013-12-16T17:46:21.136494200Z
430ec.3598: LastWriteTime: 2013-08-29T02:16:35.515578900Z
530ec.3598: ChangeTime: 2013-12-16T18:05:56.519173300Z
630ec.3598: FileAttributes: 0x20
730ec.3598: Size: 0x1a6dc0
830ec.3598: NT Headers: 0xe0
930ec.3598: Timestamp: 0x521eaf24
1030ec.3598: Machine: 0x8664 - amd64
1130ec.3598: Timestamp: 0x521eaf24
1230ec.3598: Image Version: 6.1
1330ec.3598: SizeOfImage: 0x1a9000 (1740800)
1430ec.3598: Resource Dir: 0x151000 LB 0x560d8
1530ec.3598: ProductName: Microsoft® Windows® Operating System
1630ec.3598: ProductVersion: 6.1.7601.18247
1730ec.3598: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
1830ec.3598: FileDescription: NT Layer DLL
1930ec.3598: \SystemRoot\System32\kernel32.dll:
2030ec.3598: CreationTime: 2014-05-02T19:09:02.954739200Z
2130ec.3598: LastWriteTime: 2014-03-04T09:44:00.336000000Z
2230ec.3598: ChangeTime: 2014-05-02T20:39:36.806070000Z
2330ec.3598: FileAttributes: 0x20
2430ec.3598: Size: 0x11c000
2530ec.3598: NT Headers: 0xe8
2630ec.3598: Timestamp: 0x5315a059
2730ec.3598: Machine: 0x8664 - amd64
2830ec.3598: Timestamp: 0x5315a059
2930ec.3598: Image Version: 6.1
3030ec.3598: SizeOfImage: 0x11f000 (1175552)
3130ec.3598: Resource Dir: 0x116000 LB 0x528
3230ec.3598: ProductName: Microsoft® Windows® Operating System
3330ec.3598: ProductVersion: 6.1.7601.18409
3430ec.3598: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3530ec.3598: FileDescription: Windows NT BASE API Client DLL
3630ec.3598: \SystemRoot\System32\KernelBase.dll:
3730ec.3598: CreationTime: 2014-05-30T19:04:20.610299900Z
3830ec.3598: LastWriteTime: 2014-03-04T09:44:00.336000000Z
3930ec.3598: ChangeTime: 2014-05-30T20:35:31.675299900Z
4030ec.3598: FileAttributes: 0x20
4130ec.3598: Size: 0x67c00
4230ec.3598: NT Headers: 0xe8
4330ec.3598: Timestamp: 0x5315a05a
4430ec.3598: Machine: 0x8664 - amd64
4530ec.3598: Timestamp: 0x5315a05a
4630ec.3598: Image Version: 6.1
4730ec.3598: SizeOfImage: 0x6c000 (442368)
4830ec.3598: Resource Dir: 0x6a000 LB 0x530
4930ec.3598: ProductName: Microsoft® Windows® Operating System
5030ec.3598: ProductVersion: 6.1.7601.18409
5130ec.3598: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
5230ec.3598: FileDescription: Windows NT BASE API Client DLL
5330ec.3598: \SystemRoot\System32\apisetschema.dll:
5430ec.3598: CreationTime: 2013-12-16T17:56:13.802401900Z
5530ec.3598: LastWriteTime: 2013-08-02T02:12:20.275000000Z
5630ec.3598: ChangeTime: 2013-12-16T18:05:58.609157900Z
5730ec.3598: FileAttributes: 0x20
5830ec.3598: Size: 0x1a00
5930ec.3598: NT Headers: 0xc0
6030ec.3598: Timestamp: 0x51fb15ca
6130ec.3598: Machine: 0x8664 - amd64
6230ec.3598: Timestamp: 0x51fb15ca
6330ec.3598: Image Version: 6.1
6430ec.3598: SizeOfImage: 0x50000 (327680)
6530ec.3598: Resource Dir: 0x30000 LB 0x3f8
6630ec.3598: ProductName: Microsoft® Windows® Operating System
6730ec.3598: ProductVersion: 6.1.7601.18229
6830ec.3598: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
6930ec.3598: FileDescription: ApiSet Schema DLL
7030ec.3598: Found driver mfewfpk (0x20)
7130ec.3598: Found driver mfehidk (0x20)
7230ec.3598: Found driver mfeavfk (0x20)
7330ec.3598: Found driver mfeapfk (0x20)
7430ec.3598: supR3HardenedWinFindAdversaries: 0x20
7530ec.3598: \SystemRoot\System32\drivers\mfeapfk.sys:
7630ec.3598: CreationTime: 2012-10-17T18:56:17.872816300Z
7730ec.3598: LastWriteTime: 2014-05-15T00:07:10.555346300Z
7830ec.3598: ChangeTime: 2014-05-15T00:08:11.530443200Z
7930ec.3598: FileAttributes: 0x20
8030ec.3598: Size: 0x2c030
8130ec.3598: NT Headers: 0xe8
8230ec.3598: Timestamp: 0x52ab7fef
8330ec.3598: Machine: 0x8664 - amd64
8430ec.3598: Timestamp: 0x52ab7fef
8530ec.3598: Image Version: 0.0
8630ec.3598: SizeOfImage: 0x29d00 (171264)
8730ec.3598: Resource Dir: 0x29500 LB 0x340
8830ec.3598: ProductName: SYSCORE
8930ec.3598: FileVersion: SYSCORE.15.1.0.656
9030ec.3598: PrivateBuild: SYSCORE.15.1.0.656 F16
9130ec.3598: FileDescription: Access Protection Filter Driver
9230ec.3598: \SystemRoot\System32\drivers\mfeavfk.sys:
9330ec.3598: CreationTime: 2012-10-17T18:56:17.794808800Z
9430ec.3598: LastWriteTime: 2014-05-15T00:07:10.796370400Z
9530ec.3598: ChangeTime: 2014-05-15T00:07:10.796370400Z
9630ec.3598: FileAttributes: 0x20
9730ec.3598: Size: 0x4c130
9830ec.3598: NT Headers: 0xf0
9930ec.3598: Timestamp: 0x52ab8004
10030ec.3598: Machine: 0x8664 - amd64
10130ec.3598: Timestamp: 0x52ab8004
10230ec.3598: Image Version: 0.0
10330ec.3598: SizeOfImage: 0x49b00 (301824)
10430ec.3598: Resource Dir: 0x48d00 LB 0x718
10530ec.3598: ProductName: SYSCORE
10630ec.3598: FileVersion: SYSCORE.15.1.0.656
10730ec.3598: PrivateBuild: SYSCORE.15.1.0.656 F15,F16,F19
10830ec.3598: FileDescription: Anti-Virus File System Filter Driver
10930ec.3598: \SystemRoot\System32\drivers\mfehidk.sys:
11030ec.3598: CreationTime: 2012-10-17T18:56:17.420372800Z
11130ec.3598: LastWriteTime: 2014-05-15T00:07:11.104401200Z
11230ec.3598: ChangeTime: 2014-05-21T02:04:37.589297600Z
11330ec.3598: FileAttributes: 0x20
11430ec.3598: Size: 0xbf278
11530ec.3598: NT Headers: 0xf0
11630ec.3598: Timestamp: 0x52ab7fc4
11730ec.3598: Machine: 0x8664 - amd64
11830ec.3598: Timestamp: 0x52ab7fc4
11930ec.3598: Image Version: 0.0
12030ec.3598: SizeOfImage: 0xbc180 (770432)
12130ec.3598: Resource Dir: 0xb9b80 LB 0x348
12230ec.3598: ProductName: SYSCORE
12330ec.3598: FileVersion: SYSCORE.15.1.0.656
12430ec.3598: PrivateBuild: SYSCORE.15.1.0.656 F14,F15,F16,F18,F20
12530ec.3598: FileDescription: McAfee Link Driver
12630ec.3598: \SystemRoot\System32\drivers\mfewfpk.sys:
12730ec.3598: CreationTime: 2012-10-17T18:56:14.924132800Z
12830ec.3598: LastWriteTime: 2014-05-15T00:07:11.566447400Z
12930ec.3598: ChangeTime: 2014-05-21T02:04:37.613302400Z
13030ec.3598: FileAttributes: 0x20
13130ec.3598: Size: 0x54070
13230ec.3598: NT Headers: 0xf0
13330ec.3598: Timestamp: 0x52ab7fd3
13430ec.3598: Machine: 0x8664 - amd64
13530ec.3598: Timestamp: 0x52ab7fd3
13630ec.3598: Image Version: 0.0
13730ec.3598: SizeOfImage: 0x51980 (334208)
13830ec.3598: Resource Dir: 0x50e80 LB 0x348
13930ec.3598: ProductName: SYSCORE
14030ec.3598: FileVersion: SYSCORE.15.1.0.656
14130ec.3598: PrivateBuild: SYSCORE.15.1.0.656 F17,F18
14230ec.3598: FileDescription: Anti-Virus Mini-Firewall Driver
14330ec.3598: Calling main()
14430ec.3598: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
14530ec.3598: SUPR3HardenedMain: Respawn #1
14630ec.3598: System32: \Device\HarddiskVolume1\Windows\System32
14730ec.3598: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
14830ec.3598: KnownDllPath: C:\WINDOWS\system32
14930ec.3598: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
15030ec.3598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
15130ec.3598: supR3HardNtEnableThreadCreation:
15230ec.3598: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007773c340 pvNtTerminateThread=00000000777617e0
15330ec.3598: supR3HardenedWinDoReSpawn(1): New child 36a8.b5c [kernel32].
15430ec.3598: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
15530ec.3598: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077710000 uNtDllChildAddr=0000000077710000
15630ec.3598: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007773c340
15730ec.3598: supR3HardenedWinSetupChildInit: Start child.
15830ec.3598: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 12 ms.
15930ec.3598: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
16030ec.3598: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
16130ec.3598: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
16230ec.3598: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
16330ec.3598: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
16430ec.3598: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
16530ec.3598: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
16630ec.3598: 0000000000041000-fffffffffff41fff 0x0001/0x0000 0x0000000
16730ec.3598: *0000000000140000-0000000000043fff 0x0000/0x0004 0x0020000
16830ec.3598: 000000000023c000-0000000000238fff 0x0104/0x0004 0x0020000
16930ec.3598: 000000000023f000-000000000023dfff 0x0004/0x0004 0x0020000
17030ec.3598: 0000000000240000-ffffffff88d6ffff 0x0001/0x0000 0x0000000
17130ec.3598: *0000000077710000-000000007770efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
17230ec.3598: 0000000077711000-000000007760efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
17330ec.3598: 0000000077813000-00000000777e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
17430ec.3598: 0000000077842000-0000000077839fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
17530ec.3598: 000000007784a000-0000000077848fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
17630ec.3598: 000000007784b000-0000000077847fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
17730ec.3598: 000000007784e000-00000000777e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
17830ec.3598: 00000000778b9000-0000000070191fff 0x0001/0x0000 0x0000000
17930ec.3598: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
18030ec.3598: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
18130ec.3598: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
18230ec.3598: 000000007fff0000-ffffffffc09dffff 0x0001/0x0000 0x0000000
18330ec.3598: *000000013f600000-000000013f5fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
18430ec.3598: 000000013f601000-000000013f57cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
18530ec.3598: 000000013f685000-000000013f683fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
18630ec.3598: 000000013f686000-000000013f648fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
18730ec.3598: 000000013f6c3000-000000013f6c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
18830ec.3598: 000000013f6c4000-000000013f6c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
18930ec.3598: 000000013f6c5000-000000013f6c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
19030ec.3598: 000000013f6c7000-000000013f6c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
19130ec.3598: 000000013f6c8000-000000013f6c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
19230ec.3598: 000000013f6c9000-000000013f6c4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
19330ec.3598: 000000013f6cd000-000000013f693fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
19430ec.3598: 000000013f706000-fffff8037f3dbfff 0x0001/0x0000 0x0000000
19530ec.3598: *000007feffa30000-000007feffa2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
19630ec.3598: 000007feffa31000-000007fdff4b1fff 0x0001/0x0000 0x0000000
19730ec.3598: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
19830ec.3598: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
19930ec.3598: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
20030ec.3598: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
20130ec.3598: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
20230ec.3598: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
20330ec.3598: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
20430ec.3598: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
20530ec.3598: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
20630ec.3598: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
20730ec.3598: supR3HardNtChildPurify: Done after 542 ms and 0 fixes (loop #0).
20830ec.3598: supR3HardNtEnableThreadCreation:
20936a8.b5c: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
21036a8.b5c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077710000
21136a8.b5c: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
21236a8.b5c: New simple heap: #1 0000000000340000 LB 0x400000 (for 1740800 allocation)
21336a8.b5c: System32: \Device\HarddiskVolume1\Windows\System32
21436a8.b5c: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
21536a8.b5c: KnownDllPath: C:\WINDOWS\system32
21636a8.b5c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
21736a8.b5c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
21836a8.b5c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
21936a8.b5c: Registered Dll notification callback with NTDLL.
22036a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
22136a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
22236a8.b5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
22336a8.b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
22436a8.b5c: supR3HardenedDllNotificationCallback: load 00000000774f0000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0]
22536a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
22636a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0006c000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
22736a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
22836a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
22936a8.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774f0000 'C:\WINDOWS\system32\kernel32.dll'
23036a8.b5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007773c340 pvNtTerminateThread=00000000777617e0
23130ec.3598: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 33 ms.
23236a8.b5c: \SystemRoot\System32\ntdll.dll:
23336a8.b5c: CreationTime: 2013-12-16T17:46:21.136494200Z
23436a8.b5c: LastWriteTime: 2013-08-29T02:16:35.515578900Z
23536a8.b5c: ChangeTime: 2013-12-16T18:05:56.519173300Z
23636a8.b5c: FileAttributes: 0x20
23736a8.b5c: Size: 0x1a6dc0
23836a8.b5c: NT Headers: 0xe0
23936a8.b5c: Timestamp: 0x521eaf24
24036a8.b5c: Machine: 0x8664 - amd64
24136a8.b5c: Timestamp: 0x521eaf24
24236a8.b5c: Image Version: 6.1
24336a8.b5c: SizeOfImage: 0x1a9000 (1740800)
24436a8.b5c: Resource Dir: 0x151000 LB 0x560d8
24536a8.b5c: ProductName: Microsoft® Windows® Operating System
24636a8.b5c: ProductVersion: 6.1.7601.18247
24736a8.b5c: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
24836a8.b5c: FileDescription: NT Layer DLL
24936a8.b5c: \SystemRoot\System32\kernel32.dll:
25036a8.b5c: CreationTime: 2014-05-02T19:09:02.954739200Z
25136a8.b5c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
25236a8.b5c: ChangeTime: 2014-05-02T20:39:36.806070000Z
25336a8.b5c: FileAttributes: 0x20
25436a8.b5c: Size: 0x11c000
25536a8.b5c: NT Headers: 0xe8
25636a8.b5c: Timestamp: 0x5315a059
25736a8.b5c: Machine: 0x8664 - amd64
25836a8.b5c: Timestamp: 0x5315a059
25936a8.b5c: Image Version: 6.1
26036a8.b5c: SizeOfImage: 0x11f000 (1175552)
26136a8.b5c: Resource Dir: 0x116000 LB 0x528
26236a8.b5c: ProductName: Microsoft® Windows® Operating System
26336a8.b5c: ProductVersion: 6.1.7601.18409
26436a8.b5c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
26536a8.b5c: FileDescription: Windows NT BASE API Client DLL
26636a8.b5c: \SystemRoot\System32\KernelBase.dll:
26736a8.b5c: CreationTime: 2014-05-30T19:04:20.610299900Z
26836a8.b5c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
26936a8.b5c: ChangeTime: 2014-05-30T20:35:31.675299900Z
27036a8.b5c: FileAttributes: 0x20
27136a8.b5c: Size: 0x67c00
27236a8.b5c: NT Headers: 0xe8
27336a8.b5c: Timestamp: 0x5315a05a
27436a8.b5c: Machine: 0x8664 - amd64
27536a8.b5c: Timestamp: 0x5315a05a
27636a8.b5c: Image Version: 6.1
27736a8.b5c: SizeOfImage: 0x6c000 (442368)
27836a8.b5c: Resource Dir: 0x6a000 LB 0x530
27936a8.b5c: ProductName: Microsoft® Windows® Operating System
28036a8.b5c: ProductVersion: 6.1.7601.18409
28136a8.b5c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
28236a8.b5c: FileDescription: Windows NT BASE API Client DLL
28336a8.b5c: \SystemRoot\System32\apisetschema.dll:
28436a8.b5c: CreationTime: 2013-12-16T17:56:13.802401900Z
28536a8.b5c: LastWriteTime: 2013-08-02T02:12:20.275000000Z
28636a8.b5c: ChangeTime: 2013-12-16T18:05:58.609157900Z
28736a8.b5c: FileAttributes: 0x20
28836a8.b5c: Size: 0x1a00
28936a8.b5c: NT Headers: 0xc0
29036a8.b5c: Timestamp: 0x51fb15ca
29136a8.b5c: Machine: 0x8664 - amd64
29236a8.b5c: Timestamp: 0x51fb15ca
29336a8.b5c: Image Version: 6.1
29436a8.b5c: SizeOfImage: 0x50000 (327680)
29536a8.b5c: Resource Dir: 0x30000 LB 0x3f8
29636a8.b5c: ProductName: Microsoft® Windows® Operating System
29736a8.b5c: ProductVersion: 6.1.7601.18229
29836a8.b5c: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
29936a8.b5c: FileDescription: ApiSet Schema DLL
30036a8.b5c: Found driver mfewfpk (0x20)
30136a8.b5c: Found driver mfehidk (0x20)
30236a8.b5c: Found driver mfeavfk (0x20)
30336a8.b5c: Found driver mfeapfk (0x20)
30436a8.b5c: supR3HardenedWinFindAdversaries: 0x20
30536a8.b5c: \SystemRoot\System32\drivers\mfeapfk.sys:
30636a8.b5c: CreationTime: 2012-10-17T18:56:17.872816300Z
30736a8.b5c: LastWriteTime: 2014-05-15T00:07:10.555346300Z
30836a8.b5c: ChangeTime: 2014-05-15T00:08:11.530443200Z
30936a8.b5c: FileAttributes: 0x20
31036a8.b5c: Size: 0x2c030
31136a8.b5c: NT Headers: 0xe8
31236a8.b5c: Timestamp: 0x52ab7fef
31336a8.b5c: Machine: 0x8664 - amd64
31436a8.b5c: Timestamp: 0x52ab7fef
31536a8.b5c: Image Version: 0.0
31636a8.b5c: SizeOfImage: 0x29d00 (171264)
31736a8.b5c: Resource Dir: 0x29500 LB 0x340
31836a8.b5c: ProductName: SYSCORE
31936a8.b5c: FileVersion: SYSCORE.15.1.0.656
32036a8.b5c: PrivateBuild: SYSCORE.15.1.0.656 F16
32136a8.b5c: FileDescription: Access Protection Filter Driver
32236a8.b5c: \SystemRoot\System32\drivers\mfeavfk.sys:
32336a8.b5c: CreationTime: 2012-10-17T18:56:17.794808800Z
32436a8.b5c: LastWriteTime: 2014-05-15T00:07:10.796370400Z
32536a8.b5c: ChangeTime: 2014-05-15T00:07:10.796370400Z
32636a8.b5c: FileAttributes: 0x20
32736a8.b5c: Size: 0x4c130
32836a8.b5c: NT Headers: 0xf0
32936a8.b5c: Timestamp: 0x52ab8004
33036a8.b5c: Machine: 0x8664 - amd64
33136a8.b5c: Timestamp: 0x52ab8004
33236a8.b5c: Image Version: 0.0
33336a8.b5c: SizeOfImage: 0x49b00 (301824)
33436a8.b5c: Resource Dir: 0x48d00 LB 0x718
33536a8.b5c: ProductName: SYSCORE
33636a8.b5c: FileVersion: SYSCORE.15.1.0.656
33736a8.b5c: PrivateBuild: SYSCORE.15.1.0.656 F15,F16,F19
33836a8.b5c: FileDescription: Anti-Virus File System Filter Driver
33936a8.b5c: \SystemRoot\System32\drivers\mfehidk.sys:
34036a8.b5c: CreationTime: 2012-10-17T18:56:17.420372800Z
34136a8.b5c: LastWriteTime: 2014-05-15T00:07:11.104401200Z
34236a8.b5c: ChangeTime: 2014-05-21T02:04:37.589297600Z
34336a8.b5c: FileAttributes: 0x20
34436a8.b5c: Size: 0xbf278
34536a8.b5c: NT Headers: 0xf0
34636a8.b5c: Timestamp: 0x52ab7fc4
34736a8.b5c: Machine: 0x8664 - amd64
34836a8.b5c: Timestamp: 0x52ab7fc4
34936a8.b5c: Image Version: 0.0
35036a8.b5c: SizeOfImage: 0xbc180 (770432)
35136a8.b5c: Resource Dir: 0xb9b80 LB 0x348
35236a8.b5c: ProductName: SYSCORE
35336a8.b5c: FileVersion: SYSCORE.15.1.0.656
35436a8.b5c: PrivateBuild: SYSCORE.15.1.0.656 F14,F15,F16,F18,F20
35536a8.b5c: FileDescription: McAfee Link Driver
35636a8.b5c: \SystemRoot\System32\drivers\mfewfpk.sys:
35736a8.b5c: CreationTime: 2012-10-17T18:56:14.924132800Z
35836a8.b5c: LastWriteTime: 2014-05-15T00:07:11.566447400Z
35936a8.b5c: ChangeTime: 2014-05-21T02:04:37.613302400Z
36036a8.b5c: FileAttributes: 0x20
36136a8.b5c: Size: 0x54070
36236a8.b5c: NT Headers: 0xf0
36336a8.b5c: Timestamp: 0x52ab7fd3
36436a8.b5c: Machine: 0x8664 - amd64
36536a8.b5c: Timestamp: 0x52ab7fd3
36636a8.b5c: Image Version: 0.0
36736a8.b5c: SizeOfImage: 0x51980 (334208)
36836a8.b5c: Resource Dir: 0x50e80 LB 0x348
36936a8.b5c: ProductName: SYSCORE
37036a8.b5c: FileVersion: SYSCORE.15.1.0.656
37136a8.b5c: PrivateBuild: SYSCORE.15.1.0.656 F17,F18
37236a8.b5c: FileDescription: Anti-Virus Mini-Firewall Driver
37336a8.b5c: Calling main()
37436a8.b5c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
37536a8.b5c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
37636a8.b5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
37736a8.b5c: SUPR3HardenedMain: Respawn #2
37836a8.b5c: supR3HardNtEnableThreadCreation:
37936a8.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38036a8.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
38136a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
38236a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
38336a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38436a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38536a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
38636a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
38736a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38836a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38936a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
39036a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
39136a8.b5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
39236a8.b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
39336a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefe520000 LB 0x000db000 C:\WINDOWS\system32\ADVAPI32.DLL [fFlags=0x0]
39436a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
39536a8.b5c: supR3HardenedDllNotificationCallback: load 000007feff560000 LB 0x0009f000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
39636a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
39736a8.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
39836a8.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
39936a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
40036a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
40136a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefe730000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
40236a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
40336a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0012d000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
40436a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
40536a8.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe520000 'C:\WINDOWS\system32\ADVAPI32.DLL'
40636a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
40736a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
40836a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
40936a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
41036a8.b5c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
41136a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
41236a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
41336a8.b5c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
41436a8.b5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
41536a8.b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
41636a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00057000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
41736a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
41836a8.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd980000 'C:\WINDOWS\system32\apphelp.dll'
41936a8.b5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007773c340 pvNtTerminateThread=00000000777617e0
42036a8.b5c: supR3HardenedWinDoReSpawn(2): New child 13c8.2bd0 [kernel32].
42136a8.b5c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
42236a8.b5c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077710000 uNtDllChildAddr=0000000077710000
42336a8.b5c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007773c340
42436a8.b5c: supR3HardenedWinSetupChildInit: Start child.
42536a8.b5c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 15 ms.
42636a8.b5c: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 64 sleeps
42736a8.b5c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
42836a8.b5c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
42936a8.b5c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
43036a8.b5c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
43136a8.b5c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
43236a8.b5c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
43336a8.b5c: 0000000000041000-ffffffffffed1fff 0x0001/0x0000 0x0000000
43436a8.b5c: *00000000001b0000-00000000000b3fff 0x0000/0x0004 0x0020000
43536a8.b5c: 00000000002ac000-00000000002a8fff 0x0104/0x0004 0x0020000
43636a8.b5c: 00000000002af000-00000000002adfff 0x0004/0x0004 0x0020000
43736a8.b5c: 00000000002b0000-ffffffff88e4ffff 0x0001/0x0000 0x0000000
43836a8.b5c: *0000000077710000-000000007770efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
43936a8.b5c: 0000000077711000-000000007760efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
44036a8.b5c: 0000000077813000-00000000777e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
44136a8.b5c: 0000000077842000-0000000077839fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
44236a8.b5c: 000000007784a000-0000000077848fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
44336a8.b5c: 000000007784b000-0000000077847fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
44436a8.b5c: 000000007784e000-00000000777e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
44536a8.b5c: 00000000778b9000-0000000070191fff 0x0001/0x0000 0x0000000
44636a8.b5c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
44736a8.b5c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
44836a8.b5c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
44936a8.b5c: 000000007fff0000-ffffffffc09dffff 0x0001/0x0000 0x0000000
45036a8.b5c: *000000013f600000-000000013f5fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45136a8.b5c: 000000013f601000-000000013f57cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45236a8.b5c: 000000013f685000-000000013f683fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45336a8.b5c: 000000013f686000-000000013f648fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45436a8.b5c: 000000013f6c3000-000000013f6c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45536a8.b5c: 000000013f6c4000-000000013f6c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45636a8.b5c: 000000013f6c5000-000000013f6c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45736a8.b5c: 000000013f6c7000-000000013f6c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45836a8.b5c: 000000013f6c8000-000000013f6c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
45936a8.b5c: 000000013f6c9000-000000013f6c4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
46036a8.b5c: 000000013f6cd000-000000013f693fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
46136a8.b5c: 000000013f706000-fffff8037f3dbfff 0x0001/0x0000 0x0000000
46236a8.b5c: *000007feffa30000-000007feffa2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
46336a8.b5c: 000007feffa31000-000007fdff4b1fff 0x0001/0x0000 0x0000000
46436a8.b5c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
46536a8.b5c: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
46636a8.b5c: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
46736a8.b5c: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
46836a8.b5c: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
46936a8.b5c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
47036a8.b5c: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
47136a8.b5c: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
47236a8.b5c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
47336a8.b5c: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
47436a8.b5c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
47536a8.b5c: supR3HardNtChildPurify: Done after 538 ms and 0 fixes (loop #0).
47636a8.b5c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000340000 LB 0x400000)
47736a8.b5c: supR3HardNtEnableThreadCreation:
47813c8.2bd0: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
47913c8.2bd0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077710000
48013c8.2bd0: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
48113c8.2bd0: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1740800 allocation)
48213c8.2bd0: System32: \Device\HarddiskVolume1\Windows\System32
48313c8.2bd0: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
48413c8.2bd0: KnownDllPath: C:\WINDOWS\system32
48513c8.2bd0: supR3HardenedVmProcessInit: Opening vboxdrv...
48613c8.2bd0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
48713c8.2bd0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
48813c8.2bd0: Registered Dll notification callback with NTDLL.
48913c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
49013c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
49113c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
49213c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
49313c8.2bd0: supR3HardenedDllNotificationCallback: load 00000000774f0000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0]
49413c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
49513c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0006c000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
49613c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
49713c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
49813c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774f0000 'C:\WINDOWS\system32\kernel32.dll'
49913c8.2bd0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007773c340 pvNtTerminateThread=00000000777617e0
50036a8.b5c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 35 ms.
50113c8.2bd0: \SystemRoot\System32\ntdll.dll:
50213c8.2bd0: CreationTime: 2013-12-16T17:46:21.136494200Z
50313c8.2bd0: LastWriteTime: 2013-08-29T02:16:35.515578900Z
50413c8.2bd0: ChangeTime: 2013-12-16T18:05:56.519173300Z
50513c8.2bd0: FileAttributes: 0x20
50613c8.2bd0: Size: 0x1a6dc0
50713c8.2bd0: NT Headers: 0xe0
50813c8.2bd0: Timestamp: 0x521eaf24
50913c8.2bd0: Machine: 0x8664 - amd64
51013c8.2bd0: Timestamp: 0x521eaf24
51113c8.2bd0: Image Version: 6.1
51213c8.2bd0: SizeOfImage: 0x1a9000 (1740800)
51313c8.2bd0: Resource Dir: 0x151000 LB 0x560d8
51413c8.2bd0: ProductName: Microsoft® Windows® Operating System
51513c8.2bd0: ProductVersion: 6.1.7601.18247
51613c8.2bd0: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
51713c8.2bd0: FileDescription: NT Layer DLL
51813c8.2bd0: \SystemRoot\System32\kernel32.dll:
51913c8.2bd0: CreationTime: 2014-05-02T19:09:02.954739200Z
52013c8.2bd0: LastWriteTime: 2014-03-04T09:44:00.336000000Z
52113c8.2bd0: ChangeTime: 2014-05-02T20:39:36.806070000Z
52213c8.2bd0: FileAttributes: 0x20
52313c8.2bd0: Size: 0x11c000
52413c8.2bd0: NT Headers: 0xe8
52513c8.2bd0: Timestamp: 0x5315a059
52613c8.2bd0: Machine: 0x8664 - amd64
52713c8.2bd0: Timestamp: 0x5315a059
52813c8.2bd0: Image Version: 6.1
52913c8.2bd0: SizeOfImage: 0x11f000 (1175552)
53013c8.2bd0: Resource Dir: 0x116000 LB 0x528
53113c8.2bd0: ProductName: Microsoft® Windows® Operating System
53213c8.2bd0: ProductVersion: 6.1.7601.18409
53313c8.2bd0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
53413c8.2bd0: FileDescription: Windows NT BASE API Client DLL
53513c8.2bd0: \SystemRoot\System32\KernelBase.dll:
53613c8.2bd0: CreationTime: 2014-05-30T19:04:20.610299900Z
53713c8.2bd0: LastWriteTime: 2014-03-04T09:44:00.336000000Z
53813c8.2bd0: ChangeTime: 2014-05-30T20:35:31.675299900Z
53913c8.2bd0: FileAttributes: 0x20
54013c8.2bd0: Size: 0x67c00
54113c8.2bd0: NT Headers: 0xe8
54213c8.2bd0: Timestamp: 0x5315a05a
54313c8.2bd0: Machine: 0x8664 - amd64
54413c8.2bd0: Timestamp: 0x5315a05a
54513c8.2bd0: Image Version: 6.1
54613c8.2bd0: SizeOfImage: 0x6c000 (442368)
54713c8.2bd0: Resource Dir: 0x6a000 LB 0x530
54813c8.2bd0: ProductName: Microsoft® Windows® Operating System
54913c8.2bd0: ProductVersion: 6.1.7601.18409
55013c8.2bd0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
55113c8.2bd0: FileDescription: Windows NT BASE API Client DLL
55213c8.2bd0: \SystemRoot\System32\apisetschema.dll:
55313c8.2bd0: CreationTime: 2013-12-16T17:56:13.802401900Z
55413c8.2bd0: LastWriteTime: 2013-08-02T02:12:20.275000000Z
55513c8.2bd0: ChangeTime: 2013-12-16T18:05:58.609157900Z
55613c8.2bd0: FileAttributes: 0x20
55713c8.2bd0: Size: 0x1a00
55813c8.2bd0: NT Headers: 0xc0
55913c8.2bd0: Timestamp: 0x51fb15ca
56013c8.2bd0: Machine: 0x8664 - amd64
56113c8.2bd0: Timestamp: 0x51fb15ca
56213c8.2bd0: Image Version: 6.1
56313c8.2bd0: SizeOfImage: 0x50000 (327680)
56413c8.2bd0: Resource Dir: 0x30000 LB 0x3f8
56513c8.2bd0: ProductName: Microsoft® Windows® Operating System
56613c8.2bd0: ProductVersion: 6.1.7601.18229
56713c8.2bd0: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
56813c8.2bd0: FileDescription: ApiSet Schema DLL
56913c8.2bd0: Found driver mfewfpk (0x20)
57013c8.2bd0: Found driver mfehidk (0x20)
57113c8.2bd0: Found driver mfeavfk (0x20)
57213c8.2bd0: Found driver mfeapfk (0x20)
57313c8.2bd0: supR3HardenedWinFindAdversaries: 0x20
57413c8.2bd0: \SystemRoot\System32\drivers\mfeapfk.sys:
57513c8.2bd0: CreationTime: 2012-10-17T18:56:17.872816300Z
57613c8.2bd0: LastWriteTime: 2014-05-15T00:07:10.555346300Z
57713c8.2bd0: ChangeTime: 2014-05-15T00:08:11.530443200Z
57813c8.2bd0: FileAttributes: 0x20
57913c8.2bd0: Size: 0x2c030
58013c8.2bd0: NT Headers: 0xe8
58113c8.2bd0: Timestamp: 0x52ab7fef
58213c8.2bd0: Machine: 0x8664 - amd64
58313c8.2bd0: Timestamp: 0x52ab7fef
58413c8.2bd0: Image Version: 0.0
58513c8.2bd0: SizeOfImage: 0x29d00 (171264)
58613c8.2bd0: Resource Dir: 0x29500 LB 0x340
58713c8.2bd0: ProductName: SYSCORE
58813c8.2bd0: FileVersion: SYSCORE.15.1.0.656
58913c8.2bd0: PrivateBuild: SYSCORE.15.1.0.656 F16
59013c8.2bd0: FileDescription: Access Protection Filter Driver
59113c8.2bd0: \SystemRoot\System32\drivers\mfeavfk.sys:
59213c8.2bd0: CreationTime: 2012-10-17T18:56:17.794808800Z
59313c8.2bd0: LastWriteTime: 2014-05-15T00:07:10.796370400Z
59413c8.2bd0: ChangeTime: 2014-05-15T00:07:10.796370400Z
59513c8.2bd0: FileAttributes: 0x20
59613c8.2bd0: Size: 0x4c130
59713c8.2bd0: NT Headers: 0xf0
59813c8.2bd0: Timestamp: 0x52ab8004
59913c8.2bd0: Machine: 0x8664 - amd64
60013c8.2bd0: Timestamp: 0x52ab8004
60113c8.2bd0: Image Version: 0.0
60213c8.2bd0: SizeOfImage: 0x49b00 (301824)
60313c8.2bd0: Resource Dir: 0x48d00 LB 0x718
60413c8.2bd0: ProductName: SYSCORE
60513c8.2bd0: FileVersion: SYSCORE.15.1.0.656
60613c8.2bd0: PrivateBuild: SYSCORE.15.1.0.656 F15,F16,F19
60713c8.2bd0: FileDescription: Anti-Virus File System Filter Driver
60813c8.2bd0: \SystemRoot\System32\drivers\mfehidk.sys:
60913c8.2bd0: CreationTime: 2012-10-17T18:56:17.420372800Z
61013c8.2bd0: LastWriteTime: 2014-05-15T00:07:11.104401200Z
61113c8.2bd0: ChangeTime: 2014-05-21T02:04:37.589297600Z
61213c8.2bd0: FileAttributes: 0x20
61313c8.2bd0: Size: 0xbf278
61413c8.2bd0: NT Headers: 0xf0
61513c8.2bd0: Timestamp: 0x52ab7fc4
61613c8.2bd0: Machine: 0x8664 - amd64
61713c8.2bd0: Timestamp: 0x52ab7fc4
61813c8.2bd0: Image Version: 0.0
61913c8.2bd0: SizeOfImage: 0xbc180 (770432)
62013c8.2bd0: Resource Dir: 0xb9b80 LB 0x348
62113c8.2bd0: ProductName: SYSCORE
62213c8.2bd0: FileVersion: SYSCORE.15.1.0.656
62313c8.2bd0: PrivateBuild: SYSCORE.15.1.0.656 F14,F15,F16,F18,F20
62413c8.2bd0: FileDescription: McAfee Link Driver
62513c8.2bd0: \SystemRoot\System32\drivers\mfewfpk.sys:
62613c8.2bd0: CreationTime: 2012-10-17T18:56:14.924132800Z
62713c8.2bd0: LastWriteTime: 2014-05-15T00:07:11.566447400Z
62813c8.2bd0: ChangeTime: 2014-05-21T02:04:37.613302400Z
62913c8.2bd0: FileAttributes: 0x20
63013c8.2bd0: Size: 0x54070
63113c8.2bd0: NT Headers: 0xf0
63213c8.2bd0: Timestamp: 0x52ab7fd3
63313c8.2bd0: Machine: 0x8664 - amd64
63413c8.2bd0: Timestamp: 0x52ab7fd3
63513c8.2bd0: Image Version: 0.0
63613c8.2bd0: SizeOfImage: 0x51980 (334208)
63713c8.2bd0: Resource Dir: 0x50e80 LB 0x348
63813c8.2bd0: ProductName: SYSCORE
63913c8.2bd0: FileVersion: SYSCORE.15.1.0.656
64013c8.2bd0: PrivateBuild: SYSCORE.15.1.0.656 F17,F18
64113c8.2bd0: FileDescription: Anti-Virus Mini-Firewall Driver
64213c8.2bd0: Calling main()
64313c8.2bd0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
64413c8.2bd0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
64513c8.2bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
64613c8.2bd0: SUPR3HardenedMain: Final process, opening VBoxDrv...
64713c8.2bd0: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002b0000 LB 0x400000)
64813c8.2bd0: supR3HardNtEnableThreadCreation:
64913c8.2bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
65013c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
65113c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008947a0:C:\WINDOWS\system32 [calling]
65213c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
65313c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefa730000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
65413c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
65513c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
65613c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling]
65713c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
65813c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
65913c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling]
66013c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
66113c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
66213c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
66313c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
66413c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
66513c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
66613c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
66713c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
66813c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
66913c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
67013c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
67113c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
67213c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
67313c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
67413c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
67513c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
67613c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
67713c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
67813c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
67913c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
68013c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
68113c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
68213c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
68313c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
68413c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
68513c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
68613c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
68713c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
68813c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
68913c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
69013c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
69113c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
69213c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008947a0:C:\WINDOWS\system32 [calling]
69313c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
69413c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefdc20000 LB 0x0003a000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
69513c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
69613c8.2bd0: supR3HardenedDllNotificationCallback: load 000007feff560000 LB 0x0009f000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
69713c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
69813c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefdd30000 LB 0x0016c000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
69913c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
70013c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefdc10000 LB 0x0000f000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
70113c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
70213c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0012d000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
70313c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
70413c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc20000 'C:\WINDOWS\system32\Wintrust.dll'
70513c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
70613c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
70713c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling]
70813c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
70913c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefd450000 LB 0x00017000 C:\WINDOWS\system32\CRYPTSP.dll [fFlags=0x0]
71013c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
71113c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\WINDOWS\system32\CRYPTSP.dll'
71213c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
71313c8.2bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
71413c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
71513c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
71613c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
71713c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
71813c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling]
71913c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
72013c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefd010000 LB 0x00047000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
72113c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
72213c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd010000 'C:\WINDOWS\system32\rsaenh.dll'
72313c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
72413c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
72513c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
72613c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
72713c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
72813c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
72913c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
73013c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
73113c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
73213c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
73313c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling]
73413c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
73513c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefe520000 LB 0x000db000 C:\WINDOWS\system32\ADVAPI32.dll [fFlags=0x0]
73613c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
73713c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
73813c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
73913c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
74013c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
74113c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefe730000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
74213c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
74313c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe520000 'C:\WINDOWS\system32\ADVAPI32.dll'
74413c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
74513c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
74613c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
74713c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
74813c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
74913c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
75013c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
75113c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
75213c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling]
75313c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
75413c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x0000f000 C:\WINDOWS\system32\CRYPTBASE.dll [fFlags=0x0]
75513c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
75613c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\WINDOWS\system32\CRYPTBASE.dll'
75713c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'.
75813c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'.
75913c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
76013c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
76113c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
76213c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
76313c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
76413c8.3134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll)
76513c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll
76613c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
76713c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
76813c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
76913c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
77013c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
77113c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
77213c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
77313c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
77413c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
77513c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
77613c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
77713c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
77813c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
77913c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
78013c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
78113c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
78213c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
78313c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
78413c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
78513c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
78613c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shell32.dll)
78713c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
78813c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
78913c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
79013c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
79113c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
79213c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
79313c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
79413c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
79513c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
79613c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
79713c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
79813c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
79913c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\version.dll)
80013c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
80113c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
80213c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
80313c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
80413c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
80513c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
80613c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
80713c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
80813c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
80913c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
81013c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
81113c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
81213c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
81313c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
81413c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
81513c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
81613c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
81713c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
81813c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
81913c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
82013c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
82113c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
82213c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
82313c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
82413c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
82513c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
82613c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
82713c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
82813c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
82913c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
83013c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
83113c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
83213c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
83313c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
83413c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
83513c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
83613c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
83713c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
83813c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
83913c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
84013c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
84113c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
84213c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
84313c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
84413c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
84513c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
84613c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
84713c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
84813c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
84913c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
85013c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
85113c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
85213c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
85313c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
85413c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
85513c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
85613c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
85713c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
85813c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
85913c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
86013c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
86113c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
86213c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
86313c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
86413c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
86513c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
86613c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
86713c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
86813c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
86913c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
87013c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
87113c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
87213c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
87313c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
87413c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
87513c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
87613c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
87713c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
87813c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
87913c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
88013c8.3134: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
88113c8.3134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust]
88213c8.3134: supR3HardenedDllNotificationCallback: load 000007fefda80000 LB 0x0002d000 C:\WINDOWS\system32\privman64.dll [fFlags=0x0]
88313c8.3134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust]
88436a8.b5c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1368 ms, the end);
88530ec.3598: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1993 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy