VirtualBox

Ticket #14352: VBoxStartup.log

File VBoxStartup.log, 285.9 KB (added by dinsdale, 9 years ago)
Line 
1111c.1ca8: Log file opened: 4.3.30r101610 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110
2111c.1ca8: \SystemRoot\System32\ntdll.dll:
3111c.1ca8: CreationTime: 2015-06-07T20:18:44.692022500Z
4111c.1ca8: LastWriteTime: 2015-05-25T18:21:21.289963400Z
5111c.1ca8: ChangeTime: 2015-06-08T15:15:48.471009500Z
6111c.1ca8: FileAttributes: 0x20
7111c.1ca8: Size: 0x1a61c0
8111c.1ca8: NT Headers: 0xe0
9111c.1ca8: Timestamp: 0x556366f2
10111c.1ca8: Machine: 0x8664 - amd64
11111c.1ca8: Timestamp: 0x556366f2
12111c.1ca8: Image Version: 6.1
13111c.1ca8: SizeOfImage: 0x1a9000 (1740800)
14111c.1ca8: Resource Dir: 0x14d000 LB 0x5a028
15111c.1ca8: ProductName: Microsoft® Windows® Operating System
16111c.1ca8: ProductVersion: 6.1.7601.18869
17111c.1ca8: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
18111c.1ca8: FileDescription: NT Layer DLL
19111c.1ca8: \SystemRoot\System32\kernel32.dll:
20111c.1ca8: CreationTime: 2015-06-07T20:18:45.176050200Z
21111c.1ca8: LastWriteTime: 2015-05-25T18:19:02.585000000Z
22111c.1ca8: ChangeTime: 2015-06-08T15:15:49.329011000Z
23111c.1ca8: FileAttributes: 0x20
24111c.1ca8: Size: 0x11be00
25111c.1ca8: NT Headers: 0xe8
26111c.1ca8: Timestamp: 0x556366fc
27111c.1ca8: Machine: 0x8664 - amd64
28111c.1ca8: Timestamp: 0x556366fc
29111c.1ca8: Image Version: 6.1
30111c.1ca8: SizeOfImage: 0x11f000 (1175552)
31111c.1ca8: Resource Dir: 0x116000 LB 0x528
32111c.1ca8: ProductName: Microsoft® Windows® Operating System
33111c.1ca8: ProductVersion: 6.1.7601.18869
34111c.1ca8: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
35111c.1ca8: FileDescription: Windows NT BASE API Client DLL
36111c.1ca8: \SystemRoot\System32\KernelBase.dll:
37111c.1ca8: CreationTime: 2015-06-07T20:18:46.139105300Z
38111c.1ca8: LastWriteTime: 2015-05-25T18:19:02.585000000Z
39111c.1ca8: ChangeTime: 2015-06-08T15:15:49.344611100Z
40111c.1ca8: FileAttributes: 0x20
41111c.1ca8: Size: 0x67c00
42111c.1ca8: NT Headers: 0xe8
43111c.1ca8: Timestamp: 0x556366fd
44111c.1ca8: Machine: 0x8664 - amd64
45111c.1ca8: Timestamp: 0x556366fd
46111c.1ca8: Image Version: 6.1
47111c.1ca8: SizeOfImage: 0x6c000 (442368)
48111c.1ca8: Resource Dir: 0x6a000 LB 0x530
49111c.1ca8: ProductName: Microsoft® Windows® Operating System
50111c.1ca8: ProductVersion: 6.1.7601.18869
51111c.1ca8: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
52111c.1ca8: FileDescription: Windows NT BASE API Client DLL
53111c.1ca8: \SystemRoot\System32\apisetschema.dll:
54111c.1ca8: CreationTime: 2015-06-07T20:18:40.650791400Z
55111c.1ca8: LastWriteTime: 2015-05-25T18:11:40.254000000Z
56111c.1ca8: ChangeTime: 2015-06-08T15:15:48.424209500Z
57111c.1ca8: FileAttributes: 0x20
58111c.1ca8: Size: 0x1a00
59111c.1ca8: NT Headers: 0xc0
60111c.1ca8: Timestamp: 0x55636622
61111c.1ca8: Machine: 0x8664 - amd64
62111c.1ca8: Timestamp: 0x55636622
63111c.1ca8: Image Version: 6.1
64111c.1ca8: SizeOfImage: 0x50000 (327680)
65111c.1ca8: Resource Dir: 0x30000 LB 0x3f8
66111c.1ca8: ProductName: Microsoft® Windows® Operating System
67111c.1ca8: ProductVersion: 6.1.7601.18869
68111c.1ca8: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
69111c.1ca8: FileDescription: ApiSet Schema DLL
70111c.1ca8: supR3HardenedWinFindAdversaries: 0x0
71111c.1ca8: Calling main()
72111c.1ca8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
73111c.1ca8: SUPR3HardenedMain: Respawn #1
74111c.1ca8: System32: \Device\HarddiskVolume2\Windows\System32
75111c.1ca8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
76111c.1ca8: KnownDllPath: C:\Windows\system32
77111c.1ca8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
78111c.1ca8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
79111c.1ca8: supR3HardNtEnableThreadCreation:
80111c.1ca8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f8b780 pvNtTerminateThread=0000000076fae0e0
81111c.1ca8: supR3HardenedWinDoReSpawn(1): New child 1a50.1b58 [kernel32].
82111c.1ca8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
83111c.1ca8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076f60000 uNtDllChildAddr=0000000076f60000
84111c.1ca8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f8b780
85111c.1ca8: supR3HardenedWinSetupChildInit: Start child.
86111c.1ca8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
87111c.1ca8: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
88111c.1ca8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
89111c.1ca8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
90111c.1ca8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
91111c.1ca8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
92111c.1ca8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
93111c.1ca8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
94111c.1ca8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
95111c.1ca8: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
96111c.1ca8: 0000000000051000-fffffffffff91fff 0x0001/0x0000 0x0000000
97111c.1ca8: *0000000000110000-0000000000013fff 0x0000/0x0004 0x0020000
98111c.1ca8: 000000000020c000-0000000000208fff 0x0104/0x0004 0x0020000
99111c.1ca8: 000000000020f000-000000000020dfff 0x0004/0x0004 0x0020000
100111c.1ca8: 0000000000210000-ffffffff894bffff 0x0001/0x0000 0x0000000
101111c.1ca8: *0000000076f60000-0000000076f60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
102111c.1ca8: 0000000076f61000-000000007705efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
103111c.1ca8: 000000007705f000-000000007708dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
104111c.1ca8: 000000007708e000-0000000077095fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
105111c.1ca8: 0000000077096000-0000000077096fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
106111c.1ca8: 0000000077097000-0000000077099fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
107111c.1ca8: 000000007709a000-0000000077108fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
108111c.1ca8: 0000000077109000-000000006f231fff 0x0001/0x0000 0x0000000
109111c.1ca8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
110111c.1ca8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
111111c.1ca8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
112111c.1ca8: 000000007fff0000-ffffffffc061ffff 0x0001/0x0000 0x0000000
113111c.1ca8: *000000013f9c0000-000000013f9c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
114111c.1ca8: 000000013f9c1000-000000013fa45fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
115111c.1ca8: 000000013fa46000-000000013fa46fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
116111c.1ca8: 000000013fa47000-000000013fa84fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
117111c.1ca8: 000000013fa85000-000000013fa85fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
118111c.1ca8: 000000013fa86000-000000013fa86fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
119111c.1ca8: 000000013fa87000-000000013fa88fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
120111c.1ca8: 000000013fa89000-000000013fa89fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121111c.1ca8: 000000013fa8a000-000000013fa8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
122111c.1ca8: 000000013fa8b000-000000013fa8efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
123111c.1ca8: 000000013fa8f000-000000013fac7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
124111c.1ca8: 000000013fac8000-fffff8038030ffff 0x0001/0x0000 0x0000000
125111c.1ca8: *000007feff280000-000007feff280fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
126111c.1ca8: 000007feff281000-000007fdfe551fff 0x0001/0x0000 0x0000000
127111c.1ca8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
128111c.1ca8: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
129111c.1ca8: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
130111c.1ca8: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
131111c.1ca8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
132111c.1ca8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
133111c.1ca8: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
134111c.1ca8: VirtualBox.exe: timestamp 0x559faaf3 (rc=VINF_SUCCESS)
135111c.1ca8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
136111c.1ca8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
137111c.1ca8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
138111c.1ca8: supR3HardNtChildPurify: Done after 287 ms and 0 fixes (loop #0).
139111c.1ca8: supR3HardNtEnableThreadCreation:
1401a50.1b58: Log file opened: 4.3.30r101610 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
1411a50.1b58: supR3HardenedVmProcessInit: uNtDllAddr=0000000076f60000
1421a50.1b58: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
1431a50.1b58: New simple heap: #1 0000000000310000 LB 0x400000 (for 1740800 allocation)
1441a50.1b58: System32: \Device\HarddiskVolume2\Windows\System32
1451a50.1b58: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1461a50.1b58: KnownDllPath: C:\Windows\system32
1471a50.1b58: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1481a50.1b58: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1491a50.1b58: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1501a50.1b58: Registered Dll notification callback with NTDLL.
1511a50.1b58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1521a50.1b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1531a50.1b58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1541a50.1b58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1551a50.1b58: supR3HardenedDllNotificationCallback: load 0000000076d40000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1561a50.1b58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1571a50.1b58: supR3HardenedDllNotificationCallback: load 000007fefcd80000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1581a50.1b58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1591a50.1b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1601a50.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d40000 'C:\Windows\system32\kernel32.dll'
1611a50.1b58: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f8b780 pvNtTerminateThread=0000000076fae0e0
162111c.1ca8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 53 ms.
1631a50.1b58: \SystemRoot\System32\ntdll.dll:
1641a50.1b58: CreationTime: 2015-06-07T20:18:44.692022500Z
1651a50.1b58: LastWriteTime: 2015-05-25T18:21:21.289963400Z
1661a50.1b58: ChangeTime: 2015-06-08T15:15:48.471009500Z
1671a50.1b58: FileAttributes: 0x20
1681a50.1b58: Size: 0x1a61c0
1691a50.1b58: NT Headers: 0xe0
1701a50.1b58: Timestamp: 0x556366f2
1711a50.1b58: Machine: 0x8664 - amd64
1721a50.1b58: Timestamp: 0x556366f2
1731a50.1b58: Image Version: 6.1
1741a50.1b58: SizeOfImage: 0x1a9000 (1740800)
1751a50.1b58: Resource Dir: 0x14d000 LB 0x5a028
1761a50.1b58: ProductName: Microsoft® Windows® Operating System
1771a50.1b58: ProductVersion: 6.1.7601.18869
1781a50.1b58: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
1791a50.1b58: FileDescription: NT Layer DLL
1801a50.1b58: \SystemRoot\System32\kernel32.dll:
1811a50.1b58: CreationTime: 2015-06-07T20:18:45.176050200Z
1821a50.1b58: LastWriteTime: 2015-05-25T18:19:02.585000000Z
1831a50.1b58: ChangeTime: 2015-06-08T15:15:49.329011000Z
1841a50.1b58: FileAttributes: 0x20
1851a50.1b58: Size: 0x11be00
1861a50.1b58: NT Headers: 0xe8
1871a50.1b58: Timestamp: 0x556366fc
1881a50.1b58: Machine: 0x8664 - amd64
1891a50.1b58: Timestamp: 0x556366fc
1901a50.1b58: Image Version: 6.1
1911a50.1b58: SizeOfImage: 0x11f000 (1175552)
1921a50.1b58: Resource Dir: 0x116000 LB 0x528
1931a50.1b58: ProductName: Microsoft® Windows® Operating System
1941a50.1b58: ProductVersion: 6.1.7601.18869
1951a50.1b58: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
1961a50.1b58: FileDescription: Windows NT BASE API Client DLL
1971a50.1b58: \SystemRoot\System32\KernelBase.dll:
1981a50.1b58: CreationTime: 2015-06-07T20:18:46.139105300Z
1991a50.1b58: LastWriteTime: 2015-05-25T18:19:02.585000000Z
2001a50.1b58: ChangeTime: 2015-06-08T15:15:49.344611100Z
2011a50.1b58: FileAttributes: 0x20
2021a50.1b58: Size: 0x67c00
2031a50.1b58: NT Headers: 0xe8
2041a50.1b58: Timestamp: 0x556366fd
2051a50.1b58: Machine: 0x8664 - amd64
2061a50.1b58: Timestamp: 0x556366fd
2071a50.1b58: Image Version: 6.1
2081a50.1b58: SizeOfImage: 0x6c000 (442368)
2091a50.1b58: Resource Dir: 0x6a000 LB 0x530
2101a50.1b58: ProductName: Microsoft® Windows® Operating System
2111a50.1b58: ProductVersion: 6.1.7601.18869
2121a50.1b58: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
2131a50.1b58: FileDescription: Windows NT BASE API Client DLL
2141a50.1b58: \SystemRoot\System32\apisetschema.dll:
2151a50.1b58: CreationTime: 2015-06-07T20:18:40.650791400Z
2161a50.1b58: LastWriteTime: 2015-05-25T18:11:40.254000000Z
2171a50.1b58: ChangeTime: 2015-06-08T15:15:48.424209500Z
2181a50.1b58: FileAttributes: 0x20
2191a50.1b58: Size: 0x1a00
2201a50.1b58: NT Headers: 0xc0
2211a50.1b58: Timestamp: 0x55636622
2221a50.1b58: Machine: 0x8664 - amd64
2231a50.1b58: Timestamp: 0x55636622
2241a50.1b58: Image Version: 6.1
2251a50.1b58: SizeOfImage: 0x50000 (327680)
2261a50.1b58: Resource Dir: 0x30000 LB 0x3f8
2271a50.1b58: ProductName: Microsoft® Windows® Operating System
2281a50.1b58: ProductVersion: 6.1.7601.18869
2291a50.1b58: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
2301a50.1b58: FileDescription: ApiSet Schema DLL
2311a50.1b58: supR3HardenedWinFindAdversaries: 0x0
2321a50.1b58: Calling main()
2331a50.1b58: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2341a50.1b58: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2351a50.1b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2361a50.1b58: SUPR3HardenedMain: Respawn #2
2371a50.1b58: supR3HardNtEnableThreadCreation:
2381a50.1b58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
2391a50.1b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2401a50.1b58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2411a50.1b58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2421a50.1b58: supR3HardenedDllNotificationCallback: load 000007fefcb10000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2431a50.1b58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2441a50.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb10000 'C:\Windows\system32\apphelp.dll'
2451a50.1b58: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f8b780 pvNtTerminateThread=0000000076fae0e0
2461a50.1b58: supR3HardenedWinDoReSpawn(2): New child 840.1a80 [kernel32].
2471a50.1b58: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
2481a50.1b58: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076f60000 uNtDllChildAddr=0000000076f60000
2491a50.1b58: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f8b780
2501a50.1b58: supR3HardenedWinSetupChildInit: Start child.
2511a50.1b58: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2521a50.1b58: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
2531a50.1b58: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2541a50.1b58: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
2551a50.1b58: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
2561a50.1b58: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
2571a50.1b58: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
2581a50.1b58: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
2591a50.1b58: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
2601a50.1b58: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
2611a50.1b58: 0000000000051000-fffffffffffb1fff 0x0001/0x0000 0x0000000
2621a50.1b58: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000
2631a50.1b58: 00000000001ec000-00000000001e8fff 0x0104/0x0004 0x0020000
2641a50.1b58: 00000000001ef000-00000000001edfff 0x0004/0x0004 0x0020000
2651a50.1b58: 00000000001f0000-ffffffff8947ffff 0x0001/0x0000 0x0000000
2661a50.1b58: *0000000076f60000-0000000076f60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2671a50.1b58: 0000000076f61000-000000007705efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2681a50.1b58: 000000007705f000-000000007708dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2691a50.1b58: 000000007708e000-0000000077095fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2701a50.1b58: 0000000077096000-0000000077096fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2711a50.1b58: 0000000077097000-0000000077099fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2721a50.1b58: 000000007709a000-0000000077108fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2731a50.1b58: 0000000077109000-000000006f231fff 0x0001/0x0000 0x0000000
2741a50.1b58: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
2751a50.1b58: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2761a50.1b58: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2771a50.1b58: 000000007fff0000-ffffffffc061ffff 0x0001/0x0000 0x0000000
2781a50.1b58: *000000013f9c0000-000000013f9c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2791a50.1b58: 000000013f9c1000-000000013fa45fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2801a50.1b58: 000000013fa46000-000000013fa46fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2811a50.1b58: 000000013fa47000-000000013fa84fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2821a50.1b58: 000000013fa85000-000000013fa85fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2831a50.1b58: 000000013fa86000-000000013fa86fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2841a50.1b58: 000000013fa87000-000000013fa88fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2851a50.1b58: 000000013fa89000-000000013fa89fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2861a50.1b58: 000000013fa8a000-000000013fa8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2871a50.1b58: 000000013fa8b000-000000013fa8efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2881a50.1b58: 000000013fa8f000-000000013fac7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2891a50.1b58: 000000013fac8000-fffff8038030ffff 0x0001/0x0000 0x0000000
2901a50.1b58: *000007feff280000-000007feff280fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2911a50.1b58: 000007feff281000-000007fdfe551fff 0x0001/0x0000 0x0000000
2921a50.1b58: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
2931a50.1b58: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
2941a50.1b58: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
2951a50.1b58: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
2961a50.1b58: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2971a50.1b58: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
2981a50.1b58: VirtualBox.exe: timestamp 0x559faaf3 (rc=VINF_SUCCESS)
2991a50.1b58: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3001a50.1b58: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
3011a50.1b58: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3021a50.1b58: supR3HardNtChildPurify: Done after 285 ms and 0 fixes (loop #0).
3031a50.1b58: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
3041a50.1b58: supR3HardNtEnableThreadCreation:
305840.1a80: Log file opened: 4.3.30r101610 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
306840.1a80: supR3HardenedVmProcessInit: uNtDllAddr=0000000076f60000
307840.1a80: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
308840.1a80: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1740800 allocation)
309840.1a80: System32: \Device\HarddiskVolume2\Windows\System32
310840.1a80: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
311840.1a80: KnownDllPath: C:\Windows\system32
312840.1a80: supR3HardenedVmProcessInit: Opening vboxdrv...
313840.1a80: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
314840.1a80: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
315840.1a80: Registered Dll notification callback with NTDLL.
316840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
317840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
318840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
319840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
320840.1a80: supR3HardenedDllNotificationCallback: load 0000000076d40000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
321840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
322840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcd80000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
323840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
324840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
325840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d40000 'C:\Windows\system32\kernel32.dll'
326840.1a80: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f8b780 pvNtTerminateThread=0000000076fae0e0
3271a50.1b58: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 30 ms.
328840.1a80: \SystemRoot\System32\ntdll.dll:
329840.1a80: CreationTime: 2015-06-07T20:18:44.692022500Z
330840.1a80: LastWriteTime: 2015-05-25T18:21:21.289963400Z
331840.1a80: ChangeTime: 2015-06-08T15:15:48.471009500Z
332840.1a80: FileAttributes: 0x20
333840.1a80: Size: 0x1a61c0
334840.1a80: NT Headers: 0xe0
335840.1a80: Timestamp: 0x556366f2
336840.1a80: Machine: 0x8664 - amd64
337840.1a80: Timestamp: 0x556366f2
338840.1a80: Image Version: 6.1
339840.1a80: SizeOfImage: 0x1a9000 (1740800)
340840.1a80: Resource Dir: 0x14d000 LB 0x5a028
341840.1a80: ProductName: Microsoft® Windows® Operating System
342840.1a80: ProductVersion: 6.1.7601.18869
343840.1a80: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
344840.1a80: FileDescription: NT Layer DLL
345840.1a80: \SystemRoot\System32\kernel32.dll:
346840.1a80: CreationTime: 2015-06-07T20:18:45.176050200Z
347840.1a80: LastWriteTime: 2015-05-25T18:19:02.585000000Z
348840.1a80: ChangeTime: 2015-06-08T15:15:49.329011000Z
349840.1a80: FileAttributes: 0x20
350840.1a80: Size: 0x11be00
351840.1a80: NT Headers: 0xe8
352840.1a80: Timestamp: 0x556366fc
353840.1a80: Machine: 0x8664 - amd64
354840.1a80: Timestamp: 0x556366fc
355840.1a80: Image Version: 6.1
356840.1a80: SizeOfImage: 0x11f000 (1175552)
357840.1a80: Resource Dir: 0x116000 LB 0x528
358840.1a80: ProductName: Microsoft® Windows® Operating System
359840.1a80: ProductVersion: 6.1.7601.18869
360840.1a80: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
361840.1a80: FileDescription: Windows NT BASE API Client DLL
362840.1a80: \SystemRoot\System32\KernelBase.dll:
363840.1a80: CreationTime: 2015-06-07T20:18:46.139105300Z
364840.1a80: LastWriteTime: 2015-05-25T18:19:02.585000000Z
365840.1a80: ChangeTime: 2015-06-08T15:15:49.344611100Z
366840.1a80: FileAttributes: 0x20
367840.1a80: Size: 0x67c00
368840.1a80: NT Headers: 0xe8
369840.1a80: Timestamp: 0x556366fd
370840.1a80: Machine: 0x8664 - amd64
371840.1a80: Timestamp: 0x556366fd
372840.1a80: Image Version: 6.1
373840.1a80: SizeOfImage: 0x6c000 (442368)
374840.1a80: Resource Dir: 0x6a000 LB 0x530
375840.1a80: ProductName: Microsoft® Windows® Operating System
376840.1a80: ProductVersion: 6.1.7601.18869
377840.1a80: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
378840.1a80: FileDescription: Windows NT BASE API Client DLL
379840.1a80: \SystemRoot\System32\apisetschema.dll:
380840.1a80: CreationTime: 2015-06-07T20:18:40.650791400Z
381840.1a80: LastWriteTime: 2015-05-25T18:11:40.254000000Z
382840.1a80: ChangeTime: 2015-06-08T15:15:48.424209500Z
383840.1a80: FileAttributes: 0x20
384840.1a80: Size: 0x1a00
385840.1a80: NT Headers: 0xc0
386840.1a80: Timestamp: 0x55636622
387840.1a80: Machine: 0x8664 - amd64
388840.1a80: Timestamp: 0x55636622
389840.1a80: Image Version: 6.1
390840.1a80: SizeOfImage: 0x50000 (327680)
391840.1a80: Resource Dir: 0x30000 LB 0x3f8
392840.1a80: ProductName: Microsoft® Windows® Operating System
393840.1a80: ProductVersion: 6.1.7601.18869
394840.1a80: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
395840.1a80: FileDescription: ApiSet Schema DLL
396840.1a80: supR3HardenedWinFindAdversaries: 0x0
397840.1a80: Calling main()
398840.1a80: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
399840.1a80: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
400840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
401840.1a80: SUPR3HardenedMain: Final process, opening VBoxDrv...
402840.1a80: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
403840.1a80: supR3HardNtEnableThreadCreation:
404840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
405840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
406840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894cd0:C:\Windows\system32 [calling]
407840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
408840.1a80: supR3HardenedDllNotificationCallback: load 000007fef5670000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
409840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
410840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
411840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
412840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5670000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
413840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
414840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
415840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5670000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
416840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5670000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
417840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
418840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
419840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
420840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
421840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
422840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
423840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
424840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
425840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
426840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
427840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
428840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
429840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
430840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
431840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
432840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
433840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
434840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
435840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
436840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
437840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
438840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
439840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
440840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
441840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
442840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
443840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
444840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
445840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
446840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
447840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894cd0:C:\Windows\system32 [calling]
448840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
449840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd050000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
450840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
451840.1a80: supR3HardenedDllNotificationCallback: load 000007feff1c0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
452840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
453840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcee0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
454840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
455840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcd10000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
456840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
457840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd180000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
458840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
459840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\Wintrust.dll'
460840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
461840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
462840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000090a5a0:C:\Windows\system32 [calling]
463840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
464840.1a80: supR3HardenedDllNotificationCallback: load 000007fefc640000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
465840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
466840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc640000 'C:\Windows\system32\bcrypt.dll'
467840.1a80: bcrypt.dll loaded at 000007fefc640000, BCryptOpenAlgorithmProvider at 000007fefc642640, preloading providers:
468840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
469840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
470840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
471840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
472840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
473840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
474840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
475840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
476840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
477840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
478840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
479840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
480840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
481840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
482840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
483840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
484840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
485840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
486840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
487840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
488840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
489840.1a80: supR3HardenedDllNotificationCallback: load 000007fefc0f0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
490840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
491840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd530000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
492840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
493840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
494840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
495840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
496840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
497840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd720000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
498840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
499840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc0f0000 'C:\Windows\system32\bcryptprimitives.dll'
500840.1a80: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000090bc80)
501840.1a80: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000090eb40)
502840.1a80: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000090ec60)
503840.1a80: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000090ee70)
504840.1a80: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000090ef90)
505840.1a80: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000090f0b0)
506840.1a80: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000090f2f0)
507840.1a80: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000090f410)
508840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
509840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
510840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
511840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
512840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
513840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
514840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
515840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
516840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
517840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
518840.1a80: supR3HardenedDllNotificationCallback: load 000007fefc700000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
519840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
520840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc700000 'C:\Windows\system32\CRYPTSP.dll'
521840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
522840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
523840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
524840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
525840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
526840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
527840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
528840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
529840.1a80: supR3HardenedDllNotificationCallback: load 000007fefc190000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
530840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
531840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc190000 'C:\Windows\system32\rsaenh.dll'
532840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
533840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
534840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd530000 'C:\Windows\system32\ADVAPI32.dll'
535840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
536840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
537840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
538840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
539840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcb70000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
540840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
541840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\CRYPTBASE.dll'
542840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
543840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
544840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d40000 'C:\Windows\system32\kernel32.dll'
545840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
546840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
547840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\WINTRUST.DLL'
548840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
549840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
550840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcee0000 'C:\Windows\system32\CRYPT32.dll'
551840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
552840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
553840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
554840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
555840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
556840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
557840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
558840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
559840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
560840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
561840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
562840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
563840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd2b0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
564840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
565840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\imagehlp.dll'
566840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
567840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
568840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc700000 'C:\Windows\system32\CRYPTSP.dll'
569840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
570840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
571840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
572840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
573840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
574840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
575840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
576840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
577840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
578840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
579840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
580840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
581840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
582840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
583840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
584840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
585840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
586840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
587840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
588840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
589840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
590840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
591840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
592840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
593840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
594840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
595840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
596840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
597840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
598840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
599840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
600840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
601840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
602840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
603840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
604840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
605840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
606840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
607840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
608840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
609840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
610840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
611840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
612840.1a80: supR3HardenedDllNotificationCallback: load 0000000076e60000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
613840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
614840.1a80: supR3HardenedDllNotificationCallback: load 000007fefef50000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
615840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
616840.1a80: supR3HardenedDllNotificationCallback: load 000007feff260000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
617840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
618840.1a80: supR3HardenedDllNotificationCallback: load 000007fefec20000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
619840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
620840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
621840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
622840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef50000 'C:\Windows\system32\gdi32.dll'
623840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
624840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
625840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
626840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
627840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
628840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
629840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
630840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
631840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
632840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
633840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
634840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
635840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
636840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
637840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
638840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
639840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
640840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
641840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
642840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
643840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
644840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
645840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
646840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
647840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
648840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
649840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
650840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
651840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
652840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
653840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
654840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
655840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
656840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd9b0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
657840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
658840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd610000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
659840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
660840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\IMM32.DLL'
661840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e60000 'C:\Windows\system32\USER32.dll'
662840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
663840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
664840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
665840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
666840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
667840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
668840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
669840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
670840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
671840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
672840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
673840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
674840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
675840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
676840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
677840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
678840.1a80: supR3HardenedDllNotificationCallback: load 000007fefc670000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
679840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
680840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc670000 'C:\Windows\system32\ncrypt.dll'
681840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
682840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
683840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc640000 'C:\Windows\system32\bcrypt.dll'
684840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
685840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
686840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
687840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
688840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
689840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
690840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
691840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
692840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
693840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
694840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
695840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
696840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
697840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
698840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
699840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
700840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
701840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
702840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
703840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
704840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
705840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcea0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
706840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
707840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcd20000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
708840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
709840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcea0000 'C:\Windows\system32\USERENV.dll'
710840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
711840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
712840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
713840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
714840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
715840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
716840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
717840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
718840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
719840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
720840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
721840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
722840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
723840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
724840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
725840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
726840.1a80: supR3HardenedDllNotificationCallback: load 000007fefbfb0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
727840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
728840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfb0000 'C:\Windows\system32\GPAPI.dll'
729840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
730840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-WIN-Service-Management-L1-1-0.dll'
731840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
732840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
733840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd180000 'C:\Windows\system32\rpcrt4.dll'
734840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
735840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-WIN-Service-Management-L2-1-0.dll'
736840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
737840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
738840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
739840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
740840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
741840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
742840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
743840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
744840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
745840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
746840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
747840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
748840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
749840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
750840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
751840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
752840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
753840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
754840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
755840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
756840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
757840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
758840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
759840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
760840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
761840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
762840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
763840.1a80: supR3HardenedDllNotificationCallback: load 000007fef9750000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
764840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
765840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd950000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
766840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
767840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
769840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
770840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
772840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
773840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
774840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
775840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
776840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
777840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
778840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
779840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
780840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
781840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
782840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
783840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
784840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
785840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
786840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
787840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
789840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
790840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
791840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
792840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
793840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
795840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
796840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
797840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\cryptnet.dll'
798840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
799840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
800840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
801840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
802840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd20000 'C:\Windows\system32\profapi.dll'
803840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
804840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
805840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
806840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
807840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
808840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
809840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
810840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
811840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
812840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
813840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
814840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
815840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
816840.1a80: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
817840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
818840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
819840.1a80: supR3HardenedDllNotificationCallback: load 000007feff060000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
820840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
821840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'C:\Windows\system32\SHLWAPI.dll'
822840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
823840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002b68380
824840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
825840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EDC3F71C5551972E1510D1BCC6D436D5B6B426E8
826840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
827840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
828840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
829840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-WIN-Service-Management-L1-1-0.dll'
830840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
831840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
832840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
833840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
834840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd530000 'C:\Windows\system32\ADVAPI32.dll'
835840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
836840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
837840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
838840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
839840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
840840.1a80: g_pfnWinVerifyTrust=000007fefd051010
841840.1a80: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
842840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
843840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
844840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
845840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
846840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
847840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
848840.1a80: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
849840.1a80: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
850840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
851840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
852840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
853840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
854840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
855840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
856840.1a80: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
857840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b8 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
858840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
859840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
860840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
861840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
862840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
863840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
864840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
865840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
866840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
867840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
868840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
869840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
870840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
871840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
872840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
873840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
874840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
875840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
876840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
877840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
878840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000268 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
879840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
880840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
881840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
882840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
883840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
884840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
885840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
886840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
887840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
888840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
889840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
890840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
891840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
892840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
893840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
894840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
895840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
896840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
897840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
898840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
899840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
900840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
901840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
902840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=327561BCBADC135831FD13C5C67C5E26F4E2B805
903840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
904840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
905840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
906840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
907840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
908840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
909840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
910840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
911840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
912840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
913840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
914840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
915840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
916840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
917840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
918840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
919840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
920840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
921840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
922840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
923840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
924840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
925840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
926840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
927840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
928840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
929840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
930840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF72C9DFDFB7D1CBA26FE4829B56F7B244C8A875
931840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3079904~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
932840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
933840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
934840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
935840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
936840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
937840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB178841F5FFC6B05E668168217B0AC222A62955
938840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
939840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
940840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
941840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
942840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
943840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
944840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
945840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
946840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
947840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
948840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
949840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
950840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
951840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
952840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
953840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
954840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
955840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
956840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
957840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
958840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=950A18CED6C5D5CAB1335676119FFFE11307EF04
959840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
960840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
961840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
962840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
963840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
964840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
965840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
966840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
967840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
968840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
969840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
970840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
971840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
972840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
973840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
974840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
975840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
976840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
977840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
978840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
979840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
980840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9BBB1FC4DED54F17702B287B63F8FE24EE5D7844
981840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
982840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
983840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
984840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
985840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
986840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
987840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
988840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
989840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
990840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
991840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
992840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
993840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
994840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
995840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
996840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
997840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
998840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
999840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1000840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1001840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1002840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1003840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1004840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1005840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1006840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1007840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1008840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1009840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E38DB7758ACD985E98AD6101CED724203843D038
1010840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1011840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1012840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1013840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1014840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1015840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1016840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1017840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FD34F960ED54F1FB26E76A32FB91273E3093869E
1018840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1019840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1020840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1021840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1022840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1023840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1024840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C47BBB61CB0D4D781B3BEC602422D40A0784762
1025840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1026840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1027840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1028840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1029840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092bc30:C:\Windows\system32 [calling]
1030840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcee0000 'C:\Windows\system32\crypt32.dll'
1031840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1032840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xca2de669f55ba200 C=US, O=Symantec Corporation, CN=Symantec Root 2005 CA
1033840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1034840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1035840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1036840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1037840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3423e6c7a208b400 O=Symantec Corporation, CN=Symantec Root CA
1038840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1039840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1040840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1041840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe0249b57ec7fbc00 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1
1042840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xee325335cd8dba00 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2007
1043840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4a25c87eb933b700 C=RO, O=certSIGN, OU=certSIGN ROOT CA
1044840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3703c8da1585b000 C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Certification Authority Services, OU=Varmennepalvelut, CN=VRK Gov. Root CA
1045840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x8b062bb556fcc300 C=FR, O=Certeurope, OU=0002 434202180, CN=Certeurope Root CA 2
1046840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x977025a7d23db100 C=UY, O=ADMINISTRACION NACIONAL DE CORREOS, OU=SERVICIOS ELECTRONICOS, CN=Correo Uruguayo - Root CA
1047840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x15941d5f68b5c600 CN=ComSign Secured CA, O=ComSign, C=IL
1048840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
1049840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x75a2ccecb8259a00 C=TW, O=Government Root Certification Authority
1050840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3c0043239a65bd00 C=FR, O=Certplus, CN=Class 3TS Primary CA
1051840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
1052840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1053840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa5c88c0a3eb7ab00 CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007
1054840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4701de45a311b800 C=NL, O=Digidentity B.V., CN=Digidentity L3 Root CA - G2
1055840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
1056840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6693ec7ebc027a58 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Public Notary Root
1057840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x49dccfc3945cd200 C=GB, O=Trustis Limited, OU=Trustis EVS Root CA
1058840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xeb7a1ac4eef2cd00 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Platina (Class Platinum) Főtanúsítvány
1059840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x788c2b5ac673bf00 C=CN, O=CFCA GT CA
1060840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x8fe279bdb46fee00 C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority
1061840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe0c6a3a05515a600 C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
1062840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc7d32b6954e4f000 CN=ComSign CA, O=ComSign, C=IL
1063840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1064840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x760668e19592ff00 CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES
1065840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
1066840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xaafa7abb99ab000 O=Cisco Systems, CN=Cisco Root CA 2048
1067840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1068840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1069840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5eb09e2012c300 C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
1070840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xb798ed29328b700 CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica, Email=acraiz@suscerte.gob.ve
1071840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
1072840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1073840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x72b9f9f128f2be00 C=DE, O=DATEV eG, CN=CA DATEV BT 01
1074840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1075840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x41fe5fa9df12c400 C=US, O=AffirmTrust, CN=AffirmTrust Premium
1076840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
1077840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xafc0be88bdf2a800 DC=rs, DC=posta, DC=ca, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=Posta CA Root
1078840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1079840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1080840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x90f3036e613dad00 C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-nQual-03, CN=A-Trust-nQual-03
1081840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd94cd06e3094b700 C=FR, O=Certplus, CN=Class 3 Primary CA
1082840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf08242cb8436b500 C=CZ, CN=I.CA - Qualified Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Accredited Provider of Certification Services
1083840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1084840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
1085840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
1086840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
1087840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x39889aa748eabf00 C=ES, ST=Barcelona, L=Barcelona (see current address at https://www.anf.es/address/), O=ANF Autoridad de Certificación, OU=ANF Clase 1 CA¢?
1088840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x48cc53a3896bab00 C=CO, O=Sociedad Cameral de Certificación Digital - Certicámara S.A., CN=AC Raíz Certicámara S.A.
1089840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd71519e43fd5ba00 C=CA, ST=Ontario, L=Toronto, O=Echoworx Corporation, OU=Certification Services, CN=Echoworx Root CA2
1090840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xade42733bd8d9700 C=us, O=U.S. Government, OU=FBCA, CN=Common Policy
1091840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x1c29714b0c909400 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA1
1092840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1093840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4bc5e0ecc020c800 C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, Email=pki@sk.ee
1094840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xca22f040a77fb200 C=LU, O=LuxTrust s.a., CN=LuxTrust Global Root
1095840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe0b0c3006b04c400 C=LV, OU=Sertifikacijas pakalpojumu dala, CN=E-ME SSI (RCA)
1096840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x59c66911a5cbad00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
1097840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x22c0bfed122ca900 C=CH, O=The Federal Authorities of the Swiss Confederation, OU=Services, OU=Certification Authorities, CN=Swiss Government Root CA II
1098840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd8240de4137fd600 C=IE, O=An Post, OU=Post.Trust Ltd., CN=Post.Trust Root CA
1099840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5295db258780a400 C=CL, ST=Region Metropolitana, L=Santiago, O=E-CERTCHILE, OU=Autoridad Certificadora, Email=sclientes@ccs.cl, CN=E-CERT ROOT CA
1100840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd38f027573ffd300 CN=TÜRKTRUST Elektronik İşlem Hizmetleri, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005
1101840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x292d67d00f91f000 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Certificados Notariales
1102840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa8a0b90e1e0a8700 C=IN, O=India PKI, CN=CCA India 2011
1103840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xea33d3c14ab5d900 C=DE, ST=Baden-Wuerttemberg (BW), L=Stuttgart, O=Deutscher Sparkassen Verlag GmbH, CN=S-TRUST Authentication and Encryption Root CA 2005:PN
1104840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1105840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6e864c7a8071ba00 C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
1106840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x923c3ab73579a1d0 C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
1107840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xbab415bd1e249800 C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
1108840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1109840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4c4391c37e36a900 CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005
1110840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x20a3c30cad008000 C=ES, O=DIRECCION GENERAL DE LA POLICIA, OU=DNIE, CN=AC RAIZ DNIE
1111840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1112840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf7c33b7ebfec9b00 C=SI, O=POSTA, OU=POSTArCA
1113840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1114840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xab7df2a48539b200 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
1115840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
1116840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1117840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xfbf8ea8e6b96ca00 C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
1118840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc3f08e9b8780ab00 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II
1119840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xeb1d2a732928b200 CN=ComSign Global Root CA, O=ComSign Ltd., C=IL
1120840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1121840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf44cbb0f8c74bc00 C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
1122840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x67db7cef8732e500 C=DE, O=DATEV eG, CN=CA DATEV STD 02
1123840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6a4c39c4152dd100 C=CZ, CN=I.CA - Standard root certificate, O=Prvni certifikacni autorita a.s.
1124840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xbf168afe877852f1 C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
1125840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xdf103d404d3cef00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
1126840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x40e7dd0ea446ba00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v2
1127840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1128840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xbeb3e8b6dcbbd000 C=BR, O=Serasa S.A., OU=Serasa CA I, CN=Serasa Certificate Authority I
1129840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x51aead9c4ccdb500 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 4 CA, CN=TC TrustCenter Class 4 CA II
1130840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x177a8452aab3d500 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust Primary Normalised CA
1131840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x449f1b13efa09400 C=CH, O=SwissSign AG, CN=SwissSign Platinum Root CA - G3
1132840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x862f01f4720ec800 C=CH, O=The Federal Authorities of the Swiss Confederation, OU=Services, OU=Certification Authorities, CN=Swiss Government Root CA I
1133840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xda5f1cc8fc5ca000 C=CZ, O=Česká pošta, s.p. [IČ 47114983], CN=PostSignum Root QCA 2
1134840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xdff6d845073c8b00 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1
1135840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x2f371157ab2ac600 C=ES, O=Generalitat Valenciana, OU=PKIGVA, CN=Root CA Generalitat Valenciana
1136840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
1137840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x1a1ea800c447f200 C=BR, O=Serasa S.A., OU=Serasa CA III, CN=Serasa Certificate Authority III
1138840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xada18517b3fdc600 C=FR, O=KEYNECTIS, OU=ROOT, CN=KEYNECTIS ROOT CA
1139840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
1140840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
1141840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1142840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x87b3c722f299c800 C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (RootCA)
1143840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
1144840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x68dbf810c635b900 C=JP, O=LGPKI, OU=Application CA G2
1145840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x71b9b0629cdac200 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA III
1146840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x94b9196cd23ff000 C=DE, O=DATEV eG, CN=CA DATEV INT 02
1147840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
1148840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1149840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x52273f34861cc300 C=IT, L=Milano, O=Actalis S.p.A./03358520967, CN=Actalis Authentication CA G1
1150840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xebbf1d700c008a00 C=US, O=Verizon Business, OU=OmniRoot, CN=Verizon Global Root CA
1151840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x94fb3f125608a800 C=CZ, CN=I.CA - Standard Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Provider of Certification Services
1152840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5a341635fb75d800 C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
1153840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1154840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x236696801e5e9900 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA3
1155840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
1156840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7c71e6059b87be00 C=CH, O=SwissSign AG, CN=SwissSign Silver Root CA - G3
1157840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1158840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6a3ad06184a0ee00 CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., C=TR
1159840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xad77733ff735d300 C=CN, O=CNNIC, CN=CNNIC ROOT
1160840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xdaad63f38ff8e900 C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, Email=info@e-szigno.hu
1161840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1162840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xcfb22061f662ac00 C=DK, O=TDC, CN=TDC OCES CA
1163840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1164840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1165840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7d2686ca075db300 C=CN, O=UniTrust, CN=UCA Root
1166840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5784013b5c9c9d00 CN=ComSign Advanced Security CA
1167840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5c39bb51bbe0b400 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II
1168840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x80932303749f217 C=SI, O=Halcom, CN=Halcom CA PO 2
1169840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x8b7607cf260bd500 C=si, O=state-institutions, OU=sigov-ca
1170840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x8f874e74e06da700 C=JP, O=Japanese Government, OU=ApplicationCA
1171840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x23f085ee57b2b400 C=ES, O=Consejo General de la Abogacia NIF:Q-2863006I, CN=Autoridad de Certificacion de la Abogacia
1172840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x831827e970529d00 C=ES, O=Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN=ANCERT Certificados CGN V2
1173840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5534b165029017e7 C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
1174840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7052e7f4a064c100 Øî¥?
1175840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd80363d60552ca00 CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=ANKARA, O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
1176840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address)
1177840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe6519d844e429500 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
1178840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc9b005046ffea100 C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA1
1179840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1180840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xff91db7d3f31b300 CN=TÜRKTRUST Elektronik İşlem Hizmetleri, C=TR, L=ANKARA, O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
1181840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa09adb78d220ae00 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust Primary Qualified CA
1182840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1183840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1184840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
1185840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xce3493bee81cce00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v1
1186840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa16e1e56de57af00 C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
1187840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x2a6a1dc6b9e6b200 C=ES, O=Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN=ANCERT Certificados Notariales V2
1188840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x185da5e55536b700 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
1189840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca999312534d200 C=CH, O=admin, OU=Services, OU=Certification Authorities, CN=AdminCA-CD-T01
1190840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x90af44962377a400 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA I
1191840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x25debfb1cdcddc00 CN=AC1 RAIZ MTIN
1192840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xaec72ec8296bc300 C=FR, O=Certplus, CN=Class 1 Primary CA
1193840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
1194840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf274f0a48808ab00 C=CZ, CN=I.CA - Qualified root certificate, O=První certifikační autorita, a.s.
1195840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1196840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1197840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xdb2cd5c20d0aaf00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
1198840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6429d974d78ea400 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
1199840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x33c562d0d11fb200 C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A, Email=igca@sgdn.pm.gouv.fr
1200840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1201840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x665014bdbcc8f800 O=Cybertrust, Inc, CN=Cybertrust Global Root
1202840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
1203840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xbbd90ca8b0b9d000 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
1204840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5536e4a191fbb300 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
1205840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1206840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x19c084be4feaba00 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA A
1207840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x92d01fe10011c900 C=US, O=VISA, OU=Visa International Service Association, CN=Visa Information Delivery Root CA
1208840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
1209840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x363d9b00b34fcb00 C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
1210840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
1211840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa8aca89ee6edc000 C=SE, O=Inera AB, CN=SITHS Root CA v1
1212840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1213840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf8dae202a2dfca00 C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
1214840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7637cbb5cf9ce200 C=SG, O=Netrust Certificate Authority 1, OU=Netrust CA1
1215840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
1216840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xfe74e9a1fda3c000 C=DE, O=DATEV eG, CN=CA DATEV INT 01
1217840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1218840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x783bbdee737e9b00 C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root
1219840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1220840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x9b3ae4d356dfc000 C=EU, L=Madrid (see current address at www.camerfirma.com/address)
1221840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x69785d02da6eb500 C=ES, O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, L=Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, CN=Izenpe.com, Email=Info@izenpe.com
1222840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf8491584e4cdb300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 2 CA 2007
1223840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
1224840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1225840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xfe3e3d933619ad3f C=ES, O=FNMT, OU=FNMT Clase 2 CA
1226840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe05fe608c95b000 C=IL, O=PersonalID Ltd., OU=Certificate Services, CN=PersonalID Trustworthy RootCA 2011
1227840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
1228840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xcfd21c88249eb300 C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-03, CN=A-Trust-Qual-03
1229840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd607333e36718100 Email=pki@sk.ee, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK
1230840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xdc94c92cf53db900 C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
1231840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4e5147f555f3c100 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA B
1232840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x64acc0b265e5b000 C=si, O=state-institutions, OU=sigen-ca
1233840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1234840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5901ca5aa77fd00 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
1235840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd0353b9e7b50c500 C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
1236840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x556cacd82e35af00 C=US, O=SecureTrust Corporation, CN=Secure Global CA
1237840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x99f15213ef3bc100 CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica, Email=acraiz@suscerte.gob.ve
1238840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe4dba5da41bbe600 C=DE, O=DATEV eG, CN=CA DATEV BT 02
1239840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
1240840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa9c86e43a2efdb00 C=PT, O=SCEE, CN=ECRaizEstado
1241840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf0ca9d354a179000 C=FI, O=Sonera, CN=Sonera Class2 CA
1242840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf23ec9c15254b300 C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
1243840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1244840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1245840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7052e7f4a064c100 L=Alvaro Obregon, ST=Distrito Federal, C=MX?
1246840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe8985fec4712d200 C=AT, L=Vienna, ST=Austria, O=ARGE DATEN - Austrian Society for Data Protection, OU=GLOBALTRUST Certification Service, CN=GLOBALTRUST, Email=info@globaltrust.info
1247840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xae429fd0a270a200 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
1248840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1249840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5b9d66b2891fad00 C=BR, O=Serasa S.A., OU=Serasa CA II, CN=Serasa Certificate Authority II
1250840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
1251840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xafe3d3869f859d00 C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorité Racine
1252840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3b2a6f973b859500 CN=Atos TrustedRoot 2011, O=Atos, C=DE
1253840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1254840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xfd887dc131f69200 C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig
1255840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6b2e1733cc84b400 C=US, O=AffirmTrust, CN=AffirmTrust Networking
1256840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x4297e24fc722b300 C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
1257840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1258840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xfe221444afe0cb00 C=ch, O=admin, OU=Services, OU=Certification Authorities, CN=Admin-Root-CA
1259840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
1260840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1261840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa9cc8cfa2245a100 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA C
1262840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
1263840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xcd7b81d500c8ed00 C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
1264840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
1265840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x419b60ebff37ab00 C=FR, O=Certplus, CN=Class 3P Primary CA
1266840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xb8ce920e1b50ac00 C=ES, O=Colegio de Registradores de la Propiedad y Mercantiles de España, OU=Certificado Propio, CN=Registradores de España - CA Raíz
1267840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x2676db9b15412b5a C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA
1268840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa7f9b4b9d484dd00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
1269840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xe69c54164257cc00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
1270840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x3a8810ff4b6d8a00 C=TR, L=Gebze - Kocaeli, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
1271840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x9830119f287caa00 C=FR, O=ANSSI, OU=0002 130007669, CN=IGC/A AC racine Etat francais
1272840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x7f2bd4d15bd9c500 C=SE, O=Carelink, CN=SITHS CA v3
1273840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xfa20c4eccee39700 C=DE, O=DATEV eG, CN=CA DATEV STD 01
1274840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1275840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd5f715744f1cca00 C=SE, O=Swedish Social Insurance Agency, CN=Swedish Government Root Authority v1
1276840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xcaac0c3f3f759000 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Certificados CGN
1277840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x817a1151b5d29800 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
1278840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xeb8adc879521a200 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Corporaciones de Derecho Publico
1279840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x957cec0256a8da00 CN=SG TRUST SERVICES RACINE, OU=0002 43525289500022, O=SG TRUST SERVICES, C=FR
1280840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf63f5006e5b3da00 C=CN, O=UniTrust, CN=UCA Global Root
1281840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x9d5a65c89fe8c300 C=CH, O=SwissSign AG, CN=SwissSign Gold Root CA - G3
1282840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x2f5561fdf9b89b00 C=LV, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, OU=Sertifikacijas pakalpojumi, CN=VAS Latvijas Pasts SSI(RCA)
1283840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1284840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa674f2b1f89b500 C=FI, O=Sonera, CN=Sonera Class1 CA
1285840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x5dcc74a787f8b600 C=MO, O=Macao Post, CN=Macao Post eSignTrust Root Certification Authority (G02)
1286840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x6d4bbe735e24c400 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
1287840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1288840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf1fbd6404bd4a500 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust TOP Root CA
1289840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1290840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x407c0c3d7576bf00 C=SI, O=ACNLB
1291840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x9de5960126a3bc00 C=SI, O=Halcom, CN=Halcom CA FO
1292840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1293840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1294840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xf03913fae404bc00 C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1
1295840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xd43dd8b22552c700 C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, Email=info@netlock.hu
1296840.1a80: supR3HardenedWinIsDesiredRootCA: Adding 0xdf603f23927b9600 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA2
1297840.1a80: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=266
1298840.1a80: SUPR3HardenedMain: Load Runtime...
1299840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1300840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1301840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1302840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1303840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1304840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1305840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1306840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1307840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1308840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1309840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1310840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1311840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1312840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1313840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1314840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1315840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1316840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1317840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1318840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1319840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1320840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1321840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1322840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1323840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1324840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1325840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1326840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1327840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1328840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1329840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1330840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1331840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1332840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1333840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1334840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1335840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1336840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1337840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1338840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1339840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1340840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1341840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
1342840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1343840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1344840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1345840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1346840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1347840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1348840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1349840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1350840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1351840.1a80: supR3HardenedDllNotificationCallback: load 000007fee1f60000 LB 0x00537000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1352840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1353840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1354840.1a80: supR3HardenedDllNotificationCallback: load 0000000052c10000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1355840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1356840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1357840.1a80: supR3HardenedDllNotificationCallback: load 0000000052d30000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1358840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1359840.1a80: supR3HardenedDllNotificationCallback: load 000007fefebd0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1360840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1361840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd0d0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1362840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1363840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1364840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
1365840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1366840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1367840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
1368840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1369840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1370840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
1371840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1372840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1373840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
1374840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1375840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1376840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
1377840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1378840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1379840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
1380840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1381840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1382840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1383840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1384840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1385840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1386840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1387840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1388840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1389840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
1390840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1391840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1392840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1393840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1394840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1395840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1396840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1397840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1398840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1399840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1400840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1401840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1402840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1403840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1404840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1405840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1406840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1407840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008956c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Hewlett-Packard\HP Performance Advisor;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\HP\HP Performance Advisor [calling]
1408840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1409840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1410840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1411840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1412840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1413840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000038a1860:C:\Windows\system32 [calling]
1414840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\Wintrust.dll'
1415840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1416840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000038a1860:C:\Windows\system32 [calling]
1417840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcee0000 'C:\Windows\system32\crypt32.dll'
1418840.1a80: SUPR3HardenedMain: Load TrustedMain...
1419840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1420840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1421840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1422840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1423840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1424840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1425840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1426840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1427840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1428840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1429840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1430840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1431840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1432840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1433840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1434840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1435840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1436840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1437840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1438840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1439840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1440840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1441840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1442840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1443840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1444840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1445840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1446840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1447840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1448840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1449840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1450840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1451840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1452840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1453840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1454840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1455840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1456840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1457840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1458840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1459840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1460840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1461840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1462840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1463840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1464840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1465840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1466840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1467840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1468840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1469840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1470840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1471840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1472840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1473840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1474840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1475840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1476840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1477840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1478840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1479840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1480840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1481840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1482840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1483840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1484840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1485840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
1486840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1487840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1488840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1489840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1490840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1491840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1492840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1493840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1494840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1495840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1496840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1497840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1498840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1499840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ED534A13973A0F8A98CD4EDC6CBC56E0448E994
1500840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3039066~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1501840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1502840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1503840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1504840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1505840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1506840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
1507840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1508840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1509840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1510840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1511840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1512840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1513840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1514840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1515840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1516840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1517840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1518840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1519840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1520840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1521840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1522840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1523840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1524840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1525840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1526840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1527840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1528840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1529840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1530840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1531840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1532840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1533840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1534840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1535840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1536840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1537840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1538840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1539840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1540840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1541840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1542840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1543840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1544840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1545840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1546840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1547840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1548840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1549840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1550840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1551840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1552840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1553840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1554840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1555840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1556840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1557840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1558840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1559840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1560840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1561840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1562840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1563840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1564840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1565840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1566840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1567840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1568840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1569840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1570840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1571840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1572840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1573840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1574840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1575840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1576840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1577840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1578840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1579840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1580840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1581840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1582840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
1583840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1584840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1585840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1586840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1587840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1588840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1589840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1590840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1591840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1592840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1593840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1594840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1595840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1596840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1597840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1598840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1599840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1600840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
1601840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1602840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1603840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1604840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1605840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1606840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1607840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1608840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1609840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1610840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1611840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1612840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1613840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
1614840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1615840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1616840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1617840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1618840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1619840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1620840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1621840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1622840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1623840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1624840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1625840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1626840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1627840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1628840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1629840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1630840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1631840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1632840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1633840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1634840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1635840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1636840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1637840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1638840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1639840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1640840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1641840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1642840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1643840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1644840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1645840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1646840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1647840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1648840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1649840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1650840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1651840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1652840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1653840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1654840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1655840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1656840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1657840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1658840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1659840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1660840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1661840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1662840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1663840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1664840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1665840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1666840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1667840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1668840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1669840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
1670840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1671840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1672840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1673840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1674840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1675840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1676840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1677840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1678840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1679840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1680840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1681840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1682840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1683840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1684840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1685840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1686840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1687840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1688840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1689840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1690840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1691840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1692840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1693840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1695840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1696840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1697840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1698840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1699840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1700840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1701840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1702840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1703840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1704840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1705840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1706840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1707840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1708840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1709840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1710840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1711840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1712840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1713840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1714840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1715840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1716840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1717840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1718840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1719840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1720840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1721840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1722840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1723840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1724840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1725840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1726840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1727840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1728840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1729840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1730840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1731840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1732840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1733840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1734840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1735840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1736840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1737840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1738840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1739840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1740840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1741840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1742840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1743840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1744840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1745840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1746840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1747840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1748840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1749840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1750840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1751840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1752840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1753840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
1754840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1755840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1756840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1757840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1758840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1759840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1760840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1761840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1762840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1763840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1764840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1765840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1766840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1767840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1768840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1769840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1770840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1771840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1772840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1773840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1774840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1775840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1776840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1777840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1778840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1779840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1780840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1781840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1782840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1783840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1784840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1785840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1786840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1787840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1788840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1789840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1790840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1791840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1792840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1793840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C408F88301F22BE596490B4A80BD2E09034763B4
1794840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3048761~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1795840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1796840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1797840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1798840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1799840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
1800840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1801840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1802840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1803840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1804840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1805840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1806840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1807840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1808840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1809840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1810840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1811840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1812840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1813840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1814840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1815840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1816840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
1817840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1818840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1819840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1820840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1821840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1822840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1823840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1824840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1825840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8C9D8A0CA28E607D6CBDB572E9C7896DA20280E0
1826840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3079904~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1827840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1828840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1829840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1830840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1831840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
1832840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1833840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1834840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1835840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1836840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1837840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1838840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1839840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1840840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1841840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1842840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1843840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1844840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1845840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1846840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1847840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1848840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1849840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1850840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1851840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1852840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1853840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
1854840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1855840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1856840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1857840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1858840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1859840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1860840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1861840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1862840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1863840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1864840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1865840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1866840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1867840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1868840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1869840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1870840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1871840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1872840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1873840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1874840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1875840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1876840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1877840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
1878840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1879840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1880840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1881840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1882840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1883840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1884840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1885840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1886840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1887840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1888840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1889840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1890840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1891840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1892840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1893840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1894840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1895840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1896840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1897840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1898840.1a80: supR3HardenedDllNotificationCallback: load 000007fee16e0000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1899840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1900840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1901840.1a80: supR3HardenedDllNotificationCallback: load 000007fee6600000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1902840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1903840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1904840.1a80: supR3HardenedDllNotificationCallback: load 000007fef2220000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1905840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1906840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1907840.1a80: supR3HardenedDllNotificationCallback: load 000007fef2250000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1908840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1909840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1910840.1a80: supR3HardenedDllNotificationCallback: load 000007fef2680000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1911840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1912840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd2d0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1913840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1914840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcd40000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1915840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1916840.1a80: supR3HardenedDllNotificationCallback: load 000007feff0e0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1917840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1918840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd740000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1919840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1920840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcec0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1921840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1922840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1923840.1a80: supR3HardenedDllNotificationCallback: load 000007fef8990000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1924840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1925840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1926840.1a80: supR3HardenedDllNotificationCallback: load 0000000052930000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1927840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1928840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1929840.1a80: supR3HardenedDllNotificationCallback: load 0000000077690000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1930840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1931840.1a80: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1932840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1933840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1934840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1935840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1936840.1a80: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1937840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1938840.1a80: supR3HardenedDllNotificationCallback: load 000007fef70b0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1939840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1940840.1a80: supR3HardenedDllNotificationCallback: load 000007fefdcb0000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1941840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1942840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1943840.1a80: supR3HardenedDllNotificationCallback: load 000007fefab80000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1944840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1945840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1946840.1a80: supR3HardenedDllNotificationCallback: load 000007fef8b30000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1947840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1948840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1949840.1a80: supR3HardenedDllNotificationCallback: load 0000000052820000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1950840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1951840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1952840.1a80: supR3HardenedDllNotificationCallback: load 0000000052740000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1953840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1954840.1a80: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1955840.1a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1956840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1957840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1958840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1959840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1960840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1961840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1962840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1963840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f3f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1964840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\Windows\system32\imm32.dll'
1965840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee16e0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1966840.1a80: SUPR3HardenedMain: Calling TrustedMain (000007fee16e1ca0)...
1967840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1968840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1969840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab80000 'C:\Windows\system32\winmm.dll'
1970840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c4 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1971840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
1972840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
1973840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1974840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1975840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1976840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1977840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1978840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1979840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
1980840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1981840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1982840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1983840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1984840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1985840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1986840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1987840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e65f80:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1988840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1989840.1a80: supR3HardenedDllNotificationCallback: load 000007fefb060000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1990840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1991840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb060000 'C:\Windows\system32\uxtheme.dll'
1992840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1993840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e65f80:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1994840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb060000 'C:\Windows\system32\uxtheme.dll'
1995840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1996840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e66c90:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1997840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb060000 'C:\Windows\system32\uxtheme.dll'
1998840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1999840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e66c90:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2000840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb060000 'C:\Windows\system32\uxtheme.dll'
2001840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2002840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2003840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\dwmapi.dll'
2004840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2005840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2006840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\CRYPTBASE.dll'
2007840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2008840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2009840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\shell32.dll'
2010840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2011840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2012840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d40000 'C:\Windows\system32\kernel32.dll'
2013840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2014840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2015840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb060000 'C:\Windows\system32\uxtheme.dll'
2016840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2017840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2018840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb060000 'C:\Windows\system32\uxtheme.dll'
2019840.1a80: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2020840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2021840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2022840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e60000 'C:\Windows\system32\user32.dll'
2023840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2024840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2025840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb060000 'C:\Windows\system32\uxtheme.dll'
2026840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e60000 'C:\Windows\system32\user32.dll'
2027840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd530000 'C:\Windows\system32\advapi32.dll'
2028840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2029840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2030840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcea0000 'C:\Windows\system32\userenv.dll'
2031840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2032840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2033840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d40000 'C:\Windows\system32\kernel32.dll'
2034840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2035840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
2036840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
2037840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2038840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2039840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2040840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2041840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2042840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2043840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2044840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2045840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2046840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
2047840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2048840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2049840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2050840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2051840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2052840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2053840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2054840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2055840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2056840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2057840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2058840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2059840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2060840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2061840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2062840.1a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2063840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f360:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2064840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2065840.1a80: supR3HardenedDllNotificationCallback: load 000007fefefc0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2066840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2067840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'C:\Windows\system32\CLBCatQ.DLL'
2068840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd530000 'C:\Windows\system32\ADVAPI32.dll'
2069840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2070840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f900:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2071840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc700000 'C:\Windows\system32\CRYPTSP.dll'
2072840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000640 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2073840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
2074840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
2075840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2076840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2077840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2078840.1a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2079840.1a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
2080840.1a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2081840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2082840.1a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2083840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095f900:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2084840.1a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2085840.1a80: supR3HardenedDllNotificationCallback: load 000007fefcc60000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2086840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2087840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc60000 'C:\Windows\system32\RpcRtRemote.dll'
2088840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef50000 'C:\Windows\system32\gdi32.dll'
2089840.1a80: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2090840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095fcf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2091840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2092840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2093840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095fcf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2094840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\shell32.dll'
2095840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2096840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095fcf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2097840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\shell32.dll'
2098840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2099840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095fcf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2100840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\shell32.dll'
2101840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2102840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095fcf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2103840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\shell32.dll'
2104840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\shell32.dll'
2105840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\shell32.dll'
2106840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e60000 'C:\Windows\system32\user32.dll'
2107840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2108840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095fcf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2109840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd530000 'C:\Windows\system32\ADVAPI32.dll'
2110840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2111840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095fcf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2112840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd740000 'C:\Windows\system32\ole32.dll'
2113840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2114840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000095ff30:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2115840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd740000 'C:\Windows\system32\ole32.dll'
2116840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2117840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e66df0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2118840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd610000 'C:\Windows\system32\MSCTF.dll'
2119840.1a80: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
2120840.1a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
2121840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2122840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b68380
2123840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b68380
2124840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2125840.1a80: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2126840.1a80: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2127840.1a80: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2128840.1a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000095ff30:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2129840.1a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef70b0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2130840.1a80: Terminating the normal way: rcExit=1
21311a50.1b58: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 12435 ms, the end);
2132111c.1ca8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 12795 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy