VirtualBox

Ticket #13187: VBoxStartup.14.log

File VBoxStartup.14.log, 198.0 KB (added by luke93, 10 years ago)

anybody who still cannot start VMs on Windows with VBox 4.3.20, please attach the VBox 4.3.20 VBoxStartup.log file

Line 
199c.f54: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
299c.f54: \SystemRoot\System32\ntdll.dll:
399c.f54: CreationTime: 2013-10-09T09:28:18.281672300Z
499c.f54: LastWriteTime: 2013-08-29T02:16:35.515578900Z
599c.f54: ChangeTime: 2013-10-10T15:02:52.780847600Z
699c.f54: FileAttributes: 0x20
799c.f54: Size: 0x1a6dc0
899c.f54: NT Headers: 0xe0
999c.f54: Timestamp: 0x521eaf24
1099c.f54: Machine: 0x8664 - amd64
1199c.f54: Timestamp: 0x521eaf24
1299c.f54: Image Version: 6.1
1399c.f54: SizeOfImage: 0x1a9000 (1740800)
1499c.f54: Resource Dir: 0x151000 LB 0x560d8
1599c.f54: ProductName: Microsoft® Windows® Operating System
1699c.f54: ProductVersion: 6.1.7601.18247
1799c.f54: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
1899c.f54: FileDescription: NT Layer DLL
1999c.f54: \SystemRoot\System32\kernel32.dll:
2099c.f54: CreationTime: 2014-04-09T19:16:18.464175600Z
2199c.f54: LastWriteTime: 2014-03-04T09:44:00.336000000Z
2299c.f54: ChangeTime: 2014-04-14T14:05:07.417291600Z
2399c.f54: FileAttributes: 0x20
2499c.f54: Size: 0x11c000
2599c.f54: NT Headers: 0xe8
2699c.f54: Timestamp: 0x5315a059
2799c.f54: Machine: 0x8664 - amd64
2899c.f54: Timestamp: 0x5315a059
2999c.f54: Image Version: 6.1
3099c.f54: SizeOfImage: 0x11f000 (1175552)
3199c.f54: Resource Dir: 0x116000 LB 0x528
3299c.f54: ProductName: Microsoft® Windows® Operating System
3399c.f54: ProductVersion: 6.1.7601.18409
3499c.f54: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3599c.f54: FileDescription: Windows NT BASE API Client DLL
3699c.f54: \SystemRoot\System32\KernelBase.dll:
3799c.f54: CreationTime: 2014-05-15T16:48:03.938503500Z
3899c.f54: LastWriteTime: 2014-03-04T09:44:00.336000000Z
3999c.f54: ChangeTime: 2014-05-22T23:08:55.079063300Z
4099c.f54: FileAttributes: 0x20
4199c.f54: Size: 0x67c00
4299c.f54: NT Headers: 0xe8
4399c.f54: Timestamp: 0x5315a05a
4499c.f54: Machine: 0x8664 - amd64
4599c.f54: Timestamp: 0x5315a05a
4699c.f54: Image Version: 6.1
4799c.f54: SizeOfImage: 0x6c000 (442368)
4899c.f54: Resource Dir: 0x6a000 LB 0x530
4999c.f54: ProductName: Microsoft® Windows® Operating System
5099c.f54: ProductVersion: 6.1.7601.18409
5199c.f54: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
5299c.f54: FileDescription: Windows NT BASE API Client DLL
5399c.f54: \SystemRoot\System32\apisetschema.dll:
5499c.f54: CreationTime: 2013-09-11T09:53:01.074440000Z
5599c.f54: LastWriteTime: 2013-08-02T02:12:20.275000000Z
5699c.f54: ChangeTime: 2013-09-11T10:20:39.245571700Z
5799c.f54: FileAttributes: 0x20
5899c.f54: Size: 0x1a00
5999c.f54: NT Headers: 0xc0
6099c.f54: Timestamp: 0x51fb15ca
6199c.f54: Machine: 0x8664 - amd64
6299c.f54: Timestamp: 0x51fb15ca
6399c.f54: Image Version: 6.1
6499c.f54: SizeOfImage: 0x50000 (327680)
6599c.f54: Resource Dir: 0x30000 LB 0x3f8
6699c.f54: ProductName: Microsoft® Windows® Operating System
6799c.f54: ProductVersion: 6.1.7601.18229
6899c.f54: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
6999c.f54: FileDescription: ApiSet Schema DLL
7099c.f54: Found driver KLIM6 (0x40)
7199c.f54: Found driver kl1 (0x40)
7299c.f54: Found driver kneps (0x40)
7399c.f54: Found driver kltdi (0x40)
7499c.f54: supR3HardenedWinFindAdversaries: 0x40
7599c.f54: \SystemRoot\System32\drivers\kl1.sys:
7699c.f54: CreationTime: 2012-06-20T00:28:12.000000000Z
7799c.f54: LastWriteTime: 2012-06-20T00:28:12.000000000Z
7899c.f54: ChangeTime: 2013-07-08T12:26:18.046592700Z
7999c.f54: FileAttributes: 0x20
8099c.f54: Size: 0x6ff58
8199c.f54: NT Headers: 0xe0
8299c.f54: Timestamp: 0x4fe07e33
8399c.f54: Machine: 0x8664 - amd64
8499c.f54: Timestamp: 0x4fe07e33
8599c.f54: Image Version: 0.0
8699c.f54: SizeOfImage: 0x75e000 (7725056)
8799c.f54: Resource Dir: 0x75c000 LB 0x448
8899c.f54: ProductName: Kaspersky Anti-Virus
8999c.f54: ProductVersion: 6.0.1.949
9099c.f54: FileVersion: 6.8.0.16
9199c.f54: FileDescription: Kaspersky Unified Driver
9299c.f54: \SystemRoot\System32\drivers\klflt.sys:
9399c.f54: CreationTime: 2013-01-11T23:37:18.000000000Z
9499c.f54: LastWriteTime: 2013-01-11T23:37:18.000000000Z
9599c.f54: ChangeTime: 2013-08-05T18:34:37.267709900Z
9699c.f54: FileAttributes: 0x20
9799c.f54: Size: 0x17310
9899c.f54: NT Headers: 0xf0
9999c.f54: Timestamp: 0x50d2c9c2
10099c.f54: Machine: 0x8664 - amd64
10199c.f54: Timestamp: 0x50d2c9c2
10299c.f54: Image Version: 6.0
10399c.f54: SizeOfImage: 0x21000 (135168)
10499c.f54: Resource Dir: 0x1f000 LB 0x370
10599c.f54: ProductName: Kaspersky™ Anti-Virus ®
10699c.f54: ProductVersion: 1.2.0.21
10799c.f54: FileVersion: 1.2.0.21
10899c.f54: FileDescription: Filter Core [fre_wlh_x64]
10999c.f54: \SystemRoot\System32\drivers\klif.sys:
11099c.f54: CreationTime: 2013-01-11T23:37:14.000000000Z
11199c.f54: LastWriteTime: 2013-01-11T23:37:14.000000000Z
11299c.f54: ChangeTime: 2013-08-05T18:34:37.220909900Z
11399c.f54: FileAttributes: 0x20
11499c.f54: Size: 0x9d510
11599c.f54: NT Headers: 0x108
11699c.f54: Timestamp: 0x50f005d0
11799c.f54: Machine: 0x8664 - amd64
11899c.f54: Timestamp: 0x50f005d0
11999c.f54: Image Version: 6.0
12099c.f54: SizeOfImage: 0xaa000 (696320)
12199c.f54: Resource Dir: 0xa8000 LB 0x388
12299c.f54: ProductName: Kaspersky™ Anti-Virus ®
12399c.f54: ProductVersion: 8.12.0.293
12499c.f54: FileVersion: 8.12.0.293
12599c.f54: FileDescription: Klif Mini-Filter [fre_wlh_x64]
12699c.f54: \SystemRoot\System32\drivers\klim6.sys:
12799c.f54: CreationTime: 2012-11-23T21:18:54.000000000Z
12899c.f54: LastWriteTime: 2012-11-23T21:18:54.000000000Z
12999c.f54: ChangeTime: 2013-07-08T12:26:19.778592700Z
13099c.f54: FileAttributes: 0x20
13199c.f54: Size: 0x6f58
13299c.f54: NT Headers: 0xf0
13399c.f54: Timestamp: 0x50af4d8a
13499c.f54: Machine: 0x8664 - amd64
13599c.f54: Timestamp: 0x50af4d8a
13699c.f54: Image Version: 6.0
13799c.f54: SizeOfImage: 0xa000 (40960)
13899c.f54: Resource Dir: 0x8000 LB 0x470
13999c.f54: ProductName: Kaspersky Anti-Virus
14099c.f54: ProductVersion: 6.0.1.964
14199c.f54: FileVersion: 8.0.0.48
14299c.f54: FileDescription: Kaspersky Lab Intermediate Network Driver
14399c.f54: \SystemRoot\System32\drivers\kltdi.sys:
14499c.f54: CreationTime: 2012-11-22T19:48:12.000000000Z
14599c.f54: LastWriteTime: 2012-11-22T19:48:12.000000000Z
14699c.f54: ChangeTime: 2013-08-05T18:34:33.991709900Z
14799c.f54: FileAttributes: 0x20
14899c.f54: Size: 0xd358
14999c.f54: NT Headers: 0x100
15099c.f54: Timestamp: 0x50ade6c4
15199c.f54: Machine: 0x8664 - amd64
15299c.f54: Timestamp: 0x50ade6c4
15399c.f54: Image Version: 6.1
15499c.f54: SizeOfImage: 0x10000 (65536)
15599c.f54: Resource Dir: 0xe000 LB 0x398
15699c.f54: ProductName: Kaspersky™ Anti-Virus ®
15799c.f54: ProductVersion: 1.2.0.10
15899c.f54: FileVersion: 1.2.0.10 built by: WinDDK
15999c.f54: FileDescription: Network filtering component
16099c.f54: \SystemRoot\System32\drivers\kneps.sys:
16199c.f54: CreationTime: 2012-11-17T00:46:58.000000000Z
16299c.f54: LastWriteTime: 2012-11-17T00:46:58.000000000Z
16399c.f54: ChangeTime: 2013-08-05T18:34:34.116509900Z
16499c.f54: FileAttributes: 0x20
16599c.f54: Size: 0x2b758
16699c.f54: NT Headers: 0x118
16799c.f54: Timestamp: 0x50a64376
16899c.f54: Machine: 0x8664 - amd64
16999c.f54: Timestamp: 0x50a64376
17099c.f54: Image Version: 6.1
17199c.f54: SizeOfImage: 0x2d000 (184320)
17299c.f54: Resource Dir: 0x2b000 LB 0x378
17399c.f54: ProductName: Kaspersky™ Anti-Virus ®
17499c.f54: ProductVersion: 5.2.0.28
17599c.f54: FileVersion: 5.2.0.28 built by: WinDDK
17699c.f54: FileDescription: KNEPS Power
17799c.f54: Calling main()
17899c.f54: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
17999c.f54: SUPR3HardenedMain: Respawn #1
18099c.f54: System32: \Device\HarddiskVolume3\Windows\System32
18199c.f54: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
18299c.f54: KnownDllPath: C:\Windows\system32
18399c.f54: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
18499c.f54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
18599c.f54: supR3HardNtEnableThreadCreation:
18699c.f54: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770bc340 pvNtTerminateThread=00000000770e17e0
18799c.f54: supR3HardenedWinDoReSpawn(1): New child 1050.82c [kernel32].
18899c.f54: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
18999c.f54: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077090000 uNtDllChildAddr=0000000077090000
19099c.f54: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770bc340
19199c.f54: supR3HardenedWinSetupChildInit: Start child.
19299c.f54: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
19399c.f54: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
19499c.f54: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
19599c.f54: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
19699c.f54: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
19799c.f54: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
19899c.f54: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
19999c.f54: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
20099c.f54: 0000000000041000-ffffffffffee1fff 0x0001/0x0000 0x0000000
20199c.f54: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000
20299c.f54: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000
20399c.f54: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000
20499c.f54: 00000000002a0000-ffffffff894affff 0x0001/0x0000 0x0000000
20599c.f54: *0000000077090000-000000007708efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
20699c.f54: 0000000077091000-0000000076f8efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
20799c.f54: 0000000077193000-0000000077163fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
20899c.f54: 00000000771c2000-00000000771b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
20999c.f54: 00000000771ca000-00000000771c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21099c.f54: 00000000771cb000-00000000771c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21199c.f54: 00000000771ce000-0000000077162fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21299c.f54: 0000000077239000-000000006f491fff 0x0001/0x0000 0x0000000
21399c.f54: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
21499c.f54: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
21599c.f54: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
21699c.f54: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000
21799c.f54: *000000013f1f0000-000000013f1eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
21899c.f54: 000000013f1f1000-000000013f16cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
21999c.f54: 000000013f275000-000000013f273fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22099c.f54: 000000013f276000-000000013f238fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22199c.f54: 000000013f2b3000-000000013f2b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22299c.f54: 000000013f2b4000-000000013f2b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22399c.f54: 000000013f2b5000-000000013f2b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22499c.f54: 000000013f2b7000-000000013f2b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22599c.f54: 000000013f2b8000-000000013f2b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22699c.f54: 000000013f2b9000-000000013f2b4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22799c.f54: 000000013f2bd000-000000013f283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
22899c.f54: 000000013f2f6000-fffff8037f23bfff 0x0001/0x0000 0x0000000
22999c.f54: *000007feff3b0000-000007feff3aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
23099c.f54: 000007feff3b1000-000007fdfe7b1fff 0x0001/0x0000 0x0000000
23199c.f54: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
23299c.f54: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
23399c.f54: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
23499c.f54: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
23599c.f54: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
23699c.f54: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
23799c.f54: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
23899c.f54: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
23999c.f54: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
24099c.f54: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
24199c.f54: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
24299c.f54: supR3HardNtChildPurify: Done after 543 ms and 0 fixes (loop #0).
2431050.82c: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
2441050.82c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077090000
24599c.f54: supR3HardNtEnableThreadCreation:
2461050.82c: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
2471050.82c: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1740800 allocation)
2481050.82c: System32: \Device\HarddiskVolume3\Windows\System32
2491050.82c: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
2501050.82c: KnownDllPath: C:\Windows\system32
2511050.82c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2521050.82c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2531050.82c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2541050.82c: Registered Dll notification callback with NTDLL.
2551050.82c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2561050.82c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2571050.82c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2581050.82c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2591050.82c: supR3HardenedDllNotificationCallback: load 0000000076e70000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2601050.82c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2611050.82c: supR3HardenedDllNotificationCallback: load 000007fefcf70000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2621050.82c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2631050.82c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2641050.82c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll'
2651050.82c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770bc340 pvNtTerminateThread=00000000770e17e0
26699c.f54: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 17 ms.
2671050.82c: \SystemRoot\System32\ntdll.dll:
2681050.82c: CreationTime: 2013-10-09T09:28:18.281672300Z
2691050.82c: LastWriteTime: 2013-08-29T02:16:35.515578900Z
2701050.82c: ChangeTime: 2013-10-10T15:02:52.780847600Z
2711050.82c: FileAttributes: 0x20
2721050.82c: Size: 0x1a6dc0
2731050.82c: NT Headers: 0xe0
2741050.82c: Timestamp: 0x521eaf24
2751050.82c: Machine: 0x8664 - amd64
2761050.82c: Timestamp: 0x521eaf24
2771050.82c: Image Version: 6.1
2781050.82c: SizeOfImage: 0x1a9000 (1740800)
2791050.82c: Resource Dir: 0x151000 LB 0x560d8
2801050.82c: ProductName: Microsoft® Windows® Operating System
2811050.82c: ProductVersion: 6.1.7601.18247
2821050.82c: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
2831050.82c: FileDescription: NT Layer DLL
2841050.82c: \SystemRoot\System32\kernel32.dll:
2851050.82c: CreationTime: 2014-04-09T19:16:18.464175600Z
2861050.82c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
2871050.82c: ChangeTime: 2014-04-14T14:05:07.417291600Z
2881050.82c: FileAttributes: 0x20
2891050.82c: Size: 0x11c000
2901050.82c: NT Headers: 0xe8
2911050.82c: Timestamp: 0x5315a059
2921050.82c: Machine: 0x8664 - amd64
2931050.82c: Timestamp: 0x5315a059
2941050.82c: Image Version: 6.1
2951050.82c: SizeOfImage: 0x11f000 (1175552)
2961050.82c: Resource Dir: 0x116000 LB 0x528
2971050.82c: ProductName: Microsoft® Windows® Operating System
2981050.82c: ProductVersion: 6.1.7601.18409
2991050.82c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3001050.82c: FileDescription: Windows NT BASE API Client DLL
3011050.82c: \SystemRoot\System32\KernelBase.dll:
3021050.82c: CreationTime: 2014-05-15T16:48:03.938503500Z
3031050.82c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
3041050.82c: ChangeTime: 2014-05-22T23:08:55.079063300Z
3051050.82c: FileAttributes: 0x20
3061050.82c: Size: 0x67c00
3071050.82c: NT Headers: 0xe8
3081050.82c: Timestamp: 0x5315a05a
3091050.82c: Machine: 0x8664 - amd64
3101050.82c: Timestamp: 0x5315a05a
3111050.82c: Image Version: 6.1
3121050.82c: SizeOfImage: 0x6c000 (442368)
3131050.82c: Resource Dir: 0x6a000 LB 0x530
3141050.82c: ProductName: Microsoft® Windows® Operating System
3151050.82c: ProductVersion: 6.1.7601.18409
3161050.82c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
3171050.82c: FileDescription: Windows NT BASE API Client DLL
3181050.82c: \SystemRoot\System32\apisetschema.dll:
3191050.82c: CreationTime: 2013-09-11T09:53:01.074440000Z
3201050.82c: LastWriteTime: 2013-08-02T02:12:20.275000000Z
3211050.82c: ChangeTime: 2013-09-11T10:20:39.245571700Z
3221050.82c: FileAttributes: 0x20
3231050.82c: Size: 0x1a00
3241050.82c: NT Headers: 0xc0
3251050.82c: Timestamp: 0x51fb15ca
3261050.82c: Machine: 0x8664 - amd64
3271050.82c: Timestamp: 0x51fb15ca
3281050.82c: Image Version: 6.1
3291050.82c: SizeOfImage: 0x50000 (327680)
3301050.82c: Resource Dir: 0x30000 LB 0x3f8
3311050.82c: ProductName: Microsoft® Windows® Operating System
3321050.82c: ProductVersion: 6.1.7601.18229
3331050.82c: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
3341050.82c: FileDescription: ApiSet Schema DLL
3351050.82c: Found driver KLIM6 (0x40)
3361050.82c: Found driver kl1 (0x40)
3371050.82c: Found driver kneps (0x40)
3381050.82c: Found driver kltdi (0x40)
3391050.82c: supR3HardenedWinFindAdversaries: 0x40
3401050.82c: \SystemRoot\System32\drivers\kl1.sys:
3411050.82c: CreationTime: 2012-06-20T00:28:12.000000000Z
3421050.82c: LastWriteTime: 2012-06-20T00:28:12.000000000Z
3431050.82c: ChangeTime: 2013-07-08T12:26:18.046592700Z
3441050.82c: FileAttributes: 0x20
3451050.82c: Size: 0x6ff58
3461050.82c: NT Headers: 0xe0
3471050.82c: Timestamp: 0x4fe07e33
3481050.82c: Machine: 0x8664 - amd64
3491050.82c: Timestamp: 0x4fe07e33
3501050.82c: Image Version: 0.0
3511050.82c: SizeOfImage: 0x75e000 (7725056)
3521050.82c: Resource Dir: 0x75c000 LB 0x448
3531050.82c: ProductName: Kaspersky Anti-Virus
3541050.82c: ProductVersion: 6.0.1.949
3551050.82c: FileVersion: 6.8.0.16
3561050.82c: FileDescription: Kaspersky Unified Driver
3571050.82c: \SystemRoot\System32\drivers\klflt.sys:
3581050.82c: CreationTime: 2013-01-11T23:37:18.000000000Z
3591050.82c: LastWriteTime: 2013-01-11T23:37:18.000000000Z
3601050.82c: ChangeTime: 2013-08-05T18:34:37.267709900Z
3611050.82c: FileAttributes: 0x20
3621050.82c: Size: 0x17310
3631050.82c: NT Headers: 0xf0
3641050.82c: Timestamp: 0x50d2c9c2
3651050.82c: Machine: 0x8664 - amd64
3661050.82c: Timestamp: 0x50d2c9c2
3671050.82c: Image Version: 6.0
3681050.82c: SizeOfImage: 0x21000 (135168)
3691050.82c: Resource Dir: 0x1f000 LB 0x370
3701050.82c: ProductName: Kaspersky™ Anti-Virus ®
3711050.82c: ProductVersion: 1.2.0.21
3721050.82c: FileVersion: 1.2.0.21
3731050.82c: FileDescription: Filter Core [fre_wlh_x64]
3741050.82c: \SystemRoot\System32\drivers\klif.sys:
3751050.82c: CreationTime: 2013-01-11T23:37:14.000000000Z
3761050.82c: LastWriteTime: 2013-01-11T23:37:14.000000000Z
3771050.82c: ChangeTime: 2013-08-05T18:34:37.220909900Z
3781050.82c: FileAttributes: 0x20
3791050.82c: Size: 0x9d510
3801050.82c: NT Headers: 0x108
3811050.82c: Timestamp: 0x50f005d0
3821050.82c: Machine: 0x8664 - amd64
3831050.82c: Timestamp: 0x50f005d0
3841050.82c: Image Version: 6.0
3851050.82c: SizeOfImage: 0xaa000 (696320)
3861050.82c: Resource Dir: 0xa8000 LB 0x388
3871050.82c: ProductName: Kaspersky™ Anti-Virus ®
3881050.82c: ProductVersion: 8.12.0.293
3891050.82c: FileVersion: 8.12.0.293
3901050.82c: FileDescription: Klif Mini-Filter [fre_wlh_x64]
3911050.82c: \SystemRoot\System32\drivers\klim6.sys:
3921050.82c: CreationTime: 2012-11-23T21:18:54.000000000Z
3931050.82c: LastWriteTime: 2012-11-23T21:18:54.000000000Z
3941050.82c: ChangeTime: 2013-07-08T12:26:19.778592700Z
3951050.82c: FileAttributes: 0x20
3961050.82c: Size: 0x6f58
3971050.82c: NT Headers: 0xf0
3981050.82c: Timestamp: 0x50af4d8a
3991050.82c: Machine: 0x8664 - amd64
4001050.82c: Timestamp: 0x50af4d8a
4011050.82c: Image Version: 6.0
4021050.82c: SizeOfImage: 0xa000 (40960)
4031050.82c: Resource Dir: 0x8000 LB 0x470
4041050.82c: ProductName: Kaspersky Anti-Virus
4051050.82c: ProductVersion: 6.0.1.964
4061050.82c: FileVersion: 8.0.0.48
4071050.82c: FileDescription: Kaspersky Lab Intermediate Network Driver
4081050.82c: \SystemRoot\System32\drivers\kltdi.sys:
4091050.82c: CreationTime: 2012-11-22T19:48:12.000000000Z
4101050.82c: LastWriteTime: 2012-11-22T19:48:12.000000000Z
4111050.82c: ChangeTime: 2013-08-05T18:34:33.991709900Z
4121050.82c: FileAttributes: 0x20
4131050.82c: Size: 0xd358
4141050.82c: NT Headers: 0x100
4151050.82c: Timestamp: 0x50ade6c4
4161050.82c: Machine: 0x8664 - amd64
4171050.82c: Timestamp: 0x50ade6c4
4181050.82c: Image Version: 6.1
4191050.82c: SizeOfImage: 0x10000 (65536)
4201050.82c: Resource Dir: 0xe000 LB 0x398
4211050.82c: ProductName: Kaspersky™ Anti-Virus ®
4221050.82c: ProductVersion: 1.2.0.10
4231050.82c: FileVersion: 1.2.0.10 built by: WinDDK
4241050.82c: FileDescription: Network filtering component
4251050.82c: \SystemRoot\System32\drivers\kneps.sys:
4261050.82c: CreationTime: 2012-11-17T00:46:58.000000000Z
4271050.82c: LastWriteTime: 2012-11-17T00:46:58.000000000Z
4281050.82c: ChangeTime: 2013-08-05T18:34:34.116509900Z
4291050.82c: FileAttributes: 0x20
4301050.82c: Size: 0x2b758
4311050.82c: NT Headers: 0x118
4321050.82c: Timestamp: 0x50a64376
4331050.82c: Machine: 0x8664 - amd64
4341050.82c: Timestamp: 0x50a64376
4351050.82c: Image Version: 6.1
4361050.82c: SizeOfImage: 0x2d000 (184320)
4371050.82c: Resource Dir: 0x2b000 LB 0x378
4381050.82c: ProductName: Kaspersky™ Anti-Virus ®
4391050.82c: ProductVersion: 5.2.0.28
4401050.82c: FileVersion: 5.2.0.28 built by: WinDDK
4411050.82c: FileDescription: KNEPS Power
4421050.82c: Calling main()
4431050.82c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4441050.82c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4451050.82c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4461050.82c: SUPR3HardenedMain: Respawn #2
4471050.82c: supR3HardNtEnableThreadCreation:
4481050.82c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
4491050.82c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
4501050.82c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4511050.82c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4521050.82c: supR3HardenedDllNotificationCallback: load 000007fefcc50000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
4531050.82c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4541050.82c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc50000 'C:\Windows\system32\apphelp.dll'
4551050.82c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770bc340 pvNtTerminateThread=00000000770e17e0
4561050.82c: supR3HardenedWinDoReSpawn(2): New child 106c.13ac [kernel32].
4571050.82c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
4581050.82c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077090000 uNtDllChildAddr=0000000077090000
4591050.82c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770bc340
4601050.82c: supR3HardenedWinSetupChildInit: Start child.
4611050.82c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4621050.82c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
4631050.82c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4641050.82c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
4651050.82c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
4661050.82c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
4671050.82c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
4681050.82c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
4691050.82c: 0000000000041000-0000000000021fff 0x0001/0x0000 0x0000000
4701050.82c: *0000000000060000-fffffffffff63fff 0x0000/0x0004 0x0020000
4711050.82c: 000000000015c000-0000000000158fff 0x0104/0x0004 0x0020000
4721050.82c: 000000000015f000-000000000015dfff 0x0004/0x0004 0x0020000
4731050.82c: 0000000000160000-ffffffff8922ffff 0x0001/0x0000 0x0000000
4741050.82c: *0000000077090000-000000007708efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4751050.82c: 0000000077091000-0000000076f8efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4761050.82c: 0000000077193000-0000000077163fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4771050.82c: 00000000771c2000-00000000771b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4781050.82c: 00000000771ca000-00000000771c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4791050.82c: 00000000771cb000-00000000771c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4801050.82c: 00000000771ce000-0000000077162fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4811050.82c: 0000000077239000-000000006f491fff 0x0001/0x0000 0x0000000
4821050.82c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4831050.82c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4841050.82c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4851050.82c: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000
4861050.82c: *000000013f1f0000-000000013f1eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4871050.82c: 000000013f1f1000-000000013f16cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4881050.82c: 000000013f275000-000000013f273fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4891050.82c: 000000013f276000-000000013f238fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4901050.82c: 000000013f2b3000-000000013f2b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4911050.82c: 000000013f2b4000-000000013f2b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4921050.82c: 000000013f2b5000-000000013f2b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4931050.82c: 000000013f2b7000-000000013f2b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4941050.82c: 000000013f2b8000-000000013f2b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4951050.82c: 000000013f2b9000-000000013f2b4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4961050.82c: 000000013f2bd000-000000013f283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4971050.82c: 000000013f2f6000-fffff8037f23bfff 0x0001/0x0000 0x0000000
4981050.82c: *000007feff3b0000-000007feff3aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
4991050.82c: 000007feff3b1000-000007fdfe7b1fff 0x0001/0x0000 0x0000000
5001050.82c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
5011050.82c: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
5021050.82c: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
5031050.82c: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
5041050.82c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
5051050.82c: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
5061050.82c: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
5071050.82c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5081050.82c: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
5091050.82c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
5101050.82c: supR3HardNtChildPurify: Done after 543 ms and 0 fixes (loop #0).
511106c.13ac: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
512106c.13ac: supR3HardenedVmProcessInit: uNtDllAddr=0000000077090000
513106c.13ac: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
5141050.82c: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000)
515106c.13ac: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation)
5161050.82c: supR3HardNtEnableThreadCreation:
517106c.13ac: System32: \Device\HarddiskVolume3\Windows\System32
518106c.13ac: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
519106c.13ac: KnownDllPath: C:\Windows\system32
520106c.13ac: supR3HardenedVmProcessInit: Opening vboxdrv...
521106c.13ac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
522106c.13ac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
523106c.13ac: Registered Dll notification callback with NTDLL.
524106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
525106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
526106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
527106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
528106c.13ac: supR3HardenedDllNotificationCallback: load 0000000076e70000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
529106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
530106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefcf70000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
531106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
532106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
533106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll'
534106c.13ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770bc340 pvNtTerminateThread=00000000770e17e0
5351050.82c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 23 ms.
536106c.13ac: \SystemRoot\System32\ntdll.dll:
537106c.13ac: CreationTime: 2013-10-09T09:28:18.281672300Z
538106c.13ac: LastWriteTime: 2013-08-29T02:16:35.515578900Z
539106c.13ac: ChangeTime: 2013-10-10T15:02:52.780847600Z
540106c.13ac: FileAttributes: 0x20
541106c.13ac: Size: 0x1a6dc0
542106c.13ac: NT Headers: 0xe0
543106c.13ac: Timestamp: 0x521eaf24
544106c.13ac: Machine: 0x8664 - amd64
545106c.13ac: Timestamp: 0x521eaf24
546106c.13ac: Image Version: 6.1
547106c.13ac: SizeOfImage: 0x1a9000 (1740800)
548106c.13ac: Resource Dir: 0x151000 LB 0x560d8
549106c.13ac: ProductName: Microsoft® Windows® Operating System
550106c.13ac: ProductVersion: 6.1.7601.18247
551106c.13ac: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
552106c.13ac: FileDescription: NT Layer DLL
553106c.13ac: \SystemRoot\System32\kernel32.dll:
554106c.13ac: CreationTime: 2014-04-09T19:16:18.464175600Z
555106c.13ac: LastWriteTime: 2014-03-04T09:44:00.336000000Z
556106c.13ac: ChangeTime: 2014-04-14T14:05:07.417291600Z
557106c.13ac: FileAttributes: 0x20
558106c.13ac: Size: 0x11c000
559106c.13ac: NT Headers: 0xe8
560106c.13ac: Timestamp: 0x5315a059
561106c.13ac: Machine: 0x8664 - amd64
562106c.13ac: Timestamp: 0x5315a059
563106c.13ac: Image Version: 6.1
564106c.13ac: SizeOfImage: 0x11f000 (1175552)
565106c.13ac: Resource Dir: 0x116000 LB 0x528
566106c.13ac: ProductName: Microsoft® Windows® Operating System
567106c.13ac: ProductVersion: 6.1.7601.18409
568106c.13ac: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
569106c.13ac: FileDescription: Windows NT BASE API Client DLL
570106c.13ac: \SystemRoot\System32\KernelBase.dll:
571106c.13ac: CreationTime: 2014-05-15T16:48:03.938503500Z
572106c.13ac: LastWriteTime: 2014-03-04T09:44:00.336000000Z
573106c.13ac: ChangeTime: 2014-05-22T23:08:55.079063300Z
574106c.13ac: FileAttributes: 0x20
575106c.13ac: Size: 0x67c00
576106c.13ac: NT Headers: 0xe8
577106c.13ac: Timestamp: 0x5315a05a
578106c.13ac: Machine: 0x8664 - amd64
579106c.13ac: Timestamp: 0x5315a05a
580106c.13ac: Image Version: 6.1
581106c.13ac: SizeOfImage: 0x6c000 (442368)
582106c.13ac: Resource Dir: 0x6a000 LB 0x530
583106c.13ac: ProductName: Microsoft® Windows® Operating System
584106c.13ac: ProductVersion: 6.1.7601.18409
585106c.13ac: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
586106c.13ac: FileDescription: Windows NT BASE API Client DLL
587106c.13ac: \SystemRoot\System32\apisetschema.dll:
588106c.13ac: CreationTime: 2013-09-11T09:53:01.074440000Z
589106c.13ac: LastWriteTime: 2013-08-02T02:12:20.275000000Z
590106c.13ac: ChangeTime: 2013-09-11T10:20:39.245571700Z
591106c.13ac: FileAttributes: 0x20
592106c.13ac: Size: 0x1a00
593106c.13ac: NT Headers: 0xc0
594106c.13ac: Timestamp: 0x51fb15ca
595106c.13ac: Machine: 0x8664 - amd64
596106c.13ac: Timestamp: 0x51fb15ca
597106c.13ac: Image Version: 6.1
598106c.13ac: SizeOfImage: 0x50000 (327680)
599106c.13ac: Resource Dir: 0x30000 LB 0x3f8
600106c.13ac: ProductName: Microsoft® Windows® Operating System
601106c.13ac: ProductVersion: 6.1.7601.18229
602106c.13ac: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
603106c.13ac: FileDescription: ApiSet Schema DLL
604106c.13ac: Found driver KLIM6 (0x40)
605106c.13ac: Found driver kl1 (0x40)
606106c.13ac: Found driver kneps (0x40)
607106c.13ac: Found driver kltdi (0x40)
608106c.13ac: supR3HardenedWinFindAdversaries: 0x40
609106c.13ac: \SystemRoot\System32\drivers\kl1.sys:
610106c.13ac: CreationTime: 2012-06-20T00:28:12.000000000Z
611106c.13ac: LastWriteTime: 2012-06-20T00:28:12.000000000Z
612106c.13ac: ChangeTime: 2013-07-08T12:26:18.046592700Z
613106c.13ac: FileAttributes: 0x20
614106c.13ac: Size: 0x6ff58
615106c.13ac: NT Headers: 0xe0
616106c.13ac: Timestamp: 0x4fe07e33
617106c.13ac: Machine: 0x8664 - amd64
618106c.13ac: Timestamp: 0x4fe07e33
619106c.13ac: Image Version: 0.0
620106c.13ac: SizeOfImage: 0x75e000 (7725056)
621106c.13ac: Resource Dir: 0x75c000 LB 0x448
622106c.13ac: ProductName: Kaspersky Anti-Virus
623106c.13ac: ProductVersion: 6.0.1.949
624106c.13ac: FileVersion: 6.8.0.16
625106c.13ac: FileDescription: Kaspersky Unified Driver
626106c.13ac: \SystemRoot\System32\drivers\klflt.sys:
627106c.13ac: CreationTime: 2013-01-11T23:37:18.000000000Z
628106c.13ac: LastWriteTime: 2013-01-11T23:37:18.000000000Z
629106c.13ac: ChangeTime: 2013-08-05T18:34:37.267709900Z
630106c.13ac: FileAttributes: 0x20
631106c.13ac: Size: 0x17310
632106c.13ac: NT Headers: 0xf0
633106c.13ac: Timestamp: 0x50d2c9c2
634106c.13ac: Machine: 0x8664 - amd64
635106c.13ac: Timestamp: 0x50d2c9c2
636106c.13ac: Image Version: 6.0
637106c.13ac: SizeOfImage: 0x21000 (135168)
638106c.13ac: Resource Dir: 0x1f000 LB 0x370
639106c.13ac: ProductName: Kaspersky™ Anti-Virus ®
640106c.13ac: ProductVersion: 1.2.0.21
641106c.13ac: FileVersion: 1.2.0.21
642106c.13ac: FileDescription: Filter Core [fre_wlh_x64]
643106c.13ac: \SystemRoot\System32\drivers\klif.sys:
644106c.13ac: CreationTime: 2013-01-11T23:37:14.000000000Z
645106c.13ac: LastWriteTime: 2013-01-11T23:37:14.000000000Z
646106c.13ac: ChangeTime: 2013-08-05T18:34:37.220909900Z
647106c.13ac: FileAttributes: 0x20
648106c.13ac: Size: 0x9d510
649106c.13ac: NT Headers: 0x108
650106c.13ac: Timestamp: 0x50f005d0
651106c.13ac: Machine: 0x8664 - amd64
652106c.13ac: Timestamp: 0x50f005d0
653106c.13ac: Image Version: 6.0
654106c.13ac: SizeOfImage: 0xaa000 (696320)
655106c.13ac: Resource Dir: 0xa8000 LB 0x388
656106c.13ac: ProductName: Kaspersky™ Anti-Virus ®
657106c.13ac: ProductVersion: 8.12.0.293
658106c.13ac: FileVersion: 8.12.0.293
659106c.13ac: FileDescription: Klif Mini-Filter [fre_wlh_x64]
660106c.13ac: \SystemRoot\System32\drivers\klim6.sys:
661106c.13ac: CreationTime: 2012-11-23T21:18:54.000000000Z
662106c.13ac: LastWriteTime: 2012-11-23T21:18:54.000000000Z
663106c.13ac: ChangeTime: 2013-07-08T12:26:19.778592700Z
664106c.13ac: FileAttributes: 0x20
665106c.13ac: Size: 0x6f58
666106c.13ac: NT Headers: 0xf0
667106c.13ac: Timestamp: 0x50af4d8a
668106c.13ac: Machine: 0x8664 - amd64
669106c.13ac: Timestamp: 0x50af4d8a
670106c.13ac: Image Version: 6.0
671106c.13ac: SizeOfImage: 0xa000 (40960)
672106c.13ac: Resource Dir: 0x8000 LB 0x470
673106c.13ac: ProductName: Kaspersky Anti-Virus
674106c.13ac: ProductVersion: 6.0.1.964
675106c.13ac: FileVersion: 8.0.0.48
676106c.13ac: FileDescription: Kaspersky Lab Intermediate Network Driver
677106c.13ac: \SystemRoot\System32\drivers\kltdi.sys:
678106c.13ac: CreationTime: 2012-11-22T19:48:12.000000000Z
679106c.13ac: LastWriteTime: 2012-11-22T19:48:12.000000000Z
680106c.13ac: ChangeTime: 2013-08-05T18:34:33.991709900Z
681106c.13ac: FileAttributes: 0x20
682106c.13ac: Size: 0xd358
683106c.13ac: NT Headers: 0x100
684106c.13ac: Timestamp: 0x50ade6c4
685106c.13ac: Machine: 0x8664 - amd64
686106c.13ac: Timestamp: 0x50ade6c4
687106c.13ac: Image Version: 6.1
688106c.13ac: SizeOfImage: 0x10000 (65536)
689106c.13ac: Resource Dir: 0xe000 LB 0x398
690106c.13ac: ProductName: Kaspersky™ Anti-Virus ®
691106c.13ac: ProductVersion: 1.2.0.10
692106c.13ac: FileVersion: 1.2.0.10 built by: WinDDK
693106c.13ac: FileDescription: Network filtering component
694106c.13ac: \SystemRoot\System32\drivers\kneps.sys:
695106c.13ac: CreationTime: 2012-11-17T00:46:58.000000000Z
696106c.13ac: LastWriteTime: 2012-11-17T00:46:58.000000000Z
697106c.13ac: ChangeTime: 2013-08-05T18:34:34.116509900Z
698106c.13ac: FileAttributes: 0x20
699106c.13ac: Size: 0x2b758
700106c.13ac: NT Headers: 0x118
701106c.13ac: Timestamp: 0x50a64376
702106c.13ac: Machine: 0x8664 - amd64
703106c.13ac: Timestamp: 0x50a64376
704106c.13ac: Image Version: 6.1
705106c.13ac: SizeOfImage: 0x2d000 (184320)
706106c.13ac: Resource Dir: 0x2b000 LB 0x378
707106c.13ac: ProductName: Kaspersky™ Anti-Virus ®
708106c.13ac: ProductVersion: 5.2.0.28
709106c.13ac: FileVersion: 5.2.0.28 built by: WinDDK
710106c.13ac: FileDescription: KNEPS Power
711106c.13ac: Calling main()
712106c.13ac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
713106c.13ac: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
714106c.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
715106c.13ac: SUPR3HardenedMain: Final process, opening VBoxDrv...
716106c.13ac: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
717106c.13ac: supR3HardNtEnableThreadCreation:
718106c.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
719106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
720106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007759e0:C:\Windows\system32 [calling]
721106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
722106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefbe20000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
723106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
724106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
725106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
726106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
727106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
728106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
729106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
730106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
731106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
732106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
733106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
734106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
735106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
736106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
737106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
738106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
739106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
740106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
741106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
742106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
743106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
744106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
745106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
746106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
747106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
748106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
749106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
750106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
751106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
752106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
753106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
754106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
755106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
756106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
757106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
758106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
759106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
760106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
761106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007759e0:C:\Windows\system32 [calling]
762106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
763106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefd150000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
764106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
765106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefd670000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
766106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
767106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
768106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
769106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefce50000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
770106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
771106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefde90000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
772106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
773106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\Wintrust.dll'
774106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
775106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
776106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
777106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
778106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc650000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
779106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
780106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc650000 'C:\Windows\system32\CRYPTSP.dll'
781106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
782106c.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
783106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
784106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
785106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
786106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
787106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
788106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
789106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc2b0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
790106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
791106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2b0000 'C:\Windows\system32\rsaenh.dll'
792106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
793106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
794106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
795106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
796106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
797106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
798106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
799106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
800106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
801106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
802106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
803106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
804106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefd540000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
805106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
806106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
807106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
808106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
809106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
810106c.13ac: supR3HardenedDllNotificationCallback: load 000007feff0b0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
811106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
812106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\ADVAPI32.dll'
813106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
814106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
815106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
816106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
817106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
818106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
819106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
820106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
821106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
822106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
823106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefccb0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
824106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
825106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccb0000 'C:\Windows\system32\CRYPTBASE.dll'
826106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
827106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
828106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll'
829106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
830106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
831106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\WINTRUST.DLL'
832106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
833106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
834106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfe0000 'C:\Windows\system32\CRYPT32.dll'
835106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
836106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
837106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
838106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
839106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
840106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
841106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
842106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
843106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
844106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
845106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
846106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
847106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefe160000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
848106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
849106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe160000 'C:\Windows\system32\imagehlp.dll'
850106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
851106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
852106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc650000 'C:\Windows\system32\CRYPTSP.dll'
853106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
854106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
855106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
856106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
857106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
858106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
859106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
860106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
861106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
862106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
863106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
864106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
865106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
866106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
867106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll)
868106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll
869106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
870106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
871106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
872106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
873106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
874106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
875106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
876106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
877106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll)
878106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll
879106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
880106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
881106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
882106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
883106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
884106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
885106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
886106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
887106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
888106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
889106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
890106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
891106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
892106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
893106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
894106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
895106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
896106c.13ac: supR3HardenedDllNotificationCallback: load 0000000076f90000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
897106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
898106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefdcb0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
899106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
900106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefe310000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
901106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust]
902106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefdfc0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
903106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust]
904106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
905106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
906106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\gdi32.dll'
907106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
908106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
909106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
910106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
911106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
912106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
913106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
914106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
915106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
916106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
917106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
918106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
919106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
920106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
921106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
922106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
923106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
924106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
925106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
926106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
927106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
928106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
929106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
930106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
931106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
932106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
933106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
934106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
935106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
936106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
937106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
938106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
939106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
940106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefe130000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
941106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
942106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
943106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust]
944106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe130000 'C:\Windows\system32\IMM32.DLL'
945106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f90000 'C:\Windows\system32\USER32.dll'
946106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
947106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
948106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
949106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
950106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
951106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
952106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
953106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
954106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
955106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
956106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
957106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
958106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
959106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
960106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
961106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
962106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
963106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc7a0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
964106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
965106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
966106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc770000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
967106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
968106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7a0000 'C:\Windows\system32\ncrypt.dll'
969106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
970106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
971106c.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
972106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
973106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
974106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
975106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
976106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
977106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
978106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
979106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
980106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
981106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc1a0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
982106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
983106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1a0000 'C:\Windows\system32\bcryptprimitives.dll'
984106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
985106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
986106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc770000 'C:\Windows\system32\bcrypt.dll'
987106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
988106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
989106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
990106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
991106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
992106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
993106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
994106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
995106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
996106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
997106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
998106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
999106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1000106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1001106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1002106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1003106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1004106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1005106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1006106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1007106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1008106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefce80000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1009106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1010106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1011106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1012106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce80000 'C:\Windows\system32\USERENV.dll'
1013106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1014106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1015106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1016106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1017106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1018106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1019106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
1020106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
1021106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1022106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1023106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1024106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1025106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1026106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1027106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1028106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1029106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc4e0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1030106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1031106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4e0000 'C:\Windows\system32\GPAPI.dll'
1032106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1033106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1034106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1035106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1036106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde90000 'C:\Windows\system32\rpcrt4.dll'
1037106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1038106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1039106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1040106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1041106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1042106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1043106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1044106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1045106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
1046106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1047106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1048106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1049106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1050106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
1051106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
1052106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1053106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1054106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1055106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1056106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1057106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1058106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1059106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1060106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1061106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1062106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1063106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1064106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1065106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1066106c.13ac: supR3HardenedDllNotificationCallback: load 000007fef9460000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1067106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1068106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefda70000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1069106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1070106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1071106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1072106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1073106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1074106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1075106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1076106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1077106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1078106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1079106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1080106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1081106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1082106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1083106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1084106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1085106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1086106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1087106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1088106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1089106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1090106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1091106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1092106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1093106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1094106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1095106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1096106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1097106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1098106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1099106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1100106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll'
1101106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1102106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1103106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1104106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1105106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\profapi.dll'
1106106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1107106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1108106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1109106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
1110106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1111106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1112106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1113106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1114106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1115106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1116106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1117106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1118106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1119106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1120106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1121106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1122106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefde00000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1123106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1124106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\SHLWAPI.dll'
1125106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1126106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1127106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1128106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
1129106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1130106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1131106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1132106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1133106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1134106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1135106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1136106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1137106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\ADVAPI32.dll'
1138106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1139106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1140106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling]
1141106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1142106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1143106c.13ac: g_pfnWinVerifyTrust=000007fefd151010
1144106c.13ac: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1145106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
1146106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1147106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1148106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0752B52B3009339E2F25EAE5A58D7AAA80FBDE38
1149106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1150106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1151106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1152106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0752B52B3009339E2F25EAE5A58D7AAA80FBDE38
1153106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1154106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1155106c.13ac: supR3HardenedScreenImage/preload: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
1156106c.13ac: Error (rc=0):
1157106c.13ac: supR3HardenedScreenImage/preload: cached rc=Unknown Status -22900 (0xffffa68c) fImage=0 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1158106c.13ac: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1159106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
1160106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1161106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1162106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
1163106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1164106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1165106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1166106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
1167106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1168106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1169106c.13ac: supR3HardenedScreenImage/preload: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
1170106c.13ac: Error (rc=0):
1171106c.13ac: supR3HardenedScreenImage/preload: cached rc=Unknown Status -22900 (0xffffa68c) fImage=0 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1172106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c0 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1173106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1174106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1175106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1176106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1177106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1178106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1179106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1180106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1181106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1182106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
1183106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
1184106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1185106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1186106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1187106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1188106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1189106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1190106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1191106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1192106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1193106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
1194106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1195106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1196106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1197106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
1198106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1199106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1200106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1201106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
1202106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1203106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1204106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1205106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
1206106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1207106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1208106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1209106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1210106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1211106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1212106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1213106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1214106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1215106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
1216106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
1217106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1218106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1219106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1220106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1221106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1222106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1223106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1224106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1225106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1226106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
1227106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
1228106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1229106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1230106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1231106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1232106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1233106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1234106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1235106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1236106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1237106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
1238106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1239106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
1240106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1241106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1242106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1243106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1244106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1245106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1246106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1247106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1248106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1249106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1250106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
1251106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1252106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1253106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D68DA0EBD4E0AA6C401CF7C54CEA904099DD3933
1254106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1255106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1256106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1257106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D68DA0EBD4E0AA6C401CF7C54CEA904099DD3933
1258106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1259106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1260106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
1261106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll
1262106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1263106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1264106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1265106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1266106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1267106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1268106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1269106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1270106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1271106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
1272106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll
1273106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1274106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1275106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1276106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1277106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1278106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1279106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1280106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1281106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1282106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
1283106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll
1284106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1285106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1286106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1287106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1288106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1289106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1290106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1291106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1292106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1293106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll'
1294106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll
1295106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1296106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1297106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
1298106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1299106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1300106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1301106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
1302106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1303106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1304106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll'
1305106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
1306106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1307106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1308106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
1309106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1310106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1311106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1312106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
1313106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1314106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1315106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1316106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
1317106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1318106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1319106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1320106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1321106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1322106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1323106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1324106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1325106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1326106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
1327106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
1328106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1329106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1330106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1331106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1332106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1333106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1334106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1335106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1336106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1337106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
1338106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1339106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1340106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1341106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1342106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1343106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1344106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1345106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1346106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1347106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1348106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
1349106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
1350106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1351106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1352106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1353106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1354106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1355106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1356106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1357106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1358106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1359106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
1360106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
1361106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1362106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1363106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
1364106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1365106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1366106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1367106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
1368106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1369106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1370106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1371106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
1372106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
1373106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1374106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1375106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1376106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1377106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1378106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1379106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1380106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1381106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1382106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
1383106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1384106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1385106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1386106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1387106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1388106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1389106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1390106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1391106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1392106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1393106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1394106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
1395106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1396106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1397106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1398106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1399106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1400106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1401106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1402106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1403106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1404106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1405106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1406106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1407106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1408106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1409106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1410106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1411106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1412106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1413106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1414106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1415106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1416106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1417106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1418106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1419106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1420106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
1421106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1422106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1423106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1424106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
1425106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1426106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1427106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1428106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
1429106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90
1430106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1431106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
1432106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0)
1433106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90
1434106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90
1435106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
1436106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783)
1437106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1438106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1439106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1440106c.13ac: Error (rc=0):
1441106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1442106c.13ac: Error (rc=0):
1443106c.13ac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\crypt32.dll' (C:\Windows\system32\crypt32.dll): rcNt=0xc0000190
1444106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\crypt32.dll'
1445106c.13ac: Fatal error:
1446106c.13ac: Error loading 'crypt32.dll': 1790 [C:\Windows\system32\crypt32.dll]
14471050.82c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 155 ms, the end);
144899c.f54: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 743 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy