VirtualBox

Ticket #13775: VBoxStartup.log

File VBoxStartup.log, 286.9 KB (added by mnman, 10 years ago)

VirtBox testbuild Fail

Line 
11608.15b4: Log file opened: 4.3.21r97569 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110
21608.15b4: \SystemRoot\System32\ntdll.dll:
31608.15b4: CreationTime: 2013-10-11T00:27:08.898984800Z
41608.15b4: LastWriteTime: 2013-08-29T02:16:35.515578900Z
51608.15b4: ChangeTime: 2014-12-15T16:32:10.938403200Z
61608.15b4: FileAttributes: 0x20
71608.15b4: Size: 0x1a6dc0
81608.15b4: NT Headers: 0xe0
91608.15b4: Timestamp: 0x521eaf24
101608.15b4: Machine: 0x8664 - amd64
111608.15b4: Timestamp: 0x521eaf24
121608.15b4: Image Version: 6.1
131608.15b4: SizeOfImage: 0x1a9000 (1740800)
141608.15b4: Resource Dir: 0x151000 LB 0x560d8
151608.15b4: ProductName: Microsoft® Windows® Operating System
161608.15b4: ProductVersion: 6.1.7601.18247
171608.15b4: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
181608.15b4: FileDescription: NT Layer DLL
191608.15b4: \SystemRoot\System32\kernel32.dll:
201608.15b4: CreationTime: 2014-04-08T17:52:11.563330500Z
211608.15b4: LastWriteTime: 2014-03-04T09:44:00.336000000Z
221608.15b4: ChangeTime: 2014-12-15T16:32:06.941796100Z
231608.15b4: FileAttributes: 0x20
241608.15b4: Size: 0x11c000
251608.15b4: NT Headers: 0xe8
261608.15b4: Timestamp: 0x5315a059
271608.15b4: Machine: 0x8664 - amd64
281608.15b4: Timestamp: 0x5315a059
291608.15b4: Image Version: 6.1
301608.15b4: SizeOfImage: 0x11f000 (1175552)
311608.15b4: Resource Dir: 0x116000 LB 0x528
321608.15b4: ProductName: Microsoft® Windows® Operating System
331608.15b4: ProductVersion: 6.1.7601.18409
341608.15b4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
351608.15b4: FileDescription: Windows NT BASE API Client DLL
361608.15b4: \SystemRoot\System32\KernelBase.dll:
371608.15b4: CreationTime: 2014-05-14T14:19:49.655911900Z
381608.15b4: LastWriteTime: 2014-03-04T09:44:00.336000000Z
391608.15b4: ChangeTime: 2014-12-15T16:32:06.972996100Z
401608.15b4: FileAttributes: 0x20
411608.15b4: Size: 0x67c00
421608.15b4: NT Headers: 0xe8
431608.15b4: Timestamp: 0x5315a05a
441608.15b4: Machine: 0x8664 - amd64
451608.15b4: Timestamp: 0x5315a05a
461608.15b4: Image Version: 6.1
471608.15b4: SizeOfImage: 0x6c000 (442368)
481608.15b4: Resource Dir: 0x6a000 LB 0x530
491608.15b4: ProductName: Microsoft® Windows® Operating System
501608.15b4: ProductVersion: 6.1.7601.18409
511608.15b4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
521608.15b4: FileDescription: Windows NT BASE API Client DLL
531608.15b4: \SystemRoot\System32\apisetschema.dll:
541608.15b4: CreationTime: 2013-09-13T00:27:27.125703100Z
551608.15b4: LastWriteTime: 2013-08-02T02:12:20.275000000Z
561608.15b4: ChangeTime: 2014-12-15T16:32:16.182012500Z
571608.15b4: FileAttributes: 0x20
581608.15b4: Size: 0x1a00
591608.15b4: NT Headers: 0xc0
601608.15b4: Timestamp: 0x51fb15ca
611608.15b4: Machine: 0x8664 - amd64
621608.15b4: Timestamp: 0x51fb15ca
631608.15b4: Image Version: 6.1
641608.15b4: SizeOfImage: 0x50000 (327680)
651608.15b4: Resource Dir: 0x30000 LB 0x3f8
661608.15b4: ProductName: Microsoft® Windows® Operating System
671608.15b4: ProductVersion: 6.1.7601.18229
681608.15b4: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
691608.15b4: FileDescription: ApiSet Schema DLL
701608.15b4: Found driver NisDrv (0x400)
711608.15b4: supR3HardenedWinFindAdversaries: 0x480
721608.15b4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
731608.15b4: CreationTime: 2014-08-29T14:06:38.460628200Z
741608.15b4: LastWriteTime: 2015-01-13T22:19:10.600779300Z
751608.15b4: ChangeTime: 2015-01-13T22:19:10.600779300Z
761608.15b4: FileAttributes: 0x20
771608.15b4: Size: 0x1fad8
781608.15b4: NT Headers: 0xd8
791608.15b4: Timestamp: 0x541caaaf
801608.15b4: Machine: 0x8664 - amd64
811608.15b4: Timestamp: 0x541caaaf
821608.15b4: Image Version: 6.1
831608.15b4: SizeOfImage: 0x23000 (143360)
841608.15b4: Resource Dir: 0x22000 LB 0x3f0
851608.15b4: ProductName: Malwarebytes Anti-Malware
861608.15b4: ProductVersion: 0.2.13.0
871608.15b4: FileVersion: 0.2.13.0
881608.15b4: FileDescription: Malwarebytes Anti-Malware
891608.15b4: \SystemRoot\System32\drivers\mwac.sys:
901608.15b4: CreationTime: 2014-08-29T14:06:17.837392200Z
911608.15b4: LastWriteTime: 2014-11-21T12:14:22.000000000Z
921608.15b4: ChangeTime: 2014-12-05T05:38:29.313527300Z
931608.15b4: FileAttributes: 0x20
941608.15b4: Size: 0xf8d8
951608.15b4: NT Headers: 0xf8
961608.15b4: Timestamp: 0x53a0f42a
971608.15b4: Machine: 0x8664 - amd64
981608.15b4: Timestamp: 0x53a0f42a
991608.15b4: Image Version: 6.2
1001608.15b4: SizeOfImage: 0x12000 (73728)
1011608.15b4: Resource Dir: 0x10000 LB 0x3e0
1021608.15b4: ProductName: Malwarebytes Web Access Control
1031608.15b4: ProductVersion: 1.0.6.0
1041608.15b4: FileVersion: 1.0.6.0
1051608.15b4: FileDescription: Malwarebytes Web Access Control
1061608.15b4: \SystemRoot\System32\drivers\mbamchameleon.sys:
1071608.15b4: CreationTime: 2014-08-29T14:06:17.868592300Z
1081608.15b4: LastWriteTime: 2014-11-21T12:14:12.000000000Z
1091608.15b4: ChangeTime: 2014-12-05T05:38:29.516327600Z
1101608.15b4: FileAttributes: 0x20
1111608.15b4: Size: 0x16cd8
1121608.15b4: NT Headers: 0xe0
1131608.15b4: Timestamp: 0x53f2136a
1141608.15b4: Machine: 0x8664 - amd64
1151608.15b4: Timestamp: 0x53f2136a
1161608.15b4: Image Version: 6.1
1171608.15b4: SizeOfImage: 0x1a000 (106496)
1181608.15b4: Resource Dir: 0x18000 LB 0xbd0
1191608.15b4: ProductName: Malwarebytes Chameleon
1201608.15b4: ProductVersion: 1.1.4.0
1211608.15b4: FileVersion: 1.1.4.0
1221608.15b4: FileDescription: Malwarebytes Chameleon Protection Driver
1231608.15b4: \SystemRoot\System32\drivers\mbam.sys:
1241608.15b4: CreationTime: 2014-08-29T14:06:17.821792200Z
1251608.15b4: LastWriteTime: 2014-11-21T12:14:08.000000000Z
1261608.15b4: ChangeTime: 2014-12-05T05:38:29.297927200Z
1271608.15b4: FileAttributes: 0x20
1281608.15b4: Size: 0x64d8
1291608.15b4: NT Headers: 0xd8
1301608.15b4: Timestamp: 0x540754e1
1311608.15b4: Machine: 0x8664 - amd64
1321608.15b4: Timestamp: 0x540754e1
1331608.15b4: Image Version: 6.1
1341608.15b4: SizeOfImage: 0xa000 (40960)
1351608.15b4: Resource Dir: 0x8000 LB 0x3d0
1361608.15b4: ProductName: Malwarebytes Anti-Malware
1371608.15b4: ProductVersion: 0.1.15.0
1381608.15b4: FileVersion: 0.1.15.0
1391608.15b4: FileDescription: Malwarebytes Anti-Malware
1401608.15b4: \SystemRoot\System32\drivers\MpFilter.sys:
1411608.15b4: CreationTime: 2014-07-17T23:05:06.000000000Z
1421608.15b4: LastWriteTime: 2014-07-17T23:05:06.000000000Z
1431608.15b4: ChangeTime: 2014-09-09T23:22:15.541298400Z
1441608.15b4: FileAttributes: 0x20
1451608.15b4: Size: 0x41ad0
1461608.15b4: NT Headers: 0xf0
1471608.15b4: Timestamp: 0x53bdfdba
1481608.15b4: Machine: 0x8664 - amd64
1491608.15b4: Timestamp: 0x53bdfdba
1501608.15b4: Image Version: 6.3
1511608.15b4: SizeOfImage: 0x42000 (270336)
1521608.15b4: Resource Dir: 0x40000 LB 0xd50
1531608.15b4: ProductName: Microsoft Malware Protection
1541608.15b4: ProductVersion: 4.6.0300.0
1551608.15b4: FileVersion: 4.6.0300.0
1561608.15b4: FileDescription: Microsoft antimalware file system filter driver
1571608.15b4: \SystemRoot\System32\drivers\NisDrvWFP.sys:
1581608.15b4: CreationTime: 2014-03-11T14:52:30.000000000Z
1591608.15b4: LastWriteTime: 2014-07-17T23:05:06.000000000Z
1601608.15b4: ChangeTime: 2014-09-09T23:22:14.801256100Z
1611608.15b4: FileAttributes: 0x20
1621608.15b4: Size: 0x1ea90
1631608.15b4: NT Headers: 0xe0
1641608.15b4: Timestamp: 0x53bdfde3
1651608.15b4: Machine: 0x8664 - amd64
1661608.15b4: Timestamp: 0x53bdfde3
1671608.15b4: Image Version: 6.3
1681608.15b4: SizeOfImage: 0x1f000 (126976)
1691608.15b4: Resource Dir: 0x1c000 LB 0x1b90
1701608.15b4: ProductName: Microsoft Malware Protection
1711608.15b4: ProductVersion: 4.6.0300.0
1721608.15b4: FileVersion: 4.6.0300.0
1731608.15b4: FileDescription: Microsoft Network Realtime Inspection Driver
1741608.15b4: Calling main()
1751608.15b4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1761608.15b4: SUPR3HardenedMain: Respawn #1
1771608.15b4: System32: \Device\HarddiskVolume2\Windows\System32
1781608.15b4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1791608.15b4: KnownDllPath: C:\Windows\system32
1801608.15b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1811608.15b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1821608.15b4: supR3HardNtEnableThreadCreation:
1831608.15b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007723c340 pvNtTerminateThread=00000000772617e0
1841608.15b4: supR3HardenedWinDoReSpawn(1): New child 13f8.146c [kernel32].
1851608.15b4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
1861608.15b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077210000 uNtDllChildAddr=0000000077210000
1871608.15b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007723c340
1881608.15b4: supR3HardenedWinSetupChildInit: Start child.
1891608.15b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1901608.15b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 59 sleeps
1911608.15b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1921608.15b4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1931608.15b4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1941608.15b4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
1951608.15b4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
1961608.15b4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
1971608.15b4: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
1981608.15b4: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
1991608.15b4: 0000000000051000-ffffffffffe81fff 0x0001/0x0000 0x0000000
2001608.15b4: *0000000000220000-0000000000123fff 0x0000/0x0004 0x0020000
2011608.15b4: 000000000031c000-0000000000318fff 0x0104/0x0004 0x0020000
2021608.15b4: 000000000031f000-000000000031dfff 0x0004/0x0004 0x0020000
2031608.15b4: 0000000000320000-ffffffff8942ffff 0x0001/0x0000 0x0000000
2041608.15b4: *0000000077210000-000000007720efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2051608.15b4: 0000000077211000-000000007710efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2061608.15b4: 0000000077313000-00000000772e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2071608.15b4: 0000000077342000-0000000077339fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2081608.15b4: 000000007734a000-0000000077348fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2091608.15b4: 000000007734b000-0000000077347fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2101608.15b4: 000000007734e000-00000000772e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2111608.15b4: 00000000773b9000-000000006f791fff 0x0001/0x0000 0x0000000
2121608.15b4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
2131608.15b4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2141608.15b4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2151608.15b4: 000000007fff0000-ffffffffc0f7ffff 0x0001/0x0000 0x0000000
2161608.15b4: *000000013f060000-000000013f05efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2171608.15b4: 000000013f061000-000000013efdcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2181608.15b4: 000000013f0e5000-000000013f0e3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2191608.15b4: 000000013f0e6000-000000013f0a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2201608.15b4: 000000013f123000-000000013f121fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2211608.15b4: 000000013f124000-000000013f122fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2221608.15b4: 000000013f125000-000000013f122fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2231608.15b4: 000000013f127000-000000013f125fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2241608.15b4: 000000013f128000-000000013f126fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2251608.15b4: 000000013f129000-000000013f124fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2261608.15b4: 000000013f12d000-000000013f0f3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2271608.15b4: 000000013f166000-fffff8037ed9bfff 0x0001/0x0000 0x0000000
2281608.15b4: *000007feff530000-000007feff52efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2291608.15b4: 000007feff531000-000007fdfeab1fff 0x0001/0x0000 0x0000000
2301608.15b4: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
2311608.15b4: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
2321608.15b4: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
2331608.15b4: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
2341608.15b4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2351608.15b4: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
2361608.15b4: VirtualBox.exe: timestamp 0x54affd5d (rc=VINF_SUCCESS)
2371608.15b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2381608.15b4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2391608.15b4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2401608.15b4: supR3HardNtChildPurify: Done after 544 ms and 0 fixes (loop #0).
2411608.15b4: supR3HardNtEnableThreadCreation:
24213f8.146c: Log file opened: 4.3.21r97569 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
24313f8.146c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077210000
24413f8.146c: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
24513f8.146c: New simple heap: #1 0000000000320000 LB 0x400000 (for 1740800 allocation)
24613f8.146c: System32: \Device\HarddiskVolume2\Windows\System32
24713f8.146c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
24813f8.146c: KnownDllPath: C:\Windows\system32
24913f8.146c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
25013f8.146c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
25113f8.146c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
25213f8.146c: Registered Dll notification callback with NTDLL.
25313f8.146c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
25413f8.146c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
25513f8.146c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
25613f8.146c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
25713f8.146c: supR3HardenedDllNotificationCallback: load 00000000770f0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
25813f8.146c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
25913f8.146c: supR3HardenedDllNotificationCallback: load 000007fefd290000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
26013f8.146c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
26113f8.146c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
26213f8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770f0000 'C:\Windows\system32\kernel32.dll'
26313f8.146c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007723c340 pvNtTerminateThread=00000000772617e0
2641608.15b4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 30 ms.
26513f8.146c: \SystemRoot\System32\ntdll.dll:
26613f8.146c: CreationTime: 2013-10-11T00:27:08.898984800Z
26713f8.146c: LastWriteTime: 2013-08-29T02:16:35.515578900Z
26813f8.146c: ChangeTime: 2014-12-15T16:32:10.938403200Z
26913f8.146c: FileAttributes: 0x20
27013f8.146c: Size: 0x1a6dc0
27113f8.146c: NT Headers: 0xe0
27213f8.146c: Timestamp: 0x521eaf24
27313f8.146c: Machine: 0x8664 - amd64
27413f8.146c: Timestamp: 0x521eaf24
27513f8.146c: Image Version: 6.1
27613f8.146c: SizeOfImage: 0x1a9000 (1740800)
27713f8.146c: Resource Dir: 0x151000 LB 0x560d8
27813f8.146c: ProductName: Microsoft® Windows® Operating System
27913f8.146c: ProductVersion: 6.1.7601.18247
28013f8.146c: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
28113f8.146c: FileDescription: NT Layer DLL
28213f8.146c: \SystemRoot\System32\kernel32.dll:
28313f8.146c: CreationTime: 2014-04-08T17:52:11.563330500Z
28413f8.146c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
28513f8.146c: ChangeTime: 2014-12-15T16:32:06.941796100Z
28613f8.146c: FileAttributes: 0x20
28713f8.146c: Size: 0x11c000
28813f8.146c: NT Headers: 0xe8
28913f8.146c: Timestamp: 0x5315a059
29013f8.146c: Machine: 0x8664 - amd64
29113f8.146c: Timestamp: 0x5315a059
29213f8.146c: Image Version: 6.1
29313f8.146c: SizeOfImage: 0x11f000 (1175552)
29413f8.146c: Resource Dir: 0x116000 LB 0x528
29513f8.146c: ProductName: Microsoft® Windows® Operating System
29613f8.146c: ProductVersion: 6.1.7601.18409
29713f8.146c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
29813f8.146c: FileDescription: Windows NT BASE API Client DLL
29913f8.146c: \SystemRoot\System32\KernelBase.dll:
30013f8.146c: CreationTime: 2014-05-14T14:19:49.655911900Z
30113f8.146c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
30213f8.146c: ChangeTime: 2014-12-15T16:32:06.972996100Z
30313f8.146c: FileAttributes: 0x20
30413f8.146c: Size: 0x67c00
30513f8.146c: NT Headers: 0xe8
30613f8.146c: Timestamp: 0x5315a05a
30713f8.146c: Machine: 0x8664 - amd64
30813f8.146c: Timestamp: 0x5315a05a
30913f8.146c: Image Version: 6.1
31013f8.146c: SizeOfImage: 0x6c000 (442368)
31113f8.146c: Resource Dir: 0x6a000 LB 0x530
31213f8.146c: ProductName: Microsoft® Windows® Operating System
31313f8.146c: ProductVersion: 6.1.7601.18409
31413f8.146c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
31513f8.146c: FileDescription: Windows NT BASE API Client DLL
31613f8.146c: \SystemRoot\System32\apisetschema.dll:
31713f8.146c: CreationTime: 2013-09-13T00:27:27.125703100Z
31813f8.146c: LastWriteTime: 2013-08-02T02:12:20.275000000Z
31913f8.146c: ChangeTime: 2014-12-15T16:32:16.182012500Z
32013f8.146c: FileAttributes: 0x20
32113f8.146c: Size: 0x1a00
32213f8.146c: NT Headers: 0xc0
32313f8.146c: Timestamp: 0x51fb15ca
32413f8.146c: Machine: 0x8664 - amd64
32513f8.146c: Timestamp: 0x51fb15ca
32613f8.146c: Image Version: 6.1
32713f8.146c: SizeOfImage: 0x50000 (327680)
32813f8.146c: Resource Dir: 0x30000 LB 0x3f8
32913f8.146c: ProductName: Microsoft® Windows® Operating System
33013f8.146c: ProductVersion: 6.1.7601.18229
33113f8.146c: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
33213f8.146c: FileDescription: ApiSet Schema DLL
33313f8.146c: Found driver NisDrv (0x400)
33413f8.146c: supR3HardenedWinFindAdversaries: 0x480
33513f8.146c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
33613f8.146c: CreationTime: 2014-08-29T14:06:38.460628200Z
33713f8.146c: LastWriteTime: 2015-01-13T22:19:10.600779300Z
33813f8.146c: ChangeTime: 2015-01-13T22:19:10.600779300Z
33913f8.146c: FileAttributes: 0x20
34013f8.146c: Size: 0x1fad8
34113f8.146c: NT Headers: 0xd8
34213f8.146c: Timestamp: 0x541caaaf
34313f8.146c: Machine: 0x8664 - amd64
34413f8.146c: Timestamp: 0x541caaaf
34513f8.146c: Image Version: 6.1
34613f8.146c: SizeOfImage: 0x23000 (143360)
34713f8.146c: Resource Dir: 0x22000 LB 0x3f0
34813f8.146c: ProductName: Malwarebytes Anti-Malware
34913f8.146c: ProductVersion: 0.2.13.0
35013f8.146c: FileVersion: 0.2.13.0
35113f8.146c: FileDescription: Malwarebytes Anti-Malware
35213f8.146c: \SystemRoot\System32\drivers\mwac.sys:
35313f8.146c: CreationTime: 2014-08-29T14:06:17.837392200Z
35413f8.146c: LastWriteTime: 2014-11-21T12:14:22.000000000Z
35513f8.146c: ChangeTime: 2014-12-05T05:38:29.313527300Z
35613f8.146c: FileAttributes: 0x20
35713f8.146c: Size: 0xf8d8
35813f8.146c: NT Headers: 0xf8
35913f8.146c: Timestamp: 0x53a0f42a
36013f8.146c: Machine: 0x8664 - amd64
36113f8.146c: Timestamp: 0x53a0f42a
36213f8.146c: Image Version: 6.2
36313f8.146c: SizeOfImage: 0x12000 (73728)
36413f8.146c: Resource Dir: 0x10000 LB 0x3e0
36513f8.146c: ProductName: Malwarebytes Web Access Control
36613f8.146c: ProductVersion: 1.0.6.0
36713f8.146c: FileVersion: 1.0.6.0
36813f8.146c: FileDescription: Malwarebytes Web Access Control
36913f8.146c: \SystemRoot\System32\drivers\mbamchameleon.sys:
37013f8.146c: CreationTime: 2014-08-29T14:06:17.868592300Z
37113f8.146c: LastWriteTime: 2014-11-21T12:14:12.000000000Z
37213f8.146c: ChangeTime: 2014-12-05T05:38:29.516327600Z
37313f8.146c: FileAttributes: 0x20
37413f8.146c: Size: 0x16cd8
37513f8.146c: NT Headers: 0xe0
37613f8.146c: Timestamp: 0x53f2136a
37713f8.146c: Machine: 0x8664 - amd64
37813f8.146c: Timestamp: 0x53f2136a
37913f8.146c: Image Version: 6.1
38013f8.146c: SizeOfImage: 0x1a000 (106496)
38113f8.146c: Resource Dir: 0x18000 LB 0xbd0
38213f8.146c: ProductName: Malwarebytes Chameleon
38313f8.146c: ProductVersion: 1.1.4.0
38413f8.146c: FileVersion: 1.1.4.0
38513f8.146c: FileDescription: Malwarebytes Chameleon Protection Driver
38613f8.146c: \SystemRoot\System32\drivers\mbam.sys:
38713f8.146c: CreationTime: 2014-08-29T14:06:17.821792200Z
38813f8.146c: LastWriteTime: 2014-11-21T12:14:08.000000000Z
38913f8.146c: ChangeTime: 2014-12-05T05:38:29.297927200Z
39013f8.146c: FileAttributes: 0x20
39113f8.146c: Size: 0x64d8
39213f8.146c: NT Headers: 0xd8
39313f8.146c: Timestamp: 0x540754e1
39413f8.146c: Machine: 0x8664 - amd64
39513f8.146c: Timestamp: 0x540754e1
39613f8.146c: Image Version: 6.1
39713f8.146c: SizeOfImage: 0xa000 (40960)
39813f8.146c: Resource Dir: 0x8000 LB 0x3d0
39913f8.146c: ProductName: Malwarebytes Anti-Malware
40013f8.146c: ProductVersion: 0.1.15.0
40113f8.146c: FileVersion: 0.1.15.0
40213f8.146c: FileDescription: Malwarebytes Anti-Malware
40313f8.146c: \SystemRoot\System32\drivers\MpFilter.sys:
40413f8.146c: CreationTime: 2014-07-17T23:05:06.000000000Z
40513f8.146c: LastWriteTime: 2014-07-17T23:05:06.000000000Z
40613f8.146c: ChangeTime: 2014-09-09T23:22:15.541298400Z
40713f8.146c: FileAttributes: 0x20
40813f8.146c: Size: 0x41ad0
40913f8.146c: NT Headers: 0xf0
41013f8.146c: Timestamp: 0x53bdfdba
41113f8.146c: Machine: 0x8664 - amd64
41213f8.146c: Timestamp: 0x53bdfdba
41313f8.146c: Image Version: 6.3
41413f8.146c: SizeOfImage: 0x42000 (270336)
41513f8.146c: Resource Dir: 0x40000 LB 0xd50
41613f8.146c: ProductName: Microsoft Malware Protection
41713f8.146c: ProductVersion: 4.6.0300.0
41813f8.146c: FileVersion: 4.6.0300.0
41913f8.146c: FileDescription: Microsoft antimalware file system filter driver
42013f8.146c: \SystemRoot\System32\drivers\NisDrvWFP.sys:
42113f8.146c: CreationTime: 2014-03-11T14:52:30.000000000Z
42213f8.146c: LastWriteTime: 2014-07-17T23:05:06.000000000Z
42313f8.146c: ChangeTime: 2014-09-09T23:22:14.801256100Z
42413f8.146c: FileAttributes: 0x20
42513f8.146c: Size: 0x1ea90
42613f8.146c: NT Headers: 0xe0
42713f8.146c: Timestamp: 0x53bdfde3
42813f8.146c: Machine: 0x8664 - amd64
42913f8.146c: Timestamp: 0x53bdfde3
43013f8.146c: Image Version: 6.3
43113f8.146c: SizeOfImage: 0x1f000 (126976)
43213f8.146c: Resource Dir: 0x1c000 LB 0x1b90
43313f8.146c: ProductName: Microsoft Malware Protection
43413f8.146c: ProductVersion: 4.6.0300.0
43513f8.146c: FileVersion: 4.6.0300.0
43613f8.146c: FileDescription: Microsoft Network Realtime Inspection Driver
43713f8.146c: Calling main()
43813f8.146c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
43913f8.146c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
44013f8.146c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
44113f8.146c: SUPR3HardenedMain: Respawn #2
44213f8.146c: supR3HardNtEnableThreadCreation:
44313f8.146c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
44413f8.146c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
44513f8.146c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
44613f8.146c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
44713f8.146c: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
44813f8.146c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
44913f8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\apphelp.dll'
45013f8.146c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007723c340 pvNtTerminateThread=00000000772617e0
45113f8.146c: supR3HardenedWinDoReSpawn(2): New child 140c.1088 [kernel32].
45213f8.146c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
45313f8.146c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077210000 uNtDllChildAddr=0000000077210000
45413f8.146c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007723c340
45513f8.146c: supR3HardenedWinSetupChildInit: Start child.
45613f8.146c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
45713f8.146c: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 53 sleeps
45813f8.146c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
45913f8.146c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
46013f8.146c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
46113f8.146c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
46213f8.146c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
46313f8.146c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
46413f8.146c: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
46513f8.146c: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
46613f8.146c: 0000000000051000-ffffffffffea1fff 0x0001/0x0000 0x0000000
46713f8.146c: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000
46813f8.146c: 00000000002fc000-00000000002f8fff 0x0104/0x0004 0x0020000
46913f8.146c: 00000000002ff000-00000000002fdfff 0x0004/0x0004 0x0020000
47013f8.146c: 0000000000300000-ffffffff893effff 0x0001/0x0000 0x0000000
47113f8.146c: *0000000077210000-000000007720efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47213f8.146c: 0000000077211000-000000007710efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47313f8.146c: 0000000077313000-00000000772e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47413f8.146c: 0000000077342000-0000000077339fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47513f8.146c: 000000007734a000-0000000077348fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47613f8.146c: 000000007734b000-0000000077347fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47713f8.146c: 000000007734e000-00000000772e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47813f8.146c: 00000000773b9000-000000006f791fff 0x0001/0x0000 0x0000000
47913f8.146c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
48013f8.146c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
48113f8.146c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
48213f8.146c: 000000007fff0000-ffffffffc0f7ffff 0x0001/0x0000 0x0000000
48313f8.146c: *000000013f060000-000000013f05efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
48413f8.146c: 000000013f061000-000000013efdcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
48513f8.146c: 000000013f0e5000-000000013f0e3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
48613f8.146c: 000000013f0e6000-000000013f0a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
48713f8.146c: 000000013f123000-000000013f121fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
48813f8.146c: 000000013f124000-000000013f122fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
48913f8.146c: 000000013f125000-000000013f122fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
49013f8.146c: 000000013f127000-000000013f125fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
49113f8.146c: 000000013f128000-000000013f126fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
49213f8.146c: 000000013f129000-000000013f124fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
49313f8.146c: 000000013f12d000-000000013f0f3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
49413f8.146c: 000000013f166000-fffff8037ed9bfff 0x0001/0x0000 0x0000000
49513f8.146c: *000007feff530000-000007feff52efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
49613f8.146c: 000007feff531000-000007fdfeab1fff 0x0001/0x0000 0x0000000
49713f8.146c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
49813f8.146c: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
49913f8.146c: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
50013f8.146c: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
50113f8.146c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
50213f8.146c: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
50313f8.146c: VirtualBox.exe: timestamp 0x54affd5d (rc=VINF_SUCCESS)
50413f8.146c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
50513f8.146c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
50613f8.146c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
50713f8.146c: supR3HardNtChildPurify: Done after 547 ms and 0 fixes (loop #0).
50813f8.146c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000)
50913f8.146c: supR3HardNtEnableThreadCreation:
510140c.1088: Log file opened: 4.3.21r97569 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
511140c.1088: supR3HardenedVmProcessInit: uNtDllAddr=0000000077210000
512140c.1088: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
513140c.1088: New simple heap: #1 0000000000300000 LB 0x400000 (for 1740800 allocation)
514140c.1088: System32: \Device\HarddiskVolume2\Windows\System32
515140c.1088: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
516140c.1088: KnownDllPath: C:\Windows\system32
517140c.1088: supR3HardenedVmProcessInit: Opening vboxdrv...
518140c.1088: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
519140c.1088: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
520140c.1088: Registered Dll notification callback with NTDLL.
521140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
522140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
523140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
524140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
525140c.1088: supR3HardenedDllNotificationCallback: load 00000000770f0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
526140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
527140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd290000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
528140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
529140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
530140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770f0000 'C:\Windows\system32\kernel32.dll'
531140c.1088: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007723c340 pvNtTerminateThread=00000000772617e0
53213f8.146c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 35 ms.
533140c.1088: \SystemRoot\System32\ntdll.dll:
534140c.1088: CreationTime: 2013-10-11T00:27:08.898984800Z
535140c.1088: LastWriteTime: 2013-08-29T02:16:35.515578900Z
536140c.1088: ChangeTime: 2014-12-15T16:32:10.938403200Z
537140c.1088: FileAttributes: 0x20
538140c.1088: Size: 0x1a6dc0
539140c.1088: NT Headers: 0xe0
540140c.1088: Timestamp: 0x521eaf24
541140c.1088: Machine: 0x8664 - amd64
542140c.1088: Timestamp: 0x521eaf24
543140c.1088: Image Version: 6.1
544140c.1088: SizeOfImage: 0x1a9000 (1740800)
545140c.1088: Resource Dir: 0x151000 LB 0x560d8
546140c.1088: ProductName: Microsoft® Windows® Operating System
547140c.1088: ProductVersion: 6.1.7601.18247
548140c.1088: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
549140c.1088: FileDescription: NT Layer DLL
550140c.1088: \SystemRoot\System32\kernel32.dll:
551140c.1088: CreationTime: 2014-04-08T17:52:11.563330500Z
552140c.1088: LastWriteTime: 2014-03-04T09:44:00.336000000Z
553140c.1088: ChangeTime: 2014-12-15T16:32:06.941796100Z
554140c.1088: FileAttributes: 0x20
555140c.1088: Size: 0x11c000
556140c.1088: NT Headers: 0xe8
557140c.1088: Timestamp: 0x5315a059
558140c.1088: Machine: 0x8664 - amd64
559140c.1088: Timestamp: 0x5315a059
560140c.1088: Image Version: 6.1
561140c.1088: SizeOfImage: 0x11f000 (1175552)
562140c.1088: Resource Dir: 0x116000 LB 0x528
563140c.1088: ProductName: Microsoft® Windows® Operating System
564140c.1088: ProductVersion: 6.1.7601.18409
565140c.1088: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
566140c.1088: FileDescription: Windows NT BASE API Client DLL
567140c.1088: \SystemRoot\System32\KernelBase.dll:
568140c.1088: CreationTime: 2014-05-14T14:19:49.655911900Z
569140c.1088: LastWriteTime: 2014-03-04T09:44:00.336000000Z
570140c.1088: ChangeTime: 2014-12-15T16:32:06.972996100Z
571140c.1088: FileAttributes: 0x20
572140c.1088: Size: 0x67c00
573140c.1088: NT Headers: 0xe8
574140c.1088: Timestamp: 0x5315a05a
575140c.1088: Machine: 0x8664 - amd64
576140c.1088: Timestamp: 0x5315a05a
577140c.1088: Image Version: 6.1
578140c.1088: SizeOfImage: 0x6c000 (442368)
579140c.1088: Resource Dir: 0x6a000 LB 0x530
580140c.1088: ProductName: Microsoft® Windows® Operating System
581140c.1088: ProductVersion: 6.1.7601.18409
582140c.1088: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
583140c.1088: FileDescription: Windows NT BASE API Client DLL
584140c.1088: \SystemRoot\System32\apisetschema.dll:
585140c.1088: CreationTime: 2013-09-13T00:27:27.125703100Z
586140c.1088: LastWriteTime: 2013-08-02T02:12:20.275000000Z
587140c.1088: ChangeTime: 2014-12-15T16:32:16.182012500Z
588140c.1088: FileAttributes: 0x20
589140c.1088: Size: 0x1a00
590140c.1088: NT Headers: 0xc0
591140c.1088: Timestamp: 0x51fb15ca
592140c.1088: Machine: 0x8664 - amd64
593140c.1088: Timestamp: 0x51fb15ca
594140c.1088: Image Version: 6.1
595140c.1088: SizeOfImage: 0x50000 (327680)
596140c.1088: Resource Dir: 0x30000 LB 0x3f8
597140c.1088: ProductName: Microsoft® Windows® Operating System
598140c.1088: ProductVersion: 6.1.7601.18229
599140c.1088: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
600140c.1088: FileDescription: ApiSet Schema DLL
601140c.1088: Found driver NisDrv (0x400)
602140c.1088: supR3HardenedWinFindAdversaries: 0x480
603140c.1088: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
604140c.1088: CreationTime: 2014-08-29T14:06:38.460628200Z
605140c.1088: LastWriteTime: 2015-01-13T22:19:10.600779300Z
606140c.1088: ChangeTime: 2015-01-13T22:19:10.600779300Z
607140c.1088: FileAttributes: 0x20
608140c.1088: Size: 0x1fad8
609140c.1088: NT Headers: 0xd8
610140c.1088: Timestamp: 0x541caaaf
611140c.1088: Machine: 0x8664 - amd64
612140c.1088: Timestamp: 0x541caaaf
613140c.1088: Image Version: 6.1
614140c.1088: SizeOfImage: 0x23000 (143360)
615140c.1088: Resource Dir: 0x22000 LB 0x3f0
616140c.1088: ProductName: Malwarebytes Anti-Malware
617140c.1088: ProductVersion: 0.2.13.0
618140c.1088: FileVersion: 0.2.13.0
619140c.1088: FileDescription: Malwarebytes Anti-Malware
620140c.1088: \SystemRoot\System32\drivers\mwac.sys:
621140c.1088: CreationTime: 2014-08-29T14:06:17.837392200Z
622140c.1088: LastWriteTime: 2014-11-21T12:14:22.000000000Z
623140c.1088: ChangeTime: 2014-12-05T05:38:29.313527300Z
624140c.1088: FileAttributes: 0x20
625140c.1088: Size: 0xf8d8
626140c.1088: NT Headers: 0xf8
627140c.1088: Timestamp: 0x53a0f42a
628140c.1088: Machine: 0x8664 - amd64
629140c.1088: Timestamp: 0x53a0f42a
630140c.1088: Image Version: 6.2
631140c.1088: SizeOfImage: 0x12000 (73728)
632140c.1088: Resource Dir: 0x10000 LB 0x3e0
633140c.1088: ProductName: Malwarebytes Web Access Control
634140c.1088: ProductVersion: 1.0.6.0
635140c.1088: FileVersion: 1.0.6.0
636140c.1088: FileDescription: Malwarebytes Web Access Control
637140c.1088: \SystemRoot\System32\drivers\mbamchameleon.sys:
638140c.1088: CreationTime: 2014-08-29T14:06:17.868592300Z
639140c.1088: LastWriteTime: 2014-11-21T12:14:12.000000000Z
640140c.1088: ChangeTime: 2014-12-05T05:38:29.516327600Z
641140c.1088: FileAttributes: 0x20
642140c.1088: Size: 0x16cd8
643140c.1088: NT Headers: 0xe0
644140c.1088: Timestamp: 0x53f2136a
645140c.1088: Machine: 0x8664 - amd64
646140c.1088: Timestamp: 0x53f2136a
647140c.1088: Image Version: 6.1
648140c.1088: SizeOfImage: 0x1a000 (106496)
649140c.1088: Resource Dir: 0x18000 LB 0xbd0
650140c.1088: ProductName: Malwarebytes Chameleon
651140c.1088: ProductVersion: 1.1.4.0
652140c.1088: FileVersion: 1.1.4.0
653140c.1088: FileDescription: Malwarebytes Chameleon Protection Driver
654140c.1088: \SystemRoot\System32\drivers\mbam.sys:
655140c.1088: CreationTime: 2014-08-29T14:06:17.821792200Z
656140c.1088: LastWriteTime: 2014-11-21T12:14:08.000000000Z
657140c.1088: ChangeTime: 2014-12-05T05:38:29.297927200Z
658140c.1088: FileAttributes: 0x20
659140c.1088: Size: 0x64d8
660140c.1088: NT Headers: 0xd8
661140c.1088: Timestamp: 0x540754e1
662140c.1088: Machine: 0x8664 - amd64
663140c.1088: Timestamp: 0x540754e1
664140c.1088: Image Version: 6.1
665140c.1088: SizeOfImage: 0xa000 (40960)
666140c.1088: Resource Dir: 0x8000 LB 0x3d0
667140c.1088: ProductName: Malwarebytes Anti-Malware
668140c.1088: ProductVersion: 0.1.15.0
669140c.1088: FileVersion: 0.1.15.0
670140c.1088: FileDescription: Malwarebytes Anti-Malware
671140c.1088: \SystemRoot\System32\drivers\MpFilter.sys:
672140c.1088: CreationTime: 2014-07-17T23:05:06.000000000Z
673140c.1088: LastWriteTime: 2014-07-17T23:05:06.000000000Z
674140c.1088: ChangeTime: 2014-09-09T23:22:15.541298400Z
675140c.1088: FileAttributes: 0x20
676140c.1088: Size: 0x41ad0
677140c.1088: NT Headers: 0xf0
678140c.1088: Timestamp: 0x53bdfdba
679140c.1088: Machine: 0x8664 - amd64
680140c.1088: Timestamp: 0x53bdfdba
681140c.1088: Image Version: 6.3
682140c.1088: SizeOfImage: 0x42000 (270336)
683140c.1088: Resource Dir: 0x40000 LB 0xd50
684140c.1088: ProductName: Microsoft Malware Protection
685140c.1088: ProductVersion: 4.6.0300.0
686140c.1088: FileVersion: 4.6.0300.0
687140c.1088: FileDescription: Microsoft antimalware file system filter driver
688140c.1088: \SystemRoot\System32\drivers\NisDrvWFP.sys:
689140c.1088: CreationTime: 2014-03-11T14:52:30.000000000Z
690140c.1088: LastWriteTime: 2014-07-17T23:05:06.000000000Z
691140c.1088: ChangeTime: 2014-09-09T23:22:14.801256100Z
692140c.1088: FileAttributes: 0x20
693140c.1088: Size: 0x1ea90
694140c.1088: NT Headers: 0xe0
695140c.1088: Timestamp: 0x53bdfde3
696140c.1088: Machine: 0x8664 - amd64
697140c.1088: Timestamp: 0x53bdfde3
698140c.1088: Image Version: 6.3
699140c.1088: SizeOfImage: 0x1f000 (126976)
700140c.1088: Resource Dir: 0x1c000 LB 0x1b90
701140c.1088: ProductName: Microsoft Malware Protection
702140c.1088: ProductVersion: 4.6.0300.0
703140c.1088: FileVersion: 4.6.0300.0
704140c.1088: FileDescription: Microsoft Network Realtime Inspection Driver
705140c.1088: Calling main()
706140c.1088: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
707140c.1088: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
708140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
709140c.1088: SUPR3HardenedMain: Final process, opening VBoxDrv...
710140c.1088: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
711140c.1088: supR3HardNtEnableThreadCreation:
712140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
713140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
714140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704fd0:C:\Windows\system32 [calling]
715140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
716140c.1088: supR3HardenedDllNotificationCallback: load 000007fefa2c0000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
717140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
718140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
719140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
720140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
721140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
722140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
723140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
724140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
725140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
726140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
727140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
728140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
729140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
730140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
731140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
732140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
733140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
734140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
735140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
736140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
737140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
738140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
739140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
740140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
741140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
742140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
743140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
744140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
745140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
746140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
747140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
748140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
749140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
750140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
751140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
752140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
753140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
754140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
755140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704fd0:C:\Windows\system32 [calling]
756140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
757140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd320000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
758140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
759140c.1088: supR3HardenedDllNotificationCallback: load 000007feff030000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
760140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
761140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd080000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
762140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
763140c.1088: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
764140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
765140c.1088: supR3HardenedDllNotificationCallback: load 000007fefe900000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
766140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
767140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\Wintrust.dll'
768140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
769140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
770140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
771140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
772140c.1088: supR3HardenedDllNotificationCallback: load 000007fefc7d0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
773140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
774140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7d0000 'C:\Windows\system32\CRYPTSP.dll'
775140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
776140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
777140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
778140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
779140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
780140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
781140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
782140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
783140c.1088: supR3HardenedDllNotificationCallback: load 000007fefc4d0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
784140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
785140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4d0000 'C:\Windows\system32\rsaenh.dll'
786140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
787140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
788140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
789140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
790140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
791140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
792140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
793140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
794140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
795140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
796140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
797140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
798140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd390000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
799140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
800140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
801140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
802140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
803140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
804140c.1088: supR3HardenedDllNotificationCallback: load 000007fefe8e0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
805140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
806140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd390000 'C:\Windows\system32\ADVAPI32.dll'
807140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
808140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
809140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
810140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
811140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
812140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
813140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
814140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
815140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
816140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
817140c.1088: supR3HardenedDllNotificationCallback: load 000007fefce30000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
818140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
819140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce30000 'C:\Windows\system32\CRYPTBASE.dll'
820140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
821140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
822140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770f0000 'C:\Windows\system32\kernel32.dll'
823140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
824140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
825140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\WINTRUST.DLL'
826140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
827140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
828140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'C:\Windows\system32\CRYPT32.dll'
829140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
830140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
831140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
832140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
833140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
834140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
835140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
836140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
837140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
838140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
839140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
840140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
841140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd510000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
842140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
843140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd510000 'C:\Windows\system32\imagehlp.dll'
844140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
845140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
846140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7d0000 'C:\Windows\system32\CRYPTSP.dll'
847140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
848140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
849140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
850140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
851140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
852140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
853140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
854140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
855140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
856140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
857140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
858140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
859140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
860140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
861140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
862140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
863140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
864140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
865140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
866140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
867140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
868140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
869140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
870140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
871140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
872140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
873140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
874140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
875140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
876140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
877140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
878140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
879140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
880140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
881140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
882140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
883140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
884140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
885140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
886140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
887140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
888140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
889140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
890140c.1088: supR3HardenedDllNotificationCallback: load 0000000076ff0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
891140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
892140c.1088: supR3HardenedDllNotificationCallback: load 000007fefef60000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
893140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
894140c.1088: supR3HardenedDllNotificationCallback: load 000007fefe8d0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
895140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
896140c.1088: supR3HardenedDllNotificationCallback: load 000007fefee90000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
897140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
898140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
899140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
900140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef60000 'C:\Windows\system32\gdi32.dll'
901140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
902140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
903140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
904140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
905140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
906140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
907140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
908140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
909140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
910140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
911140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
912140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
913140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
914140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
915140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
916140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
917140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
918140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
919140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
920140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
921140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
922140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
923140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
924140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
925140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
926140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
927140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
928140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
929140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
930140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
931140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
932140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
933140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
934140c.1088: supR3HardenedDllNotificationCallback: load 000007fefe740000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
935140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
936140c.1088: supR3HardenedDllNotificationCallback: load 000007fefed80000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
937140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
938140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe740000 'C:\Windows\system32\IMM32.DLL'
939140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ff0000 'C:\Windows\system32\USER32.dll'
940140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
941140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
942140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
943140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
944140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
945140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
946140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
947140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
948140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
949140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
950140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
951140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
952140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
953140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
954140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
955140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
956140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
957140c.1088: supR3HardenedDllNotificationCallback: load 000007fefc950000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
958140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
959140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
960140c.1088: supR3HardenedDllNotificationCallback: load 000007fefc920000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
961140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
962140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc950000 'C:\Windows\system32\ncrypt.dll'
963140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
964140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
965140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
966140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
967140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
968140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
969140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
970140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
971140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
972140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
973140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
974140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
975140c.1088: supR3HardenedDllNotificationCallback: load 000007fefc410000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
976140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
977140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc410000 'C:\Windows\system32\bcryptprimitives.dll'
978140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
979140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
980140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc920000 'C:\Windows\system32\bcrypt.dll'
981140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
982140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
983140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
984140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
985140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
986140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
987140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
988140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
989140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
990140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
991140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
992140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
993140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
994140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
995140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
996140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
997140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
998140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
999140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1000140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1001140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1002140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1003140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1004140c.1088: supR3HardenedDllNotificationCallback: load 000007fefcfd0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1005140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1006140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\USERENV.dll'
1007140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1008140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1009140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1010140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1011140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1012140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1013140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1014140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1015140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1016140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1017140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1018140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1019140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1020140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1021140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1022140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1023140c.1088: supR3HardenedDllNotificationCallback: load 000007fefc280000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1024140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1025140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc280000 'C:\Windows\system32\GPAPI.dll'
1026140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1027140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1028140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1029140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1030140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\rpcrt4.dll'
1031140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1032140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1033140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1034140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1035140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1036140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1037140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1038140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1039140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1040140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1041140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1042140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1043140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1044140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1045140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1046140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1047140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1048140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1049140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1050140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1051140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1052140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1053140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1054140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1055140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1056140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1057140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1058140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1059140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1060140c.1088: supR3HardenedDllNotificationCallback: load 000007fef8c80000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1061140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1062140c.1088: supR3HardenedDllNotificationCallback: load 000007fefefd0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1063140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1064140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1065140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1066140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1067140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1068140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1069140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1070140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1071140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1072140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1073140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1074140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1075140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1076140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1077140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1078140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1079140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1080140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1081140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1082140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1083140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1084140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1085140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1086140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1087140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1088140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1089140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1090140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1091140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1092140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1093140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1094140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\cryptnet.dll'
1095140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1096140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1097140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1098140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1099140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfd0000 'C:\Windows\system32\profapi.dll'
1100140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1101140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1102140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1103140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1104140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1105140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1106140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1107140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1108140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1109140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1110140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1111140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1112140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1113140c.1088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1114140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1115140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1116140c.1088: supR3HardenedDllNotificationCallback: load 000007fefe770000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1117140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1118140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe770000 'C:\Windows\system32\SHLWAPI.dll'
1119140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1120140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007872b0
1121140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1122140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
1123140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1124140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1125140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1126140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1127140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1128140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1129140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1130140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1131140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd390000 'C:\Windows\system32\ADVAPI32.dll'
1132140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1133140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1134140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1135140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1136140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
1137140c.1088: g_pfnWinVerifyTrust=000007fefd321010
1138140c.1088: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1139140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1140140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1141140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1142140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4581771CBFFF32DF331EF17B5C5FD7E1F614302
1143140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_136_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1144140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1145140c.1088: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1146140c.1088: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1147140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1148140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1149140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1150140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=108407301192217C74BC9FE609CA642A66DBE98B
1151140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1152140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1153140c.1088: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1154140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1155140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1156140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1157140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1158140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1159140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1160140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1161140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1162140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1163140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1164140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1165140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1166140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1167140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1168140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1169140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1170140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1171140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
1172140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1173140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1174140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1175140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1176140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1177140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1178140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1179140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1180140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1181140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1182140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1183140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1184140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1185140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1186140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1187140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1188140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1189140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1190140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1191140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1192140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1193140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1194140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1195140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1196140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1197140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1198140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1199140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1200140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1201140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1202140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1203140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1204140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1205140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1206140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1207140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D68DA0EBD4E0AA6C401CF7C54CEA904099DD3933
1208140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB2992611~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1209140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1210140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1211140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1212140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1213140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1214140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1215140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1216140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1217140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1218140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1219140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1220140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1221140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1222140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1223140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1224140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1225140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1226140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1227140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1228140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1229140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1230140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1231140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1232140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1233140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1234140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1235140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
1236140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1237140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1238140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1239140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1240140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1241140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1242140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
1243140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1244140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1245140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1246140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1247140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1248140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1249140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1250140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1251140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1252140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1253140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1254140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1255140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1256140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1257140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1258140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1259140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1260140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1261140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1262140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1263140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1264140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1265140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1266140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1267140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1268140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1269140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1270140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1271140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1272140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1273140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1274140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1275140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1276140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1277140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
1278140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1279140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1280140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1281140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1282140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1283140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1284140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1285140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FE601E1BC89E11CA16D1CA31315BC348EFAF0C74
1286140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1287140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1288140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1289140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1290140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1291140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1292140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1293140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1294140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1295140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1296140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1297140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1298140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1299140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1300140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1301140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1302140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1303140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1304140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1305140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1306140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1307140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1308140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1309140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1310140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1311140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1312140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1313140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1314140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
1315140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1316140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1317140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1318140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1319140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1320140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1321140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
1322140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1323140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1324140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1325140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1326140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002de21c0:C:\Windows\system32 [calling]
1327140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'C:\Windows\system32\crypt32.dll'
1328140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xc0f405ab4fb0ba00 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call
1329140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1330140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1331140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1332140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1333140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1334140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xbf1f81e5a97406aa CN=USB\VID_0781&PID_5150 (libwdi autogenerated)
1335140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1336140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x5675ad49101bb3f2 CN=USB\VID_0764&PID_0501 (libwdi autogenerated)
1337140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1338140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1339140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
1340140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1341140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1342140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1343140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1344140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1345140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1346140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1347140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1348140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1349140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1350140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1351140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1352140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1353140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1354140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
1355140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1356140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1357140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1358140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x5a341635fb75d800 C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
1359140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1360140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1361140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1362140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1363140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1364140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1365140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1366140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1367140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1368140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1369140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1370140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1371140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1372140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1373140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1374140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
1375140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1376140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
1377140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1378140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1379140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
1380140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1381140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1382140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1383140c.1088: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1384140c.1088: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=56
1385140c.1088: SUPR3HardenedMain: Load Runtime...
1386140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1387140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1388140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1389140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1390140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1391140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1392140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1393140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1394140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1395140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1396140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1397140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1398140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1399140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1400140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1401140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1402140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1403140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1404140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1405140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1406140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1407140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1408140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1409140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1410140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1411140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1412140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1413140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1414140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1415140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1416140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1417140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1418140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1419140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1420140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1421140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1422140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1423140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1424140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1425140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1426140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1427140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1428140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
1429140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1430140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1431140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1432140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1433140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1434140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1435140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1436140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1437140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1438140c.1088: supR3HardenedDllNotificationCallback: load 000007feef820000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1439140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1440140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1441140c.1088: supR3HardenedDllNotificationCallback: load 0000000074850000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1442140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1443140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1444140c.1088: supR3HardenedDllNotificationCallback: load 00000000747b0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1445140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1446140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd530000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1447140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1448140c.1088: supR3HardenedDllNotificationCallback: load 000007feff170000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1449140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1450140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1451140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1452140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1453140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1454140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1455140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1456140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1457140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1458140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1459140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1460140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1461140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1462140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1463140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1464140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1465140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1466140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1467140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1468140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1469140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1470140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1471140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1472140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1473140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1474140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1475140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1476140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1477140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1478140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1479140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1480140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1481140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1482140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1483140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1484140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1485140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1486140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1487140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1488140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1489140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1490140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1491140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1492140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1493140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1494140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1495140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1496140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1497140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1498140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef820000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1499140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1500140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000abf090:C:\Windows\system32 [calling]
1501140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\Wintrust.dll'
1502140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1503140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000abf090:C:\Windows\system32 [calling]
1504140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'C:\Windows\system32\crypt32.dll'
1505140c.1088: SUPR3HardenedMain: Load TrustedMain...
1506140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1507140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1508140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1509140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1510140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1511140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1512140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1513140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1514140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1515140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1516140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1517140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1518140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1519140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1520140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1521140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1522140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1523140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1524140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1525140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1526140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1527140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1528140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1529140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1530140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1531140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1532140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1533140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1534140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1535140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1536140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1537140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1538140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1539140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1540140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1541140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1542140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1543140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1544140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1545140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1546140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1547140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1548140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1549140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1550140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1551140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1552140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1553140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1554140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1555140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1556140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1557140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59C9A3379D97CB80EFB9D9152AF4E0240DDF8B29
1558140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3006226~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1559140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1560140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1561140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1562140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1563140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1564140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1565140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1566140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1567140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1568140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1569140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1570140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1571140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1572140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1573140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1574140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1575140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1576140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1577140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1578140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1579140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1580140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1581140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1582140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1583140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1584140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1585140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1586140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D11B9B481EE916E64C94F8ECA71C2995A2999B7
1587140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2980245~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1588140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1589140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1590140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1591140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1592140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1593140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
1594140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1595140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1596140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1597140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1598140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1599140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1600140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1601140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1602140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1603140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1604140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1605140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1606140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1607140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1608140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1609140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1610140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1611140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1612140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1613140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1614140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1615140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1616140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1617140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1618140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1619140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1620140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1621140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1622140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1623140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1624140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1625140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1626140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1627140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1628140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1629140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1630140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1631140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1632140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1633140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1634140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1635140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1636140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1637140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1638140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1639140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1640140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1641140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1642140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1643140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1644140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1645140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1646140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1647140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1648140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1649140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1650140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1651140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1652140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1653140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1654140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1655140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1656140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1657140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1658140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1659140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1660140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1661140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1662140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1663140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1664140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1665140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1666140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1667140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1668140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1669140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
1670140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1671140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1672140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1673140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1674140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1675140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1676140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1677140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1678140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1679140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1680140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1681140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1682140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1683140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1684140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1685140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1686140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1687140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
1688140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1689140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1690140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1691140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1692140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1693140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1694140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1695140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1696140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1697140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1698140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1699140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1700140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
1701140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1702140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1703140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1704140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1705140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1706140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1707140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1708140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1709140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1710140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1711140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1712140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1713140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1714140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1715140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1716140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1717140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1718140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1719140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1720140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1721140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1722140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1723140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1724140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1725140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1726140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1727140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1728140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1729140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1730140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1731140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1732140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1733140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1734140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1735140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1736140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1737140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1738140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1739140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1740140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1741140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1742140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1743140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1744140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1745140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1746140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1747140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1748140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1749140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1750140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1751140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1752140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1753140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1754140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1755140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
1756140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1757140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1758140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1759140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1760140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1761140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1762140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1763140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1764140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1765140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1766140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1767140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1768140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1769140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1770140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1771140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1772140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1773140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1774140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1775140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1776140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1777140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1778140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1779140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1780140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1781140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1782140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1783140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1784140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1785140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1786140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1787140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1788140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1789140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1790140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1791140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1792140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1793140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1794140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1795140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1796140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1797140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1798140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1799140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1800140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1801140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1802140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1803140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1804140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1805140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1806140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1807140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1808140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1809140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1810140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1811140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1812140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1813140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1814140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1815140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1816140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1817140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1818140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1819140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1820140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1821140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1822140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1823140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1824140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1825140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1826140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1827140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1828140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1829140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1830140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1831140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1832140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1833140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
1834140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1835140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1836140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1837140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1838140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1839140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
1840140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1841140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1842140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1843140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1844140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1845140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1846140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1847140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1848140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1849140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1850140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1851140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1852140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1853140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1854140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1855140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1856140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1857140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1858140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1859140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1860140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1861140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1862140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1863140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1864140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1865140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1866140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1867140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1868140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1869140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1870140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1871140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1872140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1873140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1874140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1875140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1876140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1877140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1878140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1879140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1880140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1881140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1882140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1883140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1884140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1885140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
1886140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1887140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1888140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1889140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1890140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1891140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1892140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1893140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1894140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1895140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1896140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1897140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1898140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1899140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1900140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1901140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1902140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
1903140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1904140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1905140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1906140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1907140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1908140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1909140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1910140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1911140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
1912140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1913140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1914140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1915140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1916140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1917140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
1918140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1919140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1920140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1921140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1922140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1923140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1924140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1925140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1926140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1927140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1928140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1929140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1930140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1931140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1932140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1933140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1934140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1935140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1936140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1937140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1938140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1939140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
1940140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1941140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1942140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1943140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1944140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1945140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1946140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1947140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1948140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1949140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1950140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1951140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1952140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1953140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1954140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1955140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
1956140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
1957140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1958140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1959140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1960140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1961140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1962140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1963140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
1964140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1965140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1966140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1967140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1968140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1969140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1970140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1971140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1972140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1973140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1974140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1975140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1976140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1977140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1978140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1979140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1980140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1981140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1982140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1983140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1984140c.1088: supR3HardenedDllNotificationCallback: load 000007feeefa0000 LB 0x00872000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1985140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1986140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1987140c.1088: supR3HardenedDllNotificationCallback: load 000007feeffe0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1988140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1989140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1990140c.1088: supR3HardenedDllNotificationCallback: load 000007fef1df0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1991140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1992140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1993140c.1088: supR3HardenedDllNotificationCallback: load 000007feefee0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1994140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1995140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1996140c.1088: supR3HardenedDllNotificationCallback: load 000007fefa2b0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1997140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1998140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd7d0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1999140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2000140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd000000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2001140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2002140c.1088: supR3HardenedDllNotificationCallback: load 000007fefe7f0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2003140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2004140c.1088: supR3HardenedDllNotificationCallback: load 000007feff180000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2005140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2006140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd370000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2007140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2008140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2009140c.1088: supR3HardenedDllNotificationCallback: load 000007fefb2e0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2010140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2011140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2012140c.1088: supR3HardenedDllNotificationCallback: load 000000006dc30000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
2013140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2014140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2015140c.1088: supR3HardenedDllNotificationCallback: load 000000006a4d0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
2016140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2017140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd470000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2018140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2019140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2020140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2021140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2022140c.1088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
2023140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2024140c.1088: supR3HardenedDllNotificationCallback: load 000007fef82f0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
2025140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
2026140c.1088: supR3HardenedDllNotificationCallback: load 000007fefd9b0000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2027140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2028140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2029140c.1088: supR3HardenedDllNotificationCallback: load 000007fefa450000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2030140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2031140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2032140c.1088: supR3HardenedDllNotificationCallback: load 000007fef7820000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2033140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2034140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2035140c.1088: supR3HardenedDllNotificationCallback: load 000000006fc20000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
2036140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2037140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2038140c.1088: supR3HardenedDllNotificationCallback: load 00000000745d0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
2039140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2040140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2041140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
2042140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
2043140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
2044140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2045140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2046140c.1088: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2047140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2048140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2049140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2050140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2051140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2052140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2053140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2054140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b2360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2055140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe740000 'C:\Windows\system32\imm32.dll'
2056140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefa0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2057140c.1088: SUPR3HardenedMain: Calling TrustedMain (000007feeefa1ca0)...
2058140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2059140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2060140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa450000 'C:\Windows\system32\winmm.dll'
2061140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2062140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2063140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce30000 'C:\Windows\system32\CRYPTBASE.dll'
2064140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2065140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2066140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\shell32.dll'
2067140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2068140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2069140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770f0000 'C:\Windows\system32\kernel32.dll'
2070140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005b8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2071140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
2072140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
2073140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2074140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2075140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2076140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2077140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2078140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2079140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
2080140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2081140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2082140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2083140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2084140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2085140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2086140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2087140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2088140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2089140c.1088: supR3HardenedDllNotificationCallback: load 000007fefb710000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2090140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2091140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\uxtheme.dll'
2092140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2093140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2094140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\uxtheme.dll'
2095140c.1088: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll)
2096140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2097140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2098140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ff0000 'C:\Windows\system32\user32.dll'
2099140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2100140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2101140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\uxtheme.dll'
2102140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ff0000 'C:\Windows\system32\user32.dll'
2103140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd390000 'C:\Windows\system32\advapi32.dll'
2104140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2105140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2106140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\userenv.dll'
2107140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2108140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2109140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770f0000 'C:\Windows\system32\kernel32.dll'
2110140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2111140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
2112140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
2113140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2114140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2115140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2116140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2117140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2118140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2119140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2120140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2121140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2122140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
2123140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2124140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2125140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2126140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2127140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2128140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2129140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2130140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2131140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2132140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2133140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2134140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2135140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2136140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2137140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2138140c.1088: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2139140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b1f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2140140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2141140c.1088: supR3HardenedDllNotificationCallback: load 000007feff0d0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2142140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2143140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0d0000 'C:\Windows\system32\CLBCatQ.DLL'
2144140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2145140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b26c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2146140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd390000 'C:\Windows\system32\ADVAPI32.dll'
2147140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2148140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b25a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2149140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7d0000 'C:\Windows\system32\CRYPTSP.dll'
2150140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000610 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2151140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007872b0
2152140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007872b0
2153140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2154140c.1088: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2155140c.1088: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2156140c.1088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2157140c.1088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
2158140c.1088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2159140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2160140c.1088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2161140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b25a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2162140c.1088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2163140c.1088: supR3HardenedDllNotificationCallback: load 000007fefcf20000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2164140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2165140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf20000 'C:\Windows\system32\RpcRtRemote.dll'
2166140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef60000 'C:\Windows\system32\gdi32.dll'
2167140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2168140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b2a20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2169140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\shell32.dll'
2170140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2171140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b2a20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2172140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\shell32.dll'
2173140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2174140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b2a20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2175140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\shell32.dll'
2176140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2177140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b2a20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2178140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\shell32.dll'
2179140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\shell32.dll'
2180140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\shell32.dll'
2181140c.1088: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll)
2182140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b2a20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2183140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2184140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ff0000 'C:\Windows\system32\user32.dll'
2185140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2186140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b2a20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2187140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff180000 'C:\Windows\system32\ole32.dll'
2188140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2189140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007b2c60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2190140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff180000 'C:\Windows\system32\ole32.dll'
2191140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2192140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002df0750:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2193140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'C:\Windows\system32\MSCTF.dll'
2194140c.1088: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll' [redir]
2195140c.1088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2196140c.1088: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007b2c60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2197140c.1088: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2198140c.1088: Terminating the normal way: rcExit=1
219913f8.146c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 6100 ms, the end);
22001608.15b4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 6703 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy