VirtualBox

Ticket #14396: Normalstart_VBoxStartup.log

File Normalstart_VBoxStartup.log, 441.7 KB (added by gameacid13, 9 years ago)
Line 
18a8.3754: Log file opened: 5.0.0r101573 g_hStartupLog=00000000000000ac g_uNtVerCombined=0x611db110
28a8.3754: \SystemRoot\System32\ntdll.dll:
38a8.3754: CreationTime: 2015-06-10T11:29:53.119585000Z
48a8.3754: LastWriteTime: 2015-05-25T18:21:21.289963400Z
58a8.3754: ChangeTime: 2015-07-06T10:05:04.528665800Z
68a8.3754: FileAttributes: 0x20
78a8.3754: Size: 0x1a61c0
88a8.3754: NT Headers: 0xe0
98a8.3754: Timestamp: 0x556366f2
108a8.3754: Machine: 0x8664 - amd64
118a8.3754: Timestamp: 0x556366f2
128a8.3754: Image Version: 6.1
138a8.3754: SizeOfImage: 0x1a9000 (1740800)
148a8.3754: Resource Dir: 0x14d000 LB 0x5a028
158a8.3754: ProductName: Microsoft® Windows® Operating System
168a8.3754: ProductVersion: 6.1.7601.18869
178a8.3754: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
188a8.3754: FileDescription: NT Layer DLL
198a8.3754: \SystemRoot\System32\kernel32.dll:
208a8.3754: CreationTime: 2015-06-10T11:29:51.990441600Z
218a8.3754: LastWriteTime: 2015-05-25T18:19:02.585000000Z
228a8.3754: ChangeTime: 2015-07-06T10:05:10.394276100Z
238a8.3754: FileAttributes: 0x20
248a8.3754: Size: 0x11be00
258a8.3754: NT Headers: 0xe8
268a8.3754: Timestamp: 0x556366fc
278a8.3754: Machine: 0x8664 - amd64
288a8.3754: Timestamp: 0x556366fc
298a8.3754: Image Version: 6.1
308a8.3754: SizeOfImage: 0x11f000 (1175552)
318a8.3754: Resource Dir: 0x116000 LB 0x528
328a8.3754: ProductName: Microsoft® Windows® Operating System
338a8.3754: ProductVersion: 6.1.7601.18869
348a8.3754: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
358a8.3754: FileDescription: Windows NT BASE API Client DLL
368a8.3754: \SystemRoot\System32\KernelBase.dll:
378a8.3754: CreationTime: 2015-06-10T11:29:51.861925300Z
388a8.3754: LastWriteTime: 2015-05-25T18:19:02.585000000Z
398a8.3754: ChangeTime: 2015-07-06T10:05:10.519076300Z
408a8.3754: FileAttributes: 0x20
418a8.3754: Size: 0x67c00
428a8.3754: NT Headers: 0xe8
438a8.3754: Timestamp: 0x556366fd
448a8.3754: Machine: 0x8664 - amd64
458a8.3754: Timestamp: 0x556366fd
468a8.3754: Image Version: 6.1
478a8.3754: SizeOfImage: 0x6c000 (442368)
488a8.3754: Resource Dir: 0x6a000 LB 0x530
498a8.3754: ProductName: Microsoft® Windows® Operating System
508a8.3754: ProductVersion: 6.1.7601.18869
518a8.3754: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
528a8.3754: FileDescription: Windows NT BASE API Client DLL
538a8.3754: \SystemRoot\System32\apisetschema.dll:
548a8.3754: CreationTime: 2015-06-10T11:29:49.545131100Z
558a8.3754: LastWriteTime: 2015-05-25T18:11:40.254000000Z
568a8.3754: ChangeTime: 2015-07-06T10:05:04.263465300Z
578a8.3754: FileAttributes: 0x20
588a8.3754: Size: 0x1a00
598a8.3754: NT Headers: 0xc0
608a8.3754: Timestamp: 0x55636622
618a8.3754: Machine: 0x8664 - amd64
628a8.3754: Timestamp: 0x55636622
638a8.3754: Image Version: 6.1
648a8.3754: SizeOfImage: 0x50000 (327680)
658a8.3754: Resource Dir: 0x30000 LB 0x3f8
668a8.3754: ProductName: Microsoft® Windows® Operating System
678a8.3754: ProductVersion: 6.1.7601.18869
688a8.3754: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
698a8.3754: FileDescription: ApiSet Schema DLL
708a8.3754: Found driver aswVmm (0x4)
718a8.3754: Found driver aswHwid (0x4)
728a8.3754: Found driver aswStm (0x4)
738a8.3754: Found driver aswRvrt (0x4)
748a8.3754: supR3HardenedWinFindAdversaries: 0x84
758a8.3754: \SystemRoot\System32\drivers\aswHwid.sys:
768a8.3754: CreationTime: 2014-06-24T02:04:08.156565200Z
778a8.3754: LastWriteTime: 2015-06-09T22:43:55.772405200Z
788a8.3754: ChangeTime: 2015-06-09T22:44:09.156170700Z
798a8.3754: FileAttributes: 0x20
808a8.3754: Size: 0x71f0
818a8.3754: NT Headers: 0xe8
828a8.3754: Timestamp: 0x55364a20
838a8.3754: Machine: 0x8664 - amd64
848a8.3754: Timestamp: 0x55364a20
858a8.3754: Image Version: 6.0
868a8.3754: SizeOfImage: 0xa000 (40960)
878a8.3754: Resource Dir: 0x8000 LB 0x470
888a8.3754: ProductName: Avast Antivirus
898a8.3754: ProductVersion: 10.2.2218.942
908a8.3754: FileVersion: 10.2.2218.942
918a8.3754: SpecialBuild: feb2012
928a8.3754: PrivateBuild: 0SpecialBuild
938a8.3754: FileDescription: avast! HWID
948a8.3754: \SystemRoot\System32\drivers\aswMonFlt.sys:
958a8.3754: CreationTime: 2012-07-01T13:56:44.589062100Z
968a8.3754: LastWriteTime: 2015-06-09T22:43:55.783405800Z
978a8.3754: ChangeTime: 2015-06-09T22:44:09.157170800Z
988a8.3754: FileAttributes: 0x20
998a8.3754: Size: 0x15f58
1008a8.3754: NT Headers: 0xd8
1018a8.3754: Timestamp: 0x55364a04
1028a8.3754: Machine: 0x8664 - amd64
1038a8.3754: Timestamp: 0x55364a04
1048a8.3754: Image Version: 6.0
1058a8.3754: SizeOfImage: 0x24000 (147456)
1068a8.3754: Resource Dir: 0x22000 LB 0x3c8
1078a8.3754: ProductName: Avast Antivirus
1088a8.3754: ProductVersion: 10.2.2218.942
1098a8.3754: FileVersion: 10.2.2218.942
1108a8.3754: FileDescription: avast! File System Minifilter for Windows 2003/Vista
1118a8.3754: \SystemRoot\System32\drivers\aswRdr2.sys:
1128a8.3754: CreationTime: 2012-07-01T13:56:45.899464400Z
1138a8.3754: LastWriteTime: 2015-06-09T22:43:55.167370600Z
1148a8.3754: ChangeTime: 2015-06-09T22:44:09.158170800Z
1158a8.3754: FileAttributes: 0x20
1168a8.3754: Size: 0x16d58
1178a8.3754: NT Headers: 0xf0
1188a8.3754: Timestamp: 0x55364a2b
1198a8.3754: Machine: 0x8664 - amd64
1208a8.3754: Timestamp: 0x55364a2b
1218a8.3754: Image Version: 6.1
1228a8.3754: SizeOfImage: 0x1a000 (106496)
1238a8.3754: Resource Dir: 0x18000 LB 0x3b0
1248a8.3754: ProductName: Avast Antivirus
1258a8.3754: ProductVersion: 10.2.2218.942
1268a8.3754: FileVersion: 10.2.2218.942 built by: WinDDK
1278a8.3754: FileDescription: avast! WFP Redirect Driver
1288a8.3754: \SystemRoot\System32\drivers\aswRvrt.sys:
1298a8.3754: CreationTime: 2013-04-15T16:22:20.635059800Z
1308a8.3754: LastWriteTime: 2015-06-09T22:43:55.803407000Z
1318a8.3754: ChangeTime: 2015-06-09T22:44:09.158170800Z
1328a8.3754: FileAttributes: 0x20
1338a8.3754: Size: 0x100c8
1348a8.3754: NT Headers: 0xf8
1358a8.3754: Timestamp: 0x55364a0b
1368a8.3754: Machine: 0x8664 - amd64
1378a8.3754: Timestamp: 0x55364a0b
1388a8.3754: Image Version: 6.0
1398a8.3754: SizeOfImage: 0x13000 (77824)
1408a8.3754: Resource Dir: 0x11000 LB 0x470
1418a8.3754: ProductName: Avast Antivirus
1428a8.3754: ProductVersion: 10.2.2218.942
1438a8.3754: FileVersion: 10.2.2218.942
1448a8.3754: SpecialBuild: feb2012
1458a8.3754: PrivateBuild: 0SpecialBuild
1468a8.3754: FileDescription: avast! Revert
1478a8.3754: \SystemRoot\System32\drivers\aswSnx.sys:
1488a8.3754: CreationTime: 2012-07-01T13:56:45.431463500Z
1498a8.3754: LastWriteTime: 2015-06-09T22:43:18.941298600Z
1508a8.3754: ChangeTime: 2015-06-09T22:44:09.158170800Z
1518a8.3754: FileAttributes: 0x20
1528a8.3754: Size: 0xffb18
1538a8.3754: NT Headers: 0xf0
1548a8.3754: Timestamp: 0x55364a30
1558a8.3754: Machine: 0x8664 - amd64
1568a8.3754: Timestamp: 0x55364a30
1578a8.3754: Image Version: 6.0
1588a8.3754: SizeOfImage: 0x104000 (1064960)
1598a8.3754: Resource Dir: 0xfc000 LB 0x390
1608a8.3754: ProductName: Avast Antivirus
1618a8.3754: ProductVersion: 10.2.2218.942
1628a8.3754: FileVersion: 10.2.2218.942
1638a8.3754: FileDescription: avast! Virtualization Driver
1648a8.3754: \SystemRoot\System32\drivers\aswsp.sys:
1658a8.3754: CreationTime: 2012-07-01T13:56:47.147466600Z
1668a8.3754: LastWriteTime: 2015-06-26T22:44:28.488231300Z
1678a8.3754: ChangeTime: 2015-06-26T22:44:28.488231300Z
1688a8.3754: FileAttributes: 0x20
1698a8.3754: Size: 0x6bf98
1708a8.3754: NT Headers: 0xf0
1718a8.3754: Timestamp: 0x558d01d0
1728a8.3754: Machine: 0x8664 - amd64
1738a8.3754: Timestamp: 0x558d01d0
1748a8.3754: Image Version: 6.0
1758a8.3754: SizeOfImage: 0x73000 (471040)
1768a8.3754: Resource Dir: 0x71000 LB 0x388
1778a8.3754: ProductName: Avast Antivirus
1788a8.3754: ProductVersion: 10.2.2218.945
1798a8.3754: FileVersion: 10.2.2218.945
1808a8.3754: FileDescription: avast! self protection module
1818a8.3754: \SystemRoot\System32\drivers\aswStm.sys:
1828a8.3754: CreationTime: 2013-12-31T01:42:01.063451400Z
1838a8.3754: LastWriteTime: 2015-06-09T22:43:55.957415800Z
1848a8.3754: ChangeTime: 2015-06-09T22:44:09.159170900Z
1858a8.3754: FileAttributes: 0x20
1868a8.3754: Size: 0x21848
1878a8.3754: NT Headers: 0x108
1888a8.3754: Timestamp: 0x55364e39
1898a8.3754: Machine: 0x8664 - amd64
1908a8.3754: Timestamp: 0x55364e39
1918a8.3754: Image Version: 6.2
1928a8.3754: SizeOfImage: 0x24000 (147456)
1938a8.3754: Resource Dir: 0x22000 LB 0x368
1948a8.3754: ProductName: Avast Antivirus
1958a8.3754: ProductVersion: 10.2.2218.942
1968a8.3754: FileVersion: 10.2.2218.942
1978a8.3754: FileDescription: Stream Filter
1988a8.3754: \SystemRoot\System32\drivers\aswVmm.sys:
1998a8.3754: CreationTime: 2013-04-15T16:22:20.677062200Z
2008a8.3754: LastWriteTime: 2015-06-09T22:43:55.886411700Z
2018a8.3754: ChangeTime: 2015-06-09T22:44:09.159170900Z
2028a8.3754: FileAttributes: 0x20
2038a8.3754: Size: 0x42778
2048a8.3754: NT Headers: 0xe8
2058a8.3754: Timestamp: 0x55364d7c
2068a8.3754: Machine: 0x8664 - amd64
2078a8.3754: Timestamp: 0x55364d7c
2088a8.3754: Image Version: 6.0
2098a8.3754: SizeOfImage: 0x45000 (282624)
2108a8.3754: Resource Dir: 0x42000 LB 0x478
2118a8.3754: ProductName: Avast Antivirus
2128a8.3754: ProductVersion: 10.2.2218.942
2138a8.3754: FileVersion: 10.2.2218.942
2148a8.3754: SpecialBuild: feb2012
2158a8.3754: PrivateBuild: 0SpecialBuild
2168a8.3754: FileDescription: avast! VM Monitor
2178a8.3754: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
2188a8.3754: CreationTime: 2015-05-20T03:10:58.062661400Z
2198a8.3754: LastWriteTime: 2015-08-05T10:43:45.004742000Z
2208a8.3754: ChangeTime: 2015-08-05T10:43:45.004742000Z
2218a8.3754: FileAttributes: 0x20
2228a8.3754: Size: 0x1bcd8
2238a8.3754: NT Headers: 0xe8
2248a8.3754: Timestamp: 0x552c190f
2258a8.3754: Machine: 0x8664 - amd64
2268a8.3754: Timestamp: 0x552c190f
2278a8.3754: Image Version: 6.1
2288a8.3754: SizeOfImage: 0x21000 (135168)
2298a8.3754: Resource Dir: 0x1f000 LB 0x3f0
2308a8.3754: ProductName: Malwarebytes Anti-Malware
2318a8.3754: ProductVersion: 0.2.22.0
2328a8.3754: FileVersion: 0.2.22.0
2338a8.3754: FileDescription: Malwarebytes Anti-Malware
2348a8.3754: \SystemRoot\System32\drivers\mwac.sys:
2358a8.3754: CreationTime: 2015-05-20T03:10:46.558003300Z
2368a8.3754: LastWriteTime: 2015-06-18T12:41:56.000000000Z
2378a8.3754: ChangeTime: 2015-06-24T01:09:54.087924600Z
2388a8.3754: FileAttributes: 0x20
2398a8.3754: Size: 0xf8d8
2408a8.3754: NT Headers: 0xf8
2418a8.3754: Timestamp: 0x53a0f42a
2428a8.3754: Machine: 0x8664 - amd64
2438a8.3754: Timestamp: 0x53a0f42a
2448a8.3754: Image Version: 6.2
2458a8.3754: SizeOfImage: 0x12000 (73728)
2468a8.3754: Resource Dir: 0x10000 LB 0x3e0
2478a8.3754: ProductName: Malwarebytes Web Access Control
2488a8.3754: ProductVersion: 1.0.6.0
2498a8.3754: FileVersion: 1.0.6.0
2508a8.3754: FileDescription: Malwarebytes Web Access Control
2518a8.3754: \SystemRoot\System32\drivers\mbamchameleon.sys:
2528a8.3754: CreationTime: 2015-05-20T03:10:46.577004400Z
2538a8.3754: LastWriteTime: 2015-06-18T12:41:44.000000000Z
2548a8.3754: ChangeTime: 2015-06-24T01:09:54.099925300Z
2558a8.3754: FileAttributes: 0x20
2568a8.3754: Size: 0x1aad8
2578a8.3754: NT Headers: 0xd8
2588a8.3754: Timestamp: 0x554cf757
2598a8.3754: Machine: 0x8664 - amd64
2608a8.3754: Timestamp: 0x554cf757
2618a8.3754: Image Version: 6.1
2628a8.3754: SizeOfImage: 0x1e000 (122880)
2638a8.3754: Resource Dir: 0x1c000 LB 0xbd8
2648a8.3754: ProductName: Malwarebytes Chameleon
2658a8.3754: ProductVersion: 1.1.20.0
2668a8.3754: FileVersion: 1.1.20.0
2678a8.3754: FileDescription: Malwarebytes Chameleon Protection Driver
2688a8.3754: \SystemRoot\System32\drivers\mbam.sys:
2698a8.3754: CreationTime: 2013-08-24T04:55:45.513387400Z
2708a8.3754: LastWriteTime: 2015-06-18T12:41:40.000000000Z
2718a8.3754: ChangeTime: 2015-06-24T01:09:54.079924100Z
2728a8.3754: FileAttributes: 0x20
2738a8.3754: Size: 0x64d8
2748a8.3754: NT Headers: 0xd8
2758a8.3754: Timestamp: 0x540754e1
2768a8.3754: Machine: 0x8664 - amd64
2778a8.3754: Timestamp: 0x540754e1
2788a8.3754: Image Version: 6.1
2798a8.3754: SizeOfImage: 0xa000 (40960)
2808a8.3754: Resource Dir: 0x8000 LB 0x3d0
2818a8.3754: ProductName: Malwarebytes Anti-Malware
2828a8.3754: ProductVersion: 0.1.15.0
2838a8.3754: FileVersion: 0.1.15.0
2848a8.3754: FileDescription: Malwarebytes Anti-Malware
2858a8.3754: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2868a8.3754: Calling main()
2878a8.3754: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2888a8.3754: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2898a8.3754: SUPR3HardenedMain: Respawn #1
2908a8.3754: System32: \Device\HarddiskVolume2\Windows\System32
2918a8.3754: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2928a8.3754: KnownDllPath: C:\Windows\system32
2938a8.3754: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2948a8.3754: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2958a8.3754: supR3HardNtEnableThreadCreation:
2968a8.3754: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770cb780 pvNtTerminateThread=00000000770ee0e0
2978a8.3754: supR3HardenedWinDoReSpawn(1): New child 3c78.1dc8 [kernel32].
2988a8.3754: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
2998a8.3754: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770a0000 uNtDllChildAddr=00000000770a0000
3008a8.3754: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770cb780
3018a8.3754: supR3HardenedWinSetupChildInit: Start child.
3028a8.3754: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 4 ms.
3038a8.3754: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
3048a8.3754: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3058a8.3754: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3068a8.3754: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3078a8.3754: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3088a8.3754: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3098a8.3754: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3108a8.3754: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
3118a8.3754: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
3128a8.3754: 0000000000051000-fffffffffffe1fff 0x0001/0x0000 0x0000000
3138a8.3754: *00000000000c0000-fffffffffffc3fff 0x0000/0x0004 0x0020000
3148a8.3754: 00000000001bc000-00000000001b8fff 0x0104/0x0004 0x0020000
3158a8.3754: 00000000001bf000-00000000001bdfff 0x0004/0x0004 0x0020000
3168a8.3754: 00000000001c0000-ffffffff892dffff 0x0001/0x0000 0x0000000
3178a8.3754: *00000000770a0000-00000000770a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3188a8.3754: 00000000770a1000-000000007719efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3198a8.3754: 000000007719f000-00000000771cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3208a8.3754: 00000000771ce000-00000000771d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3218a8.3754: 00000000771d6000-00000000771d6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3228a8.3754: 00000000771d7000-00000000771d9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3238a8.3754: 00000000771da000-0000000077248fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3248a8.3754: 0000000077249000-000000006f4b1fff 0x0001/0x0000 0x0000000
3258a8.3754: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
3268a8.3754: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3278a8.3754: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3288a8.3754: 000000007fff0000-ffffffffc0c1ffff 0x0001/0x0000 0x0000000
3298a8.3754: *000000013f3c0000-000000013f3c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3308a8.3754: 000000013f3c1000-000000013f446fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3318a8.3754: 000000013f447000-000000013f447fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3328a8.3754: 000000013f448000-000000013f491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3338a8.3754: 000000013f492000-000000013f492fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3348a8.3754: 000000013f493000-000000013f493fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3358a8.3754: 000000013f494000-000000013f495fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3368a8.3754: 000000013f496000-000000013f496fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3378a8.3754: 000000013f497000-000000013f497fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3388a8.3754: 000000013f498000-000000013f49bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3398a8.3754: 000000013f49c000-000000013f4e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3408a8.3754: 000000013f4e6000-fffff8037f60bfff 0x0001/0x0000 0x0000000
3418a8.3754: *000007feff3c0000-000007feff3c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
3428a8.3754: 000007feff3c1000-000007fdfe7d1fff 0x0001/0x0000 0x0000000
3438a8.3754: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
3448a8.3754: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
3458a8.3754: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
3468a8.3754: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
3478a8.3754: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3488a8.3754: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
3498a8.3754: VirtualBox.exe: timestamp 0x559e485f (rc=VINF_SUCCESS)
3508a8.3754: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3518a8.3754: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
3528a8.3754: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3538a8.3754: supR3HardNtChildPurify: Done after 557 ms and 0 fixes (loop #0).
3543c78.1dc8: Log file opened: 5.0.0r101573 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
3553c78.1dc8: supR3HardenedVmProcessInit: uNtDllAddr=00000000770a0000
3568a8.3754: supR3HardNtEnableThreadCreation:
3573c78.1dc8: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
3583c78.1dc8: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1740800 allocation)
3593c78.1dc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3603c78.1dc8: System32: \Device\HarddiskVolume2\Windows\System32
3613c78.1dc8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
3623c78.1dc8: KnownDllPath: C:\Windows\system32
3633c78.1dc8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3643c78.1dc8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3653c78.1dc8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3663c78.1dc8: Registered Dll notification callback with NTDLL.
3673c78.1dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3683c78.1dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3693c78.1dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3703c78.1dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3713c78.1dc8: supR3HardenedDllNotificationCallback: load 0000000076e80000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
3723c78.1dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3733c78.1dc8: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3743c78.1dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3753c78.1dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3763c78.1dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32\kernel32.dll'
3773c78.1dc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770cb780 pvNtTerminateThread=00000000770ee0e0
3788a8.3754: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 18 ms.
3793c78.1dc8: \SystemRoot\System32\ntdll.dll:
3803c78.1dc8: CreationTime: 2015-06-10T11:29:53.119585000Z
3813c78.1dc8: LastWriteTime: 2015-05-25T18:21:21.289963400Z
3823c78.1dc8: ChangeTime: 2015-07-06T10:05:04.528665800Z
3833c78.1dc8: FileAttributes: 0x20
3843c78.1dc8: Size: 0x1a61c0
3853c78.1dc8: NT Headers: 0xe0
3863c78.1dc8: Timestamp: 0x556366f2
3873c78.1dc8: Machine: 0x8664 - amd64
3883c78.1dc8: Timestamp: 0x556366f2
3893c78.1dc8: Image Version: 6.1
3903c78.1dc8: SizeOfImage: 0x1a9000 (1740800)
3913c78.1dc8: Resource Dir: 0x14d000 LB 0x5a028
3923c78.1dc8: ProductName: Microsoft® Windows® Operating System
3933c78.1dc8: ProductVersion: 6.1.7601.18869
3943c78.1dc8: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
3953c78.1dc8: FileDescription: NT Layer DLL
3963c78.1dc8: \SystemRoot\System32\kernel32.dll:
3973c78.1dc8: CreationTime: 2015-06-10T11:29:51.990441600Z
3983c78.1dc8: LastWriteTime: 2015-05-25T18:19:02.585000000Z
3993c78.1dc8: ChangeTime: 2015-07-06T10:05:10.394276100Z
4003c78.1dc8: FileAttributes: 0x20
4013c78.1dc8: Size: 0x11be00
4023c78.1dc8: NT Headers: 0xe8
4033c78.1dc8: Timestamp: 0x556366fc
4043c78.1dc8: Machine: 0x8664 - amd64
4053c78.1dc8: Timestamp: 0x556366fc
4063c78.1dc8: Image Version: 6.1
4073c78.1dc8: SizeOfImage: 0x11f000 (1175552)
4083c78.1dc8: Resource Dir: 0x116000 LB 0x528
4093c78.1dc8: ProductName: Microsoft® Windows® Operating System
4103c78.1dc8: ProductVersion: 6.1.7601.18869
4113c78.1dc8: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
4123c78.1dc8: FileDescription: Windows NT BASE API Client DLL
4133c78.1dc8: \SystemRoot\System32\KernelBase.dll:
4143c78.1dc8: CreationTime: 2015-06-10T11:29:51.861925300Z
4153c78.1dc8: LastWriteTime: 2015-05-25T18:19:02.585000000Z
4163c78.1dc8: ChangeTime: 2015-07-06T10:05:10.519076300Z
4173c78.1dc8: FileAttributes: 0x20
4183c78.1dc8: Size: 0x67c00
4193c78.1dc8: NT Headers: 0xe8
4203c78.1dc8: Timestamp: 0x556366fd
4213c78.1dc8: Machine: 0x8664 - amd64
4223c78.1dc8: Timestamp: 0x556366fd
4233c78.1dc8: Image Version: 6.1
4243c78.1dc8: SizeOfImage: 0x6c000 (442368)
4253c78.1dc8: Resource Dir: 0x6a000 LB 0x530
4263c78.1dc8: ProductName: Microsoft® Windows® Operating System
4273c78.1dc8: ProductVersion: 6.1.7601.18869
4283c78.1dc8: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
4293c78.1dc8: FileDescription: Windows NT BASE API Client DLL
4303c78.1dc8: \SystemRoot\System32\apisetschema.dll:
4313c78.1dc8: CreationTime: 2015-06-10T11:29:49.545131100Z
4323c78.1dc8: LastWriteTime: 2015-05-25T18:11:40.254000000Z
4333c78.1dc8: ChangeTime: 2015-07-06T10:05:04.263465300Z
4343c78.1dc8: FileAttributes: 0x20
4353c78.1dc8: Size: 0x1a00
4363c78.1dc8: NT Headers: 0xc0
4373c78.1dc8: Timestamp: 0x55636622
4383c78.1dc8: Machine: 0x8664 - amd64
4393c78.1dc8: Timestamp: 0x55636622
4403c78.1dc8: Image Version: 6.1
4413c78.1dc8: SizeOfImage: 0x50000 (327680)
4423c78.1dc8: Resource Dir: 0x30000 LB 0x3f8
4433c78.1dc8: ProductName: Microsoft® Windows® Operating System
4443c78.1dc8: ProductVersion: 6.1.7601.18869
4453c78.1dc8: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
4463c78.1dc8: FileDescription: ApiSet Schema DLL
4473c78.1dc8: Found driver aswVmm (0x4)
4483c78.1dc8: Found driver aswHwid (0x4)
4493c78.1dc8: Found driver aswStm (0x4)
4503c78.1dc8: Found driver aswRvrt (0x4)
4513c78.1dc8: supR3HardenedWinFindAdversaries: 0x84
4523c78.1dc8: \SystemRoot\System32\drivers\aswHwid.sys:
4533c78.1dc8: CreationTime: 2014-06-24T02:04:08.156565200Z
4543c78.1dc8: LastWriteTime: 2015-06-09T22:43:55.772405200Z
4553c78.1dc8: ChangeTime: 2015-06-09T22:44:09.156170700Z
4563c78.1dc8: FileAttributes: 0x20
4573c78.1dc8: Size: 0x71f0
4583c78.1dc8: NT Headers: 0xe8
4593c78.1dc8: Timestamp: 0x55364a20
4603c78.1dc8: Machine: 0x8664 - amd64
4613c78.1dc8: Timestamp: 0x55364a20
4623c78.1dc8: Image Version: 6.0
4633c78.1dc8: SizeOfImage: 0xa000 (40960)
4643c78.1dc8: Resource Dir: 0x8000 LB 0x470
4653c78.1dc8: ProductName: Avast Antivirus
4663c78.1dc8: ProductVersion: 10.2.2218.942
4673c78.1dc8: FileVersion: 10.2.2218.942
4683c78.1dc8: SpecialBuild: feb2012
4693c78.1dc8: PrivateBuild: 0SpecialBuild
4703c78.1dc8: FileDescription: avast! HWID
4713c78.1dc8: \SystemRoot\System32\drivers\aswMonFlt.sys:
4723c78.1dc8: CreationTime: 2012-07-01T13:56:44.589062100Z
4733c78.1dc8: LastWriteTime: 2015-06-09T22:43:55.783405800Z
4743c78.1dc8: ChangeTime: 2015-06-09T22:44:09.157170800Z
4753c78.1dc8: FileAttributes: 0x20
4763c78.1dc8: Size: 0x15f58
4773c78.1dc8: NT Headers: 0xd8
4783c78.1dc8: Timestamp: 0x55364a04
4793c78.1dc8: Machine: 0x8664 - amd64
4803c78.1dc8: Timestamp: 0x55364a04
4813c78.1dc8: Image Version: 6.0
4823c78.1dc8: SizeOfImage: 0x24000 (147456)
4833c78.1dc8: Resource Dir: 0x22000 LB 0x3c8
4843c78.1dc8: ProductName: Avast Antivirus
4853c78.1dc8: ProductVersion: 10.2.2218.942
4863c78.1dc8: FileVersion: 10.2.2218.942
4873c78.1dc8: FileDescription: avast! File System Minifilter for Windows 2003/Vista
4883c78.1dc8: \SystemRoot\System32\drivers\aswRdr2.sys:
4893c78.1dc8: CreationTime: 2012-07-01T13:56:45.899464400Z
4903c78.1dc8: LastWriteTime: 2015-06-09T22:43:55.167370600Z
4913c78.1dc8: ChangeTime: 2015-06-09T22:44:09.158170800Z
4923c78.1dc8: FileAttributes: 0x20
4933c78.1dc8: Size: 0x16d58
4943c78.1dc8: NT Headers: 0xf0
4953c78.1dc8: Timestamp: 0x55364a2b
4963c78.1dc8: Machine: 0x8664 - amd64
4973c78.1dc8: Timestamp: 0x55364a2b
4983c78.1dc8: Image Version: 6.1
4993c78.1dc8: SizeOfImage: 0x1a000 (106496)
5003c78.1dc8: Resource Dir: 0x18000 LB 0x3b0
5013c78.1dc8: ProductName: Avast Antivirus
5023c78.1dc8: ProductVersion: 10.2.2218.942
5033c78.1dc8: FileVersion: 10.2.2218.942 built by: WinDDK
5043c78.1dc8: FileDescription: avast! WFP Redirect Driver
5053c78.1dc8: \SystemRoot\System32\drivers\aswRvrt.sys:
5063c78.1dc8: CreationTime: 2013-04-15T16:22:20.635059800Z
5073c78.1dc8: LastWriteTime: 2015-06-09T22:43:55.803407000Z
5083c78.1dc8: ChangeTime: 2015-06-09T22:44:09.158170800Z
5093c78.1dc8: FileAttributes: 0x20
5103c78.1dc8: Size: 0x100c8
5113c78.1dc8: NT Headers: 0xf8
5123c78.1dc8: Timestamp: 0x55364a0b
5133c78.1dc8: Machine: 0x8664 - amd64
5143c78.1dc8: Timestamp: 0x55364a0b
5153c78.1dc8: Image Version: 6.0
5163c78.1dc8: SizeOfImage: 0x13000 (77824)
5173c78.1dc8: Resource Dir: 0x11000 LB 0x470
5183c78.1dc8: ProductName: Avast Antivirus
5193c78.1dc8: ProductVersion: 10.2.2218.942
5203c78.1dc8: FileVersion: 10.2.2218.942
5213c78.1dc8: SpecialBuild: feb2012
5223c78.1dc8: PrivateBuild: 0SpecialBuild
5233c78.1dc8: FileDescription: avast! Revert
5243c78.1dc8: \SystemRoot\System32\drivers\aswSnx.sys:
5253c78.1dc8: CreationTime: 2012-07-01T13:56:45.431463500Z
5263c78.1dc8: LastWriteTime: 2015-06-09T22:43:18.941298600Z
5273c78.1dc8: ChangeTime: 2015-06-09T22:44:09.158170800Z
5283c78.1dc8: FileAttributes: 0x20
5293c78.1dc8: Size: 0xffb18
5303c78.1dc8: NT Headers: 0xf0
5313c78.1dc8: Timestamp: 0x55364a30
5323c78.1dc8: Machine: 0x8664 - amd64
5333c78.1dc8: Timestamp: 0x55364a30
5343c78.1dc8: Image Version: 6.0
5353c78.1dc8: SizeOfImage: 0x104000 (1064960)
5363c78.1dc8: Resource Dir: 0xfc000 LB 0x390
5373c78.1dc8: ProductName: Avast Antivirus
5383c78.1dc8: ProductVersion: 10.2.2218.942
5393c78.1dc8: FileVersion: 10.2.2218.942
5403c78.1dc8: FileDescription: avast! Virtualization Driver
5413c78.1dc8: \SystemRoot\System32\drivers\aswsp.sys:
5423c78.1dc8: CreationTime: 2012-07-01T13:56:47.147466600Z
5433c78.1dc8: LastWriteTime: 2015-06-26T22:44:28.488231300Z
5443c78.1dc8: ChangeTime: 2015-06-26T22:44:28.488231300Z
5453c78.1dc8: FileAttributes: 0x20
5463c78.1dc8: Size: 0x6bf98
5473c78.1dc8: NT Headers: 0xf0
5483c78.1dc8: Timestamp: 0x558d01d0
5493c78.1dc8: Machine: 0x8664 - amd64
5503c78.1dc8: Timestamp: 0x558d01d0
5513c78.1dc8: Image Version: 6.0
5523c78.1dc8: SizeOfImage: 0x73000 (471040)
5533c78.1dc8: Resource Dir: 0x71000 LB 0x388
5543c78.1dc8: ProductName: Avast Antivirus
5553c78.1dc8: ProductVersion: 10.2.2218.945
5563c78.1dc8: FileVersion: 10.2.2218.945
5573c78.1dc8: FileDescription: avast! self protection module
5583c78.1dc8: \SystemRoot\System32\drivers\aswStm.sys:
5593c78.1dc8: CreationTime: 2013-12-31T01:42:01.063451400Z
5603c78.1dc8: LastWriteTime: 2015-06-09T22:43:55.957415800Z
5613c78.1dc8: ChangeTime: 2015-06-09T22:44:09.159170900Z
5623c78.1dc8: FileAttributes: 0x20
5633c78.1dc8: Size: 0x21848
5643c78.1dc8: NT Headers: 0x108
5653c78.1dc8: Timestamp: 0x55364e39
5663c78.1dc8: Machine: 0x8664 - amd64
5673c78.1dc8: Timestamp: 0x55364e39
5683c78.1dc8: Image Version: 6.2
5693c78.1dc8: SizeOfImage: 0x24000 (147456)
5703c78.1dc8: Resource Dir: 0x22000 LB 0x368
5713c78.1dc8: ProductName: Avast Antivirus
5723c78.1dc8: ProductVersion: 10.2.2218.942
5733c78.1dc8: FileVersion: 10.2.2218.942
5743c78.1dc8: FileDescription: Stream Filter
5753c78.1dc8: \SystemRoot\System32\drivers\aswVmm.sys:
5763c78.1dc8: CreationTime: 2013-04-15T16:22:20.677062200Z
5773c78.1dc8: LastWriteTime: 2015-06-09T22:43:55.886411700Z
5783c78.1dc8: ChangeTime: 2015-06-09T22:44:09.159170900Z
5793c78.1dc8: FileAttributes: 0x20
5803c78.1dc8: Size: 0x42778
5813c78.1dc8: NT Headers: 0xe8
5823c78.1dc8: Timestamp: 0x55364d7c
5833c78.1dc8: Machine: 0x8664 - amd64
5843c78.1dc8: Timestamp: 0x55364d7c
5853c78.1dc8: Image Version: 6.0
5863c78.1dc8: SizeOfImage: 0x45000 (282624)
5873c78.1dc8: Resource Dir: 0x42000 LB 0x478
5883c78.1dc8: ProductName: Avast Antivirus
5893c78.1dc8: ProductVersion: 10.2.2218.942
5903c78.1dc8: FileVersion: 10.2.2218.942
5913c78.1dc8: SpecialBuild: feb2012
5923c78.1dc8: PrivateBuild: 0SpecialBuild
5933c78.1dc8: FileDescription: avast! VM Monitor
5943c78.1dc8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
5953c78.1dc8: CreationTime: 2015-05-20T03:10:58.062661400Z
5963c78.1dc8: LastWriteTime: 2015-08-05T10:43:45.004742000Z
5973c78.1dc8: ChangeTime: 2015-08-05T10:43:45.004742000Z
5983c78.1dc8: FileAttributes: 0x20
5993c78.1dc8: Size: 0x1bcd8
6003c78.1dc8: NT Headers: 0xe8
6013c78.1dc8: Timestamp: 0x552c190f
6023c78.1dc8: Machine: 0x8664 - amd64
6033c78.1dc8: Timestamp: 0x552c190f
6043c78.1dc8: Image Version: 6.1
6053c78.1dc8: SizeOfImage: 0x21000 (135168)
6063c78.1dc8: Resource Dir: 0x1f000 LB 0x3f0
6073c78.1dc8: ProductName: Malwarebytes Anti-Malware
6083c78.1dc8: ProductVersion: 0.2.22.0
6093c78.1dc8: FileVersion: 0.2.22.0
6103c78.1dc8: FileDescription: Malwarebytes Anti-Malware
6113c78.1dc8: \SystemRoot\System32\drivers\mwac.sys:
6123c78.1dc8: CreationTime: 2015-05-20T03:10:46.558003300Z
6133c78.1dc8: LastWriteTime: 2015-06-18T12:41:56.000000000Z
6143c78.1dc8: ChangeTime: 2015-06-24T01:09:54.087924600Z
6153c78.1dc8: FileAttributes: 0x20
6163c78.1dc8: Size: 0xf8d8
6173c78.1dc8: NT Headers: 0xf8
6183c78.1dc8: Timestamp: 0x53a0f42a
6193c78.1dc8: Machine: 0x8664 - amd64
6203c78.1dc8: Timestamp: 0x53a0f42a
6213c78.1dc8: Image Version: 6.2
6223c78.1dc8: SizeOfImage: 0x12000 (73728)
6233c78.1dc8: Resource Dir: 0x10000 LB 0x3e0
6243c78.1dc8: ProductName: Malwarebytes Web Access Control
6253c78.1dc8: ProductVersion: 1.0.6.0
6263c78.1dc8: FileVersion: 1.0.6.0
6273c78.1dc8: FileDescription: Malwarebytes Web Access Control
6283c78.1dc8: \SystemRoot\System32\drivers\mbamchameleon.sys:
6293c78.1dc8: CreationTime: 2015-05-20T03:10:46.577004400Z
6303c78.1dc8: LastWriteTime: 2015-06-18T12:41:44.000000000Z
6313c78.1dc8: ChangeTime: 2015-06-24T01:09:54.099925300Z
6323c78.1dc8: FileAttributes: 0x20
6333c78.1dc8: Size: 0x1aad8
6343c78.1dc8: NT Headers: 0xd8
6353c78.1dc8: Timestamp: 0x554cf757
6363c78.1dc8: Machine: 0x8664 - amd64
6373c78.1dc8: Timestamp: 0x554cf757
6383c78.1dc8: Image Version: 6.1
6393c78.1dc8: SizeOfImage: 0x1e000 (122880)
6403c78.1dc8: Resource Dir: 0x1c000 LB 0xbd8
6413c78.1dc8: ProductName: Malwarebytes Chameleon
6423c78.1dc8: ProductVersion: 1.1.20.0
6433c78.1dc8: FileVersion: 1.1.20.0
6443c78.1dc8: FileDescription: Malwarebytes Chameleon Protection Driver
6453c78.1dc8: \SystemRoot\System32\drivers\mbam.sys:
6463c78.1dc8: CreationTime: 2013-08-24T04:55:45.513387400Z
6473c78.1dc8: LastWriteTime: 2015-06-18T12:41:40.000000000Z
6483c78.1dc8: ChangeTime: 2015-06-24T01:09:54.079924100Z
6493c78.1dc8: FileAttributes: 0x20
6503c78.1dc8: Size: 0x64d8
6513c78.1dc8: NT Headers: 0xd8
6523c78.1dc8: Timestamp: 0x540754e1
6533c78.1dc8: Machine: 0x8664 - amd64
6543c78.1dc8: Timestamp: 0x540754e1
6553c78.1dc8: Image Version: 6.1
6563c78.1dc8: SizeOfImage: 0xa000 (40960)
6573c78.1dc8: Resource Dir: 0x8000 LB 0x3d0
6583c78.1dc8: ProductName: Malwarebytes Anti-Malware
6593c78.1dc8: ProductVersion: 0.1.15.0
6603c78.1dc8: FileVersion: 0.1.15.0
6613c78.1dc8: FileDescription: Malwarebytes Anti-Malware
6623c78.1dc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6633c78.1dc8: Calling main()
6643c78.1dc8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
6653c78.1dc8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6663c78.1dc8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6673c78.1dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6683c78.1dc8: SUPR3HardenedMain: Respawn #2
6693c78.1dc8: supR3HardNtEnableThreadCreation:
6703c78.1dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
6713c78.1dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
6723c78.1dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
6733c78.1dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
6743c78.1dc8: supR3HardenedDllNotificationCallback: load 000007fefcc00000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
6753c78.1dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
6763c78.1dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\apphelp.dll'
6773c78.1dc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770cb780 pvNtTerminateThread=00000000770ee0e0
6783c78.1dc8: supR3HardenedWinDoReSpawn(2): New child 3e98.2c60 [kernel32].
6793c78.1dc8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
6803c78.1dc8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770a0000 uNtDllChildAddr=00000000770a0000
6813c78.1dc8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770cb780
6823c78.1dc8: supR3HardenedWinSetupChildInit: Start child.
6833c78.1dc8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 4 ms.
6843c78.1dc8: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
6853c78.1dc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6863c78.1dc8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
6873c78.1dc8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
6883c78.1dc8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
6893c78.1dc8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
6903c78.1dc8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
6913c78.1dc8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
6923c78.1dc8: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
6933c78.1dc8: 0000000000051000-fffffffffff81fff 0x0001/0x0000 0x0000000
6943c78.1dc8: *0000000000120000-0000000000023fff 0x0000/0x0004 0x0020000
6953c78.1dc8: 000000000021c000-0000000000218fff 0x0104/0x0004 0x0020000
6963c78.1dc8: 000000000021f000-000000000021dfff 0x0004/0x0004 0x0020000
6973c78.1dc8: 0000000000220000-ffffffff8939ffff 0x0001/0x0000 0x0000000
6983c78.1dc8: *00000000770a0000-00000000770a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6993c78.1dc8: 00000000770a1000-000000007719efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7003c78.1dc8: 000000007719f000-00000000771cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7013c78.1dc8: 00000000771ce000-00000000771d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7023c78.1dc8: 00000000771d6000-00000000771d6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7033c78.1dc8: 00000000771d7000-00000000771d9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7043c78.1dc8: 00000000771da000-0000000077248fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7053c78.1dc8: 0000000077249000-000000006f4b1fff 0x0001/0x0000 0x0000000
7063c78.1dc8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
7073c78.1dc8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
7083c78.1dc8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
7093c78.1dc8: 000000007fff0000-ffffffffc0c1ffff 0x0001/0x0000 0x0000000
7103c78.1dc8: *000000013f3c0000-000000013f3c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7113c78.1dc8: 000000013f3c1000-000000013f446fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7123c78.1dc8: 000000013f447000-000000013f447fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7133c78.1dc8: 000000013f448000-000000013f491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7143c78.1dc8: 000000013f492000-000000013f492fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7153c78.1dc8: 000000013f493000-000000013f493fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7163c78.1dc8: 000000013f494000-000000013f495fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7173c78.1dc8: 000000013f496000-000000013f496fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7183c78.1dc8: 000000013f497000-000000013f497fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7193c78.1dc8: 000000013f498000-000000013f49bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7203c78.1dc8: 000000013f49c000-000000013f4e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7213c78.1dc8: 000000013f4e6000-fffff8037f60bfff 0x0001/0x0000 0x0000000
7223c78.1dc8: *000007feff3c0000-000007feff3c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
7233c78.1dc8: 000007feff3c1000-000007fdfe7d1fff 0x0001/0x0000 0x0000000
7243c78.1dc8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
7253c78.1dc8: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
7263c78.1dc8: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
7273c78.1dc8: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
7283c78.1dc8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
7293c78.1dc8: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
7303c78.1dc8: VirtualBox.exe: timestamp 0x559e485f (rc=VINF_SUCCESS)
7313c78.1dc8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7323c78.1dc8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
7333c78.1dc8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
7343c78.1dc8: supR3HardNtChildPurify: Done after 555 ms and 0 fixes (loop #0).
7353e98.2c60: Log file opened: 5.0.0r101573 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
7363e98.2c60: supR3HardenedVmProcessInit: uNtDllAddr=00000000770a0000
7373c78.1dc8: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002c0000 LB 0x400000)
7383c78.1dc8: supR3HardNtEnableThreadCreation:
7393e98.2c60: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
7403e98.2c60: New simple heap: #1 0000000000320000 LB 0x400000 (for 1740800 allocation)
7413e98.2c60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7423e98.2c60: System32: \Device\HarddiskVolume2\Windows\System32
7433e98.2c60: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
7443e98.2c60: KnownDllPath: C:\Windows\system32
7453e98.2c60: supR3HardenedVmProcessInit: Opening vboxdrv...
7463e98.2c60: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7473e98.2c60: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7483e98.2c60: Registered Dll notification callback with NTDLL.
7493e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
7503e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
7513e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
7523e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7533e98.2c60: supR3HardenedDllNotificationCallback: load 0000000076e80000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
7543e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7553e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
7563e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
7573e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
7583e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32\kernel32.dll'
7593e98.2c60: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770cb780 pvNtTerminateThread=00000000770ee0e0
7603c78.1dc8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 26 ms.
7613e98.2c60: \SystemRoot\System32\ntdll.dll:
7623e98.2c60: CreationTime: 2015-06-10T11:29:53.119585000Z
7633e98.2c60: LastWriteTime: 2015-05-25T18:21:21.289963400Z
7643e98.2c60: ChangeTime: 2015-07-06T10:05:04.528665800Z
7653e98.2c60: FileAttributes: 0x20
7663e98.2c60: Size: 0x1a61c0
7673e98.2c60: NT Headers: 0xe0
7683e98.2c60: Timestamp: 0x556366f2
7693e98.2c60: Machine: 0x8664 - amd64
7703e98.2c60: Timestamp: 0x556366f2
7713e98.2c60: Image Version: 6.1
7723e98.2c60: SizeOfImage: 0x1a9000 (1740800)
7733e98.2c60: Resource Dir: 0x14d000 LB 0x5a028
7743e98.2c60: ProductName: Microsoft® Windows® Operating System
7753e98.2c60: ProductVersion: 6.1.7601.18869
7763e98.2c60: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
7773e98.2c60: FileDescription: NT Layer DLL
7783e98.2c60: \SystemRoot\System32\kernel32.dll:
7793e98.2c60: CreationTime: 2015-06-10T11:29:51.990441600Z
7803e98.2c60: LastWriteTime: 2015-05-25T18:19:02.585000000Z
7813e98.2c60: ChangeTime: 2015-07-06T10:05:10.394276100Z
7823e98.2c60: FileAttributes: 0x20
7833e98.2c60: Size: 0x11be00
7843e98.2c60: NT Headers: 0xe8
7853e98.2c60: Timestamp: 0x556366fc
7863e98.2c60: Machine: 0x8664 - amd64
7873e98.2c60: Timestamp: 0x556366fc
7883e98.2c60: Image Version: 6.1
7893e98.2c60: SizeOfImage: 0x11f000 (1175552)
7903e98.2c60: Resource Dir: 0x116000 LB 0x528
7913e98.2c60: ProductName: Microsoft® Windows® Operating System
7923e98.2c60: ProductVersion: 6.1.7601.18869
7933e98.2c60: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
7943e98.2c60: FileDescription: Windows NT BASE API Client DLL
7953e98.2c60: \SystemRoot\System32\KernelBase.dll:
7963e98.2c60: CreationTime: 2015-06-10T11:29:51.861925300Z
7973e98.2c60: LastWriteTime: 2015-05-25T18:19:02.585000000Z
7983e98.2c60: ChangeTime: 2015-07-06T10:05:10.519076300Z
7993e98.2c60: FileAttributes: 0x20
8003e98.2c60: Size: 0x67c00
8013e98.2c60: NT Headers: 0xe8
8023e98.2c60: Timestamp: 0x556366fd
8033e98.2c60: Machine: 0x8664 - amd64
8043e98.2c60: Timestamp: 0x556366fd
8053e98.2c60: Image Version: 6.1
8063e98.2c60: SizeOfImage: 0x6c000 (442368)
8073e98.2c60: Resource Dir: 0x6a000 LB 0x530
8083e98.2c60: ProductName: Microsoft® Windows® Operating System
8093e98.2c60: ProductVersion: 6.1.7601.18869
8103e98.2c60: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
8113e98.2c60: FileDescription: Windows NT BASE API Client DLL
8123e98.2c60: \SystemRoot\System32\apisetschema.dll:
8133e98.2c60: CreationTime: 2015-06-10T11:29:49.545131100Z
8143e98.2c60: LastWriteTime: 2015-05-25T18:11:40.254000000Z
8153e98.2c60: ChangeTime: 2015-07-06T10:05:04.263465300Z
8163e98.2c60: FileAttributes: 0x20
8173e98.2c60: Size: 0x1a00
8183e98.2c60: NT Headers: 0xc0
8193e98.2c60: Timestamp: 0x55636622
8203e98.2c60: Machine: 0x8664 - amd64
8213e98.2c60: Timestamp: 0x55636622
8223e98.2c60: Image Version: 6.1
8233e98.2c60: SizeOfImage: 0x50000 (327680)
8243e98.2c60: Resource Dir: 0x30000 LB 0x3f8
8253e98.2c60: ProductName: Microsoft® Windows® Operating System
8263e98.2c60: ProductVersion: 6.1.7601.18869
8273e98.2c60: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
8283e98.2c60: FileDescription: ApiSet Schema DLL
8293e98.2c60: Found driver aswVmm (0x4)
8303e98.2c60: Found driver aswHwid (0x4)
8313e98.2c60: Found driver aswStm (0x4)
8323e98.2c60: Found driver aswRvrt (0x4)
8333e98.2c60: supR3HardenedWinFindAdversaries: 0x84
8343e98.2c60: \SystemRoot\System32\drivers\aswHwid.sys:
8353e98.2c60: CreationTime: 2014-06-24T02:04:08.156565200Z
8363e98.2c60: LastWriteTime: 2015-06-09T22:43:55.772405200Z
8373e98.2c60: ChangeTime: 2015-06-09T22:44:09.156170700Z
8383e98.2c60: FileAttributes: 0x20
8393e98.2c60: Size: 0x71f0
8403e98.2c60: NT Headers: 0xe8
8413e98.2c60: Timestamp: 0x55364a20
8423e98.2c60: Machine: 0x8664 - amd64
8433e98.2c60: Timestamp: 0x55364a20
8443e98.2c60: Image Version: 6.0
8453e98.2c60: SizeOfImage: 0xa000 (40960)
8463e98.2c60: Resource Dir: 0x8000 LB 0x470
8473e98.2c60: ProductName: Avast Antivirus
8483e98.2c60: ProductVersion: 10.2.2218.942
8493e98.2c60: FileVersion: 10.2.2218.942
8503e98.2c60: SpecialBuild: feb2012
8513e98.2c60: PrivateBuild: 0SpecialBuild
8523e98.2c60: FileDescription: avast! HWID
8533e98.2c60: \SystemRoot\System32\drivers\aswMonFlt.sys:
8543e98.2c60: CreationTime: 2012-07-01T13:56:44.589062100Z
8553e98.2c60: LastWriteTime: 2015-06-09T22:43:55.783405800Z
8563e98.2c60: ChangeTime: 2015-06-09T22:44:09.157170800Z
8573e98.2c60: FileAttributes: 0x20
8583e98.2c60: Size: 0x15f58
8593e98.2c60: NT Headers: 0xd8
8603e98.2c60: Timestamp: 0x55364a04
8613e98.2c60: Machine: 0x8664 - amd64
8623e98.2c60: Timestamp: 0x55364a04
8633e98.2c60: Image Version: 6.0
8643e98.2c60: SizeOfImage: 0x24000 (147456)
8653e98.2c60: Resource Dir: 0x22000 LB 0x3c8
8663e98.2c60: ProductName: Avast Antivirus
8673e98.2c60: ProductVersion: 10.2.2218.942
8683e98.2c60: FileVersion: 10.2.2218.942
8693e98.2c60: FileDescription: avast! File System Minifilter for Windows 2003/Vista
8703e98.2c60: \SystemRoot\System32\drivers\aswRdr2.sys:
8713e98.2c60: CreationTime: 2012-07-01T13:56:45.899464400Z
8723e98.2c60: LastWriteTime: 2015-06-09T22:43:55.167370600Z
8733e98.2c60: ChangeTime: 2015-06-09T22:44:09.158170800Z
8743e98.2c60: FileAttributes: 0x20
8753e98.2c60: Size: 0x16d58
8763e98.2c60: NT Headers: 0xf0
8773e98.2c60: Timestamp: 0x55364a2b
8783e98.2c60: Machine: 0x8664 - amd64
8793e98.2c60: Timestamp: 0x55364a2b
8803e98.2c60: Image Version: 6.1
8813e98.2c60: SizeOfImage: 0x1a000 (106496)
8823e98.2c60: Resource Dir: 0x18000 LB 0x3b0
8833e98.2c60: ProductName: Avast Antivirus
8843e98.2c60: ProductVersion: 10.2.2218.942
8853e98.2c60: FileVersion: 10.2.2218.942 built by: WinDDK
8863e98.2c60: FileDescription: avast! WFP Redirect Driver
8873e98.2c60: \SystemRoot\System32\drivers\aswRvrt.sys:
8883e98.2c60: CreationTime: 2013-04-15T16:22:20.635059800Z
8893e98.2c60: LastWriteTime: 2015-06-09T22:43:55.803407000Z
8903e98.2c60: ChangeTime: 2015-06-09T22:44:09.158170800Z
8913e98.2c60: FileAttributes: 0x20
8923e98.2c60: Size: 0x100c8
8933e98.2c60: NT Headers: 0xf8
8943e98.2c60: Timestamp: 0x55364a0b
8953e98.2c60: Machine: 0x8664 - amd64
8963e98.2c60: Timestamp: 0x55364a0b
8973e98.2c60: Image Version: 6.0
8983e98.2c60: SizeOfImage: 0x13000 (77824)
8993e98.2c60: Resource Dir: 0x11000 LB 0x470
9003e98.2c60: ProductName: Avast Antivirus
9013e98.2c60: ProductVersion: 10.2.2218.942
9023e98.2c60: FileVersion: 10.2.2218.942
9033e98.2c60: SpecialBuild: feb2012
9043e98.2c60: PrivateBuild: 0SpecialBuild
9053e98.2c60: FileDescription: avast! Revert
9063e98.2c60: \SystemRoot\System32\drivers\aswSnx.sys:
9073e98.2c60: CreationTime: 2012-07-01T13:56:45.431463500Z
9083e98.2c60: LastWriteTime: 2015-06-09T22:43:18.941298600Z
9093e98.2c60: ChangeTime: 2015-06-09T22:44:09.158170800Z
9103e98.2c60: FileAttributes: 0x20
9113e98.2c60: Size: 0xffb18
9123e98.2c60: NT Headers: 0xf0
9133e98.2c60: Timestamp: 0x55364a30
9143e98.2c60: Machine: 0x8664 - amd64
9153e98.2c60: Timestamp: 0x55364a30
9163e98.2c60: Image Version: 6.0
9173e98.2c60: SizeOfImage: 0x104000 (1064960)
9183e98.2c60: Resource Dir: 0xfc000 LB 0x390
9193e98.2c60: ProductName: Avast Antivirus
9203e98.2c60: ProductVersion: 10.2.2218.942
9213e98.2c60: FileVersion: 10.2.2218.942
9223e98.2c60: FileDescription: avast! Virtualization Driver
9233e98.2c60: \SystemRoot\System32\drivers\aswsp.sys:
9243e98.2c60: CreationTime: 2012-07-01T13:56:47.147466600Z
9253e98.2c60: LastWriteTime: 2015-06-26T22:44:28.488231300Z
9263e98.2c60: ChangeTime: 2015-06-26T22:44:28.488231300Z
9273e98.2c60: FileAttributes: 0x20
9283e98.2c60: Size: 0x6bf98
9293e98.2c60: NT Headers: 0xf0
9303e98.2c60: Timestamp: 0x558d01d0
9313e98.2c60: Machine: 0x8664 - amd64
9323e98.2c60: Timestamp: 0x558d01d0
9333e98.2c60: Image Version: 6.0
9343e98.2c60: SizeOfImage: 0x73000 (471040)
9353e98.2c60: Resource Dir: 0x71000 LB 0x388
9363e98.2c60: ProductName: Avast Antivirus
9373e98.2c60: ProductVersion: 10.2.2218.945
9383e98.2c60: FileVersion: 10.2.2218.945
9393e98.2c60: FileDescription: avast! self protection module
9403e98.2c60: \SystemRoot\System32\drivers\aswStm.sys:
9413e98.2c60: CreationTime: 2013-12-31T01:42:01.063451400Z
9423e98.2c60: LastWriteTime: 2015-06-09T22:43:55.957415800Z
9433e98.2c60: ChangeTime: 2015-06-09T22:44:09.159170900Z
9443e98.2c60: FileAttributes: 0x20
9453e98.2c60: Size: 0x21848
9463e98.2c60: NT Headers: 0x108
9473e98.2c60: Timestamp: 0x55364e39
9483e98.2c60: Machine: 0x8664 - amd64
9493e98.2c60: Timestamp: 0x55364e39
9503e98.2c60: Image Version: 6.2
9513e98.2c60: SizeOfImage: 0x24000 (147456)
9523e98.2c60: Resource Dir: 0x22000 LB 0x368
9533e98.2c60: ProductName: Avast Antivirus
9543e98.2c60: ProductVersion: 10.2.2218.942
9553e98.2c60: FileVersion: 10.2.2218.942
9563e98.2c60: FileDescription: Stream Filter
9573e98.2c60: \SystemRoot\System32\drivers\aswVmm.sys:
9583e98.2c60: CreationTime: 2013-04-15T16:22:20.677062200Z
9593e98.2c60: LastWriteTime: 2015-06-09T22:43:55.886411700Z
9603e98.2c60: ChangeTime: 2015-06-09T22:44:09.159170900Z
9613e98.2c60: FileAttributes: 0x20
9623e98.2c60: Size: 0x42778
9633e98.2c60: NT Headers: 0xe8
9643e98.2c60: Timestamp: 0x55364d7c
9653e98.2c60: Machine: 0x8664 - amd64
9663e98.2c60: Timestamp: 0x55364d7c
9673e98.2c60: Image Version: 6.0
9683e98.2c60: SizeOfImage: 0x45000 (282624)
9693e98.2c60: Resource Dir: 0x42000 LB 0x478
9703e98.2c60: ProductName: Avast Antivirus
9713e98.2c60: ProductVersion: 10.2.2218.942
9723e98.2c60: FileVersion: 10.2.2218.942
9733e98.2c60: SpecialBuild: feb2012
9743e98.2c60: PrivateBuild: 0SpecialBuild
9753e98.2c60: FileDescription: avast! VM Monitor
9763e98.2c60: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
9773e98.2c60: CreationTime: 2015-05-20T03:10:58.062661400Z
9783e98.2c60: LastWriteTime: 2015-08-05T10:43:45.004742000Z
9793e98.2c60: ChangeTime: 2015-08-05T10:43:45.004742000Z
9803e98.2c60: FileAttributes: 0x20
9813e98.2c60: Size: 0x1bcd8
9823e98.2c60: NT Headers: 0xe8
9833e98.2c60: Timestamp: 0x552c190f
9843e98.2c60: Machine: 0x8664 - amd64
9853e98.2c60: Timestamp: 0x552c190f
9863e98.2c60: Image Version: 6.1
9873e98.2c60: SizeOfImage: 0x21000 (135168)
9883e98.2c60: Resource Dir: 0x1f000 LB 0x3f0
9893e98.2c60: ProductName: Malwarebytes Anti-Malware
9903e98.2c60: ProductVersion: 0.2.22.0
9913e98.2c60: FileVersion: 0.2.22.0
9923e98.2c60: FileDescription: Malwarebytes Anti-Malware
9933e98.2c60: \SystemRoot\System32\drivers\mwac.sys:
9943e98.2c60: CreationTime: 2015-05-20T03:10:46.558003300Z
9953e98.2c60: LastWriteTime: 2015-06-18T12:41:56.000000000Z
9963e98.2c60: ChangeTime: 2015-06-24T01:09:54.087924600Z
9973e98.2c60: FileAttributes: 0x20
9983e98.2c60: Size: 0xf8d8
9993e98.2c60: NT Headers: 0xf8
10003e98.2c60: Timestamp: 0x53a0f42a
10013e98.2c60: Machine: 0x8664 - amd64
10023e98.2c60: Timestamp: 0x53a0f42a
10033e98.2c60: Image Version: 6.2
10043e98.2c60: SizeOfImage: 0x12000 (73728)
10053e98.2c60: Resource Dir: 0x10000 LB 0x3e0
10063e98.2c60: ProductName: Malwarebytes Web Access Control
10073e98.2c60: ProductVersion: 1.0.6.0
10083e98.2c60: FileVersion: 1.0.6.0
10093e98.2c60: FileDescription: Malwarebytes Web Access Control
10103e98.2c60: \SystemRoot\System32\drivers\mbamchameleon.sys:
10113e98.2c60: CreationTime: 2015-05-20T03:10:46.577004400Z
10123e98.2c60: LastWriteTime: 2015-06-18T12:41:44.000000000Z
10133e98.2c60: ChangeTime: 2015-06-24T01:09:54.099925300Z
10143e98.2c60: FileAttributes: 0x20
10153e98.2c60: Size: 0x1aad8
10163e98.2c60: NT Headers: 0xd8
10173e98.2c60: Timestamp: 0x554cf757
10183e98.2c60: Machine: 0x8664 - amd64
10193e98.2c60: Timestamp: 0x554cf757
10203e98.2c60: Image Version: 6.1
10213e98.2c60: SizeOfImage: 0x1e000 (122880)
10223e98.2c60: Resource Dir: 0x1c000 LB 0xbd8
10233e98.2c60: ProductName: Malwarebytes Chameleon
10243e98.2c60: ProductVersion: 1.1.20.0
10253e98.2c60: FileVersion: 1.1.20.0
10263e98.2c60: FileDescription: Malwarebytes Chameleon Protection Driver
10273e98.2c60: \SystemRoot\System32\drivers\mbam.sys:
10283e98.2c60: CreationTime: 2013-08-24T04:55:45.513387400Z
10293e98.2c60: LastWriteTime: 2015-06-18T12:41:40.000000000Z
10303e98.2c60: ChangeTime: 2015-06-24T01:09:54.079924100Z
10313e98.2c60: FileAttributes: 0x20
10323e98.2c60: Size: 0x64d8
10333e98.2c60: NT Headers: 0xd8
10343e98.2c60: Timestamp: 0x540754e1
10353e98.2c60: Machine: 0x8664 - amd64
10363e98.2c60: Timestamp: 0x540754e1
10373e98.2c60: Image Version: 6.1
10383e98.2c60: SizeOfImage: 0xa000 (40960)
10393e98.2c60: Resource Dir: 0x8000 LB 0x3d0
10403e98.2c60: ProductName: Malwarebytes Anti-Malware
10413e98.2c60: ProductVersion: 0.1.15.0
10423e98.2c60: FileVersion: 0.1.15.0
10433e98.2c60: FileDescription: Malwarebytes Anti-Malware
10443e98.2c60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
10453e98.2c60: Calling main()
10463e98.2c60: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
10473e98.2c60: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
10483e98.2c60: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
10493e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
10503e98.2c60: SUPR3HardenedMain: Final process, opening VBoxDrv...
10513e98.2c60: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000)
10523e98.2c60: supR3HardNtEnableThreadCreation:
10533e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
10543e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
10553e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a50e0:C:\Windows\system32 [calling]
10563e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10573e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefadb0000 LB 0x00005000 B:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
10583e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10593e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10603e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
10613e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadb0000 'B:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10623e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10633e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
10643e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadb0000 'B:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10653e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadb0000 'B:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10663e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10673e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
10683e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
10693e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
10703e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
10713e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
10723e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10733e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10743e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
10753e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10763e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10773e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10783e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
10793e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
10803e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10813e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10823e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10833e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
10843e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
10853e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10863e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10883e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
10893e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10903e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10913e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10923e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10933e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10943e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10953e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10963e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a50e0:C:\Windows\system32 [calling]
10973e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10983e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefd1b0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
10993e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11003e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefdb60000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
11013e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11023e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefce70000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
11033e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11043e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
11053e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11063e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefe230000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
11073e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11083e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\Windows\system32\Wintrust.dll'
11093e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
11103e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
11113e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008eac80:C:\Windows\system32 [calling]
11123e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11133e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefc730000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
11143e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11153e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc730000 'C:\Windows\system32\bcrypt.dll'
11163e98.2c60: bcrypt.dll loaded at 000007fefc730000, BCryptOpenAlgorithmProvider at 000007fefc732640, preloading providers:
11173e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11183e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
11193e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
11203e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
11213e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11223e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11233e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11243e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11253e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11263e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11273e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
11283e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
11293e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11303e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11313e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11323e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11333e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11343e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11353e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11363e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
11373e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11383e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefc230000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
11393e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11403e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefe140000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
11413e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11423e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
11433e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
11443e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
11453e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
11463e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
11473e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
11483e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc230000 'C:\Windows\system32\bcryptprimitives.dll'
11493e98.2c60: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008ec360)
11503e98.2c60: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008eda50)
11513e98.2c60: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008ef400)
11523e98.2c60: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008ef520)
11533e98.2c60: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008ef640)
11543e98.2c60: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008ef760)
11553e98.2c60: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008ef9a0)
11563e98.2c60: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008efac0)
11573e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
11583e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
11593e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11603e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11613e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11623e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11633e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11643e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11653e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
11663e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11673e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefc760000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
11683e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11693e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc760000 'C:\Windows\system32\CRYPTSP.dll'
11703e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11713e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
11723e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
11733e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11743e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11753e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11763e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
11773e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11783e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefc2e0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
11793e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11803e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2e0000 'C:\Windows\system32\rsaenh.dll'
11813e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11823e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
11833e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe140000 'C:\Windows\system32\ADVAPI32.dll'
11843e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
11853e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
11863e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
11873e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11883e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefcc60000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
11893e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11903e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc60000 'C:\Windows\system32\CRYPTBASE.dll'
11913e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
11923e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
11933e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32\kernel32.dll'
11943e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11953e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
11963e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\Windows\system32\WINTRUST.DLL'
11973e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11983e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
11993e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\CRYPT32.dll'
12003e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12013e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
12023e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
12033e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
12043e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12053e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12063e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12073e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12083e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12093e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12103e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
12113e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
12123e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefdaf0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
12133e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
12143e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaf0000 'C:\Windows\system32\imagehlp.dll'
12153e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
12163e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
12173e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc760000 'C:\Windows\system32\CRYPTSP.dll'
12183e98.2c60: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is administrators group.
12193e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
12203e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
12213e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
12223e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12233e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12243e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
12253e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
12263e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
12273e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
12283e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
12293e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
12303e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
12313e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12323e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
12333e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
12343e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
12353e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12373e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12383e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
12393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
12403e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12413e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12423e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
12433e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
12443e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
12453e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12463e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12473e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12483e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12493e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12503e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12513e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12523e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12533e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12543e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12553e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12563e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12573e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12583e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12593e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12603e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
12613e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12623e98.2c60: supR3HardenedDllNotificationCallback: load 0000000076fa0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
12633e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12643e98.2c60: supR3HardenedDllNotificationCallback: load 000007feff130000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
12653e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12663e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefe360000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
12673e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
12683e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefe070000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
12693e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
12703e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12713e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
12723e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff130000 'C:\Windows\system32\gdi32.dll'
12733e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
12743e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
12753e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
12763e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
12773e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
12783e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
12793e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
12803e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12813e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
12823e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
12833e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
12843e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
12853e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
12863e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12883e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12893e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12903e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12913e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12923e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
12933e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
12943e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
12953e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12963e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12973e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12983e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12993e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13003e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13013e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13023e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13033e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13043e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13053e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
13063e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefe370000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
13073e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
13083e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefd2f0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
13093e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
13103e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe370000 'C:\Windows\system32\IMM32.DLL'
13113e98.2c60: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: Owner is administrators group.
13123e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
13133e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13143e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
13153e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll)
13163e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
13173e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13183e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13193e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13203e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13213e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13223e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13233e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
13243e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
13253e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13263e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\version.dll)
13273e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
13283e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13293e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13303e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13313e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13323e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
13333e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefcd80000 LB 0x00031000 C:\Windows\system32\nvinitx.dll [fFlags=0x0]
13343e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
13353e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\version.dll [lacks WinVerifyTrust]
13363e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefcd70000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
13373e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\version.dll [lacks WinVerifyTrust]
13383e98.2c60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\NV\nvd3dumx.dll': 203 (NtPath=\??\C:\Windows\system32\NV\nvd3dumx.dll; Input=C:\Windows\system32\NV\nvd3dumx.dll; rcNtGetDll=0x0
13393e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NV\nvd3dumx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13403e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\NV\nvd3dumx.dll'
13413e98.2c60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\NV\nvwgf2umx.dll': 126 (NtPath=\??\C:\Windows\system32\NV\nvwgf2umx.dll; Input=C:\Windows\system32\NV\nvwgf2umx.dll; rcNtGetDll=0x0
13423e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NV\nvwgf2umx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13433e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\NV\nvwgf2umx.dll'
13443e98.2c60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\NV\nvwgf2umx.dll': 126 (NtPath=\??\C:\Windows\system32\NV\nvwgf2umx.dll; Input=C:\Windows\system32\NV\nvwgf2umx.dll; rcNtGetDll=0x0
13453e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NV\nvwgf2umx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13463e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\NV\nvwgf2umx.dll'
13473e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd80000 'C:\Windows\system32\nvinitx.dll'
13483e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fa0000 'C:\Windows\system32\USER32.dll'
13493e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
13503e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13513e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
13523e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
13533e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
13543e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
13553e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
13563e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
13573e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13583e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13593e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13603e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13613e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13623e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13633e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13643e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
13653e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefc780000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
13663e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
13673e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc780000 'C:\Windows\system32\ncrypt.dll'
13683e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13693e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13703e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc730000 'C:\Windows\system32\bcrypt.dll'
13713e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13723e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13733e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
13743e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
13753e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
13763e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
13773e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
13783e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13793e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
13803e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
13813e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13823e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13833e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13843e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13853e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13863e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13883e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13893e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13903e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13913e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
13923e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefd170000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
13933e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
13943e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefce50000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
13953e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
13963e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\Windows\system32\USERENV.dll'
13973e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
13983e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13993e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14003e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
14013e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14023e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
14033e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
14043e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
14053e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14063e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14073e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14083e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14093e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14103e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14113e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14123e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
14133e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefc060000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
14143e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
14153e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc060000 'C:\Windows\system32\GPAPI.dll'
14163e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14173e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
14183e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14193e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14203e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe230000 'C:\Windows\system32\rpcrt4.dll'
14213e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14223e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-WIN-Service-Management-L2-1-0.dll'
14233e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14243e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
14253e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14263e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
14273e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
14283e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
14293e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
14303e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
14313e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
14323e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
14333e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14343e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
14353e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
14363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
14373e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
14383e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14403e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14413e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
14423e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14433e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14443e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14453e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14463e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14473e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14483e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14493e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14503e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef8330000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
14513e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14523e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefe010000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
14533e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
14543e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14553e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14563e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14573e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14583e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14593e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14603e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14613e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14623e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14633e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14643e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14653e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14663e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14673e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14683e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14693e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14703e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14713e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14723e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14733e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14743e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14753e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14763e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14773e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14783e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14793e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14803e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14813e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14823e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14833e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14843e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8330000 'C:\Windows\system32\cryptnet.dll'
14853e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14863e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
14873e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
14883e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
14893e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce50000 'C:\Windows\system32\profapi.dll'
14903e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14913e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14923e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
14933e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
14943e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
14953e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14963e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14973e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14983e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14993e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15003e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15013e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15023e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15033e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15043e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
15053e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
15063e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefdc00000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
15073e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
15083e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc00000 'C:\Windows\system32\SHLWAPI.dll'
15093e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
15103e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000e75480
15113e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15123e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EDC3F71C5551972E1510D1BCC6D436D5B6B426E8
15133e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
15143e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
15153e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
15163e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
15173e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
15183e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
15193e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
15203e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
15213e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe140000 'C:\Windows\system32\ADVAPI32.dll'
15223e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
15233e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
15243e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
15253e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
15263e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
15273e98.2c60: g_pfnWinVerifyTrust=000007fefd1b1010
15283e98.2c60: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
15293e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
15303e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15313e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15323e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
15333e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
15343e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15353e98.2c60: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
15363e98.2c60: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
15373e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
15383e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15393e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15403e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
15413e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
15423e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15433e98.2c60: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
15443e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
15453e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15463e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15473e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
15483e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
15493e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15503e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
15513e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
15523e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15533e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15543e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
15553e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
15563e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15573e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
15583e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
15593e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15603e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15613e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
15623e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
15633e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15643e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
15653e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
15663e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15673e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15683e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
15693e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
15703e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15713e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
15723e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
15733e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15743e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15753e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
15763e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
15773e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15783e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
15793e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
15803e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15813e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15823e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
15833e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
15843e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15853e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
15863e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
15873e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15883e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15893e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=327561BCBADC135831FD13C5C67C5E26F4E2B805
15903e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
15913e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15923e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
15933e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
15943e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
15953e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
15963e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
15973e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
15983e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15993e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
16003e98.2c60: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
16013e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\nvinitx.dll
16023e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
16033e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
16043e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45DBD259C1A515AEA48781E86B75FB8C47C73A66
16053e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT'; file='\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
16063e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
16073e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
16083e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
16093e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
16103e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
16113e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
16123e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
16133e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16143e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
16153e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
16163e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
16173e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
16183e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
16193e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
16203e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16213e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
16223e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
16233e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
16243e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
16253e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
16263e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
16273e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16283e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
16293e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
16303e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
16313e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
16323e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF72C9DFDFB7D1CBA26FE4829B56F7B244C8A875
16333e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3079904~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
16343e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16353e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
16363e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
16373e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
16383e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
16393e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB178841F5FFC6B05E668168217B0AC222A62955
16403e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
16413e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16423e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
16433e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
16443e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e75480
16453e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e75480
16463e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7DC496F06553DAC9BBB7B106A5859A9B7459010
16473e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
16483e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000032aa0d0
16493e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
16503e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7DC496F06553DAC9BBB7B106A5859A9B7459010
16513e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
16523e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000032aa190
16533e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa190
16543e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=72ED1EBF7CCEC3B4314BFD42BB8BEA0BB256C4D51D36CAB5E46777893F257BB3
16553e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
16563e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
16573e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
16583e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
16593e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
16603e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
16613e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
16623e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
16633e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16643e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
16653e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
16663e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
16673e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
16683e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=950A18CED6C5D5CAB1335676119FFFE11307EF04
16693e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
16703e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16713e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
16723e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
16733e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
16743e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
16753e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
16763e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
16773e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
16783e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16793e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
16803e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
16813e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
16823e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
16833e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
16843e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
16853e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16863e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
16873e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
16883e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
16893e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
16903e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9BBB1FC4DED54F17702B287B63F8FE24EE5D7844
16913e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
16923e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16933e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
16943e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
16953e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
16963e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
16973e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
16983e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
16993e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
17003e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17013e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
17023e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
17033e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
17043e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
17053e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
17063e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
17073e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17083e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
17093e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
17103e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
17113e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
17123e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
17133e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
17143e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17153e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
17163e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
17173e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
17183e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
17193e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E38DB7758ACD985E98AD6101CED724203843D038
17203e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3057154~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
17213e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17223e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
17233e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
17243e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
17253e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
17263e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
17273e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FD34F960ED54F1FB26E76A32FB91273E3093869E
17283e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
17293e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17303e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
17313e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
17323e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
17333e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
17343e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C47BBB61CB0D4D781B3BEC602422D40A0784762
17353e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
17363e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17373e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
17383e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
17393e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000e29fc0:C:\Windows\system32 [calling]
17403e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\crypt32.dll'
17413e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xeb4f412994d8c700 C=ES, CN=Qustodio (99851)
17423e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
17433e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
17443e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
17453e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x49e55d8c4f7cb700 C=XX, L=Default City, O=Default Company Ltd, CN=www.mte2342343.com
17463e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
17473e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xc9ffcdea94ec500 OU=generated by avast! antivirus for SSL/TLS scanning, O=avast! Web/Mail Shield, CN=avast! Web/Mail Shield Root
17483e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
17493e98.2c60: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BZ, ST=Belize, L=Belize City, O=DT Soft Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=DT Soft Ltd
17503e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
17513e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
17523e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
17533e98.2c60: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=JP, O=SECOM Trust Systems CO.,LTD., CN=SECOM Passport for Web SR 2.0 CA
17543e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
17553e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
17563e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
17573e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
17583e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
17593e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
17603e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
17613e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
17623e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
17633e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
17643e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
17653e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
17663e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
17673e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
17683e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
17693e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
17703e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
17713e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
17723e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
17733e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
17743e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
17753e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
17763e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
17773e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
17783e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
17793e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
17803e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
17813e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
17823e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
17833e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
17843e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
17853e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
17863e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
17873e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
17883e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
17893e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x6b2e1733cc84b400 C=US, O=AffirmTrust, CN=AffirmTrust Networking
17903e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
17913e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
17923e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
17933e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
17943e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
17953e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
17963e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
17973e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
17983e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
17993e98.2c60: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
18003e98.2c60: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=57
18013e98.2c60: SUPR3HardenedMain: Load Runtime...
18023e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18033e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18043e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
18053e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
18063e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
18073e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18083e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18093e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18103e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
18113e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18123e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18133e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000410 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18143e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
18153e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
18163e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
18173e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
18183e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18193e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18203e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
18213e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
18223e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
18233e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18243e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18253e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18263e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18273e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
18283e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18293e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18303e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18313e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
18323e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
18333e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18343e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18353e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
18363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
18373e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
18383e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f8 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
18393e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
18403e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
18413e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
18423e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
18433e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18443e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
18453e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
18463e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18473e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18483e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
18493e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18503e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18513e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
18523e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18533e98.2c60: supR3HardenedDllNotificationCallback: load 000007fee02d0000 LB 0x00543000 B:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
18543e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18553e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
18563e98.2c60: supR3HardenedDllNotificationCallback: load 0000000065e60000 LB 0x000d2000 B:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
18573e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
18583e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18593e98.2c60: supR3HardenedDllNotificationCallback: load 0000000066330000 LB 0x00098000 B:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
18603e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18613e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefdb10000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
18623e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18633e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefe220000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
18643e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
18653e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18663e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
18673e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18683e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18693e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
18703e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18713e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18723e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
18733e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18743e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18753e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
18763e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18773e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18783e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
18793e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18803e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18813e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
18823e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18833e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18843e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18853e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18863e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18873e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18883e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18893e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18903e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
18913e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
18923e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18933e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18943e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18953e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18963e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18973e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18983e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18993e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19003e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19013e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19023e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19033e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19043e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19053e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19063e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19073e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19083e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
19093e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a5f50:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Acronis\TrueImageHome\;B:\Program Files\WIDCOMM\Bluetooth Software\;B:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;B:\Program Files\TortoiseSVN\bin;C:\SiudiDriver\XHardwareLibrary;B:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;B:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Skype\Phone\ [calling]
19103e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19113e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19123e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19133e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee02d0000 'B:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19143e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
19153e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000e86e30:C:\Windows\system32 [calling]
19163e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\Windows\system32\Wintrust.dll'
19173e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
19183e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000e86e30:C:\Windows\system32 [calling]
19193e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\crypt32.dll'
19203e98.2c60: SUPR3HardenedMain: Load TrustedMain...
19213e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
19223e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
19233e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
19243e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
19253e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
19263e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
19273e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
19283e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
19293e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
19303e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
19313e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
19323e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
19333e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
19343e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
19353e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
19363e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
19373e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
19383e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
19393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19403e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19413e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
19423e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
19433e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
19443e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
19453e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
19463e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19473e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19483e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19493e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
19503e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
19513e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
19523e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
19533e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
19543e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
19553e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
19563e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
19573e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
19583e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19593e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19603e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
19613e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19623e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
19633e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
19643e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19653e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
19663e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
19673e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19683e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19693e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19703e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
19713e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
19723e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
19733e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
19743e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19753e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
19763e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19773e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
19783e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
19793e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
19803e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
19813e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19823e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19833e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19843e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
19853e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
19863e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
19873e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
19883e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
19893e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19903e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19913e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
19923e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
19933e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
19943e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
19953e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
19963e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19973e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19983e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
19993e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
20003e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
20013e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ED534A13973A0F8A98CD4EDC6CBC56E0448E994
20023e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3039066~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
20033e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20043e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20053e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
20063e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
20073e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
20083e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
20093e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
20103e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20113e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20123e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20133e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20143e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20153e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20163e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20173e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20183e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
20193e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
20203e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
20213e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
20223e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
20233e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
20243e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
20253e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
20263e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
20273e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
20283e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
20293e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
20303e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
20313e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
20323e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
20333e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
20343e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
20353e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
20363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
20373e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
20383e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
20393e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
20403e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
20413e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
20423e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
20433e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
20443e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
20453e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
20463e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
20473e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
20483e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
20493e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
20503e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
20513e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
20523e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
20533e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
20543e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
20553e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
20563e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20573e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
20583e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
20593e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
20603e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
20613e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20623e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20633e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20643e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
20653e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20663e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20673e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
20683e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20693e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20703e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20713e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20723e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
20733e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
20743e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
20753e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
20763e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
20773e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20783e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20793e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20803e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
20813e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
20823e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
20833e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
20843e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
20853e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
20863e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20883e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
20893e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
20903e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
20913e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
20923e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
20933e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
20943e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
20953e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20963e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20973e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20983e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
20993e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
21003e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
21013e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
21023e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
21033e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
21043e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
21053e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
21063e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
21073e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
21083e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
21093e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
21103e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
21113e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21123e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21133e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
21143e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21153e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
21163e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
21173e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21183e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21193e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21203e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21213e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
21223e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21233e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21243e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21253e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21263e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
21273e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21283e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21293e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
21303e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21313e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21323e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21333e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21343e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21353e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21373e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21383e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21403e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21413e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21423e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
21433e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21443e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21453e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
21463e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
21473e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
21483e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
21493e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21503e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21513e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21523e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21533e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21543e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21553e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21563e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21573e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21583e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21593e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
21603e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
21613e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
21623e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
21633e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
21643e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
21653e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
21663e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21673e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21683e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
21693e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
21703e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
21713e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
21723e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
21733e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
21743e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21753e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21763e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21773e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
21783e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21793e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21803e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21813e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
21823e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
21833e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
21843e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21853e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21863e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21883e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
21893e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
21903e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
21913e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
21923e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21933e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21943e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21953e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21963e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21973e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
21983e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
21993e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
22003e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
22013e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
22023e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
22033e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
22043e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22053e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22063e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22073e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22083e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
22093e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
22103e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22113e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22123e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22133e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22143e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22153e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22163e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22173e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
22183e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22193e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22203e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22213e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22223e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22233e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22243e98.2c60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
22253e98.2c60: Error (rc=0):
22263e98.2c60: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
22273e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22283e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22293e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22303e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22313e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22323e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22333e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22343e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22353e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22373e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22383e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22403e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22413e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22423e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22433e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22443e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22453e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
22463e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
22473e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
22483e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
22493e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
22503e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
22513e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
22523e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22533e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
22543e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
22553e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22563e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
22573e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
22583e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22593e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22603e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22613e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22623e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22633e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22643e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
22653e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22663e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22673e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22683e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22693e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22703e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22713e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22723e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22733e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22743e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22753e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
22763e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22773e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22783e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22793e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22803e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22813e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22823e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22833e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22843e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22853e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22863e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
22873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
22883e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22893e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22903e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22913e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
22923e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
22933e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
22943e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
22953e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
22963e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
22973e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
22983e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22993e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23003e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23013e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23023e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
23033e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
23043e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23053e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23063e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
23073e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
23083e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
23093e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
23103e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
23113e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23123e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
23133e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
23143e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
23153e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
23163e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
23173e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
23183e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
23193e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
23203e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23213e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23223e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23233e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
23243e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
23253e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
23263e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
23273e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
23283e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8C9D8A0CA28E607D6CBDB572E9C7896DA20280E0
23293e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3079904~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
23303e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23313e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23323e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
23333e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23343e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
23353e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
23363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23373e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23383e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23403e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23413e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23423e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23433e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23443e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23453e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23463e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
23473e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
23483e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
23493e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
23503e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
23513e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
23523e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
23533e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23543e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23553e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
23563e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
23573e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
23583e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23593e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23603e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23613e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23623e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23633e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23643e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23653e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23663e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23673e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23683e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23693e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23703e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23713e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
23723e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
23733e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
23743e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
23753e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
23763e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23773e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23783e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
23793e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23803e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
23813e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
23823e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23833e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23843e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23853e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23863e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23883e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23893e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23903e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23913e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23923e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23933e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23943e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23953e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23963e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
23973e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23983e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23993e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24003e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
24013e98.2c60: supR3HardenedDllNotificationCallback: load 000007fee7d60000 LB 0x00ab0000 B:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
24023e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
24033e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24043e98.2c60: supR3HardenedDllNotificationCallback: load 000007feed320000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
24053e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24063e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
24073e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef1590000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
24083e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
24093e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
24103e98.2c60: supR3HardenedDllNotificationCallback: load 000007feeaac0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
24113e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
24123e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
24133e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef67b0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
24143e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
24153e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
24163e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24173e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefd130000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
24183e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
24193e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefd210000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
24203e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24213e98.2c60: supR3HardenedDllNotificationCallback: load 000007feff1a0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
24223e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24233e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefd090000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
24243e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
24253e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24263e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefaf70000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
24273e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24283e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
24293e98.2c60: supR3HardenedDllNotificationCallback: load 0000000062680000 LB 0x002de000 B:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
24303e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
24313e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
24323e98.2c60: supR3HardenedDllNotificationCallback: load 00000000646f0000 LB 0x0096c000 B:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
24333e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
24343e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
24353e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
24363e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
24373e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
24383e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
24393e98.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
24403e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
24413e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef9530000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
24423e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
24433e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefe3a0000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
24443e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24453e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
24463e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef9160000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
24473e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
24483e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
24493e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefad20000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
24503e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
24513e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
24523e98.2c60: supR3HardenedDllNotificationCallback: load 0000000062570000 LB 0x00105000 B:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
24533e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
24543e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
24553e98.2c60: supR3HardenedDllNotificationCallback: load 000000005fcf0000 LB 0x000dc000 B:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
24563e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
24573e98.2c60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
24583e98.2c60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
24593e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
24603e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24613e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24623e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24633e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24643e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24653e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24663e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000945160:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24673e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe370000 'C:\Windows\system32\imm32.dll'
24683e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7d60000 'B:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
24693e98.2c60: SUPR3HardenedMain: Calling TrustedMain (000007fee7d61770)...
24703e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
24713e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24723e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9160000 'C:\Windows\system32\winmm.dll'
24733e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000056c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
24743e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
24753e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
24763e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
24773e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
24783e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24793e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24803e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24813e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
24823e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
24833e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
24843e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24853e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24863e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24883e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24893e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24903e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
24913e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032b00e0:C:\Windows\system32;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24923e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
24933e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefb340000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
24943e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
24953e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\uxtheme.dll'
24963e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
24973e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032b00e0:C:\Windows\system32;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24983e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\uxtheme.dll'
24993e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25003e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032b0be0:C:\Windows\system32;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25013e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\uxtheme.dll'
25023e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25033e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032b0be0:C:\Windows\system32;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25043e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\uxtheme.dll'
25053e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
25063e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25073e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf70000 'C:\Windows\system32\dwmapi.dll'
25083e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
25093e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25103e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc60000 'C:\Windows\system32\CRYPTBASE.dll'
25113e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
25123e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25133e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3a0000 'C:\Windows\system32\shell32.dll'
25143e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
25153e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25163e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32\kernel32.dll'
25173e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25183e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25193e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\uxtheme.dll'
25203e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25213e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25223e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\uxtheme.dll'
25233e98.2c60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
25243e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25253e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
25263e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25273e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25283e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\uxtheme.dll'
25293e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe140000 'C:\Windows\system32\advapi32.dll'
25303e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
25313e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25323e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\Windows\system32\userenv.dll'
25333e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
25343e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25353e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32\kernel32.dll'
25363e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
25373e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
25383e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
25393e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
25403e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
25413e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25423e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25433e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
25443e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25453e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25463e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
25473e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
25483e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
25493e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
25503e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25513e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25523e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25533e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25543e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
25553e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25563e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25573e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25583e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25593e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25603e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25613e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25623e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25633e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25643e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000944bc0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25653e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
25663e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefda50000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
25673e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
25683e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\Windows\system32\CLBCatQ.DLL'
25693e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
25703e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000945430:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25713e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe140000 'C:\Windows\system32\ADVAPI32.dll'
25723e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
25733e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009453a0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25743e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc760000 'C:\Windows\system32\CRYPTSP.dll'
25753e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e0 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
25763e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
25773e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
25783e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
25793e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
25803e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25813e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
25823e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
25833e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
25843e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25853e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25863e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009453a0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25873e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
25883e98.2c60: supR3HardenedDllNotificationCallback: load 000007fefcd10000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
25893e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
25903e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd10000 'C:\Windows\system32\RpcRtRemote.dll'
25913e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25923e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25933e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
25943e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
25953e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
25963e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
25973e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
25983e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
25993e98.2fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
26003e98.2fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
26013e98.2fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
26023e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26033e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26043e98.2fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26053e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26063e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26073e98.2fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
26083e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26093e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26103e98.2fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26113e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
26123e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
26133e98.2fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
26143e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26153e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26163e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26173e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26183e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
26193e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
26203e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000624 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
26213e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
26223e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
26233e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
26243e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
26253e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26263e98.2fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)WinVerifyTrust
26273e98.2fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
26283e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26293e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26303e98.2fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
26313e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26323e98.2fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26333e98.2fb8: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009803b0:B:\Program Files\Oracle\VirtualBox;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26343e98.2fb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
26353e98.2fb8: supR3HardenedDllNotificationCallback: load 000007fee7780000 LB 0x005d5000 B:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
26363e98.2fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
26373e98.2fb8: supR3HardenedDllNotificationCallback: load 0000000077270000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
26383e98.2fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
26393e98.2fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7780000 'B:\Program Files\Oracle\VirtualBox\VBoxC.dll'
26403e98.2fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26413e98.2fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032b0be0:C:\Windows\system32;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26423e98.2fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\oleaut32.dll'
26433e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000648 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
26443e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
26453e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
26463e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
26473e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
26483e98.2fb8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26493e98.2fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)WinVerifyTrust
26503e98.2fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
26513e98.2fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000945820:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26523e98.2fb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
26533e98.2fb8: supR3HardenedDllNotificationCallback: load 000007fefcc70000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
26543e98.2fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
26553e98.2fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc70000 'C:\Windows\system32\SXS.DLL'
26563e98.2fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe140000 'C:\Windows\system32\ADVAPI32.dll'
26573e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26583e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003276f70:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26593e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\OLEAUT32.dll'
26603e98.2c60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
26613e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003277480:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26623e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
26633e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff130000 'C:\Windows\system32\gdi32.dll'
26643e98.24d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26653e98.24d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26663e98.24d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
26673e98.24d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
26683e98.24d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26693e98.24d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26703e98.24d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26713e98.24d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26723e98.24d8: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003277360:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26733e98.24d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
26743e98.24d8: supR3HardenedDllNotificationCallback: load 000007fefa9f0000 LB 0x0000d000 B:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
26753e98.24d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
26763e98.24d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
26773e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
26783e98.2c60: Error (rc=0):
26793e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Windows\System32\user32.dll
26803e98.2c60: Error (rc=0):
26813e98.2c60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\user32.dll' (C:\Windows\system32\user32.dll): rcNt=0xc0000190
26823e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\user32.dll'
26833e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26843e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000033c9ad0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
26853e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3a0000 'C:\Windows\system32\shell32.dll'
26863e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
26873e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
26883e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
26893e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26903e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26913e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll)WinVerifyTrust
26923e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
26933e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26943e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26953e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26963e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26973e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26983e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
26993e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
27003e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
27013e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
27023e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27033e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27043e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27053e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27063e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000033766b0:C:\Program Files\WIDCOMM\Bluetooth Software;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27073e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
27083e98.2c60: supR3HardenedDllNotificationCallback: load 0000000010000000 LB 0x00065000 C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll [fFlags=0x0]
27093e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
27103e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
27113e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\PSAPI.DLL (Input=PSAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60870:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27123e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077270000 'C:\Windows\system32\PSAPI.DLL'
27133e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000010000000 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
27143e98.2c60: \Device\HarddiskVolume2\Users\Billy\AppData\Local\Temp\ammemb64.dll: Owner is administrators group.
27153e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'oleaut32.dll'.
27163e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
27173e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
27183e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27193e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msimg32.dll'.
27203e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
27213e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'version.dll'.
27223e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
27233e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
27243e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
27253e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
27263e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'user32.dll'.
27273e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'comctl32.dll'.
27283e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'shell32.dll'.
27293e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'shlwapi.dll'.
27303e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'user32.dll'.
27313e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'gdi32.dll'.
27323e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'shlwapi.dll'.
27333e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
27343e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Users\Billy\AppData\Local\Temp\ammemb64.dll)WinVerifyTrust
27353e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Users\Billy\AppData\Local\Temp\ammemb64.dll
27363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27373e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27383e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
27393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
27403e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
27413e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27423e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27433e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27443e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27453e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
27463e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
27473e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
27483e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
27493e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
27503e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
27513e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
27523e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
27533e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comctl32.dll
27543e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27553e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27563e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27573e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27583e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27593e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27603e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
27613e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27623e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27633e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27643e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27653e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
27663e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
27673e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
27683e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27693e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27703e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
27713e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
27723e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume2\Windows\System32\msimg32.dll
27733e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
27743e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
27753e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD85FB140648D8D237C5E42CF5D75761964E08F0
27763e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\msimg32.dll'
27773e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27783e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
27793e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msimg32.dll)WinVerifyTrust
27803e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msimg32.dll
27813e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27823e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27833e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27843e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27853e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27863e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27873e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27883e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27893e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27903e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27913e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\Billy\AppData\Local\Temp\ammemb64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000980ca0:C:\Users\Billy\AppData\Local\Temp;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
27923e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Users\Billy\AppData\Local\Temp\ammemb64.dll
27933e98.2c60: supR3HardenedDllNotificationCallback: load 0000000005de0000 LB 0x001c1000 C:\Users\Billy\AppData\Local\Temp\ammemb64.dll [fFlags=0x0]
27943e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Users\Billy\AppData\Local\Temp\ammemb64.dll
27953e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll
27963e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef9200000 LB 0x00007000 C:\Windows\system32\msimg32.dll [fFlags=0x0]
27973e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll
27983e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
27993e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60870:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28003e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32\kernel32.dll'
28013e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28023e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60870:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28033e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32\kernel32.dll'
28043e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
28053e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (Input=shell32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60870:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28063e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3a0000 'C:\Windows\system32\shell32.dll'
28073e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
28083e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shlwapi.dll (Input=shlwapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60870:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28093e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc00000 'C:\Windows\system32\shlwapi.dll'
28103e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\uxtheme.dll'
28113e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28123e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60870:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28133e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf70000 'C:\Windows\system32\dwmapi.dll'
28143e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000005de0000 'C:\Users\Billy\AppData\Local\Temp\ammemb64.dll'
28153e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe140000 'C:\Windows\system32\ADVAPI32.dll'
28163e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28173e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60870:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28183e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32\kernel32.dll'
28193e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1a0000 'C:\Windows\system32\ole32.dll'
28203e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1a0000 'C:\Windows\system32\ole32.dll'
28213e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\OLEAUT32.dll'
28223e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a84 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
28233e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
28243e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
28253e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
28263e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
28273e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28283e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28293e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
28303e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
28313e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28323e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
28333e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
28343e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
28353e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
28363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28373e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28383e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
28393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28403e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28413e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28423e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28433e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28443e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28453e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
28463e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
28473e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a78 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
28483e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
28493e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
28503e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
28513e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
28523e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28533e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28543e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
28553e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
28563e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28573e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
28583e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
28593e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
28603e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28613e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28623e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28633e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28643e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
28653e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28663e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28673e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28683e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28693e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28703e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28713e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28723e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28733e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000033c9ad0:C:\Windows\system32\wbem;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28743e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
28753e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef9110000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
28763e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
28773e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
28783e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef8690000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
28793e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
28803e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9110000 'C:\Windows\system32\wbem\wbemprox.dll'
28813e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
28823e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
28833e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
28843e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
28853e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
28863e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28873e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28883e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
28893e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
28903e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
28913e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28923e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28933e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28943e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28953e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000033c9ad0:C:\Windows\system32\wbem;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
28963e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
28973e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef9040000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
28983e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
28993e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9040000 'C:\Windows\system32\wbem\wbemsvc.dll'
29003e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aac pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29013e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
29023e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
29033e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
29043e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
29053e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29063e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29073e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
29083e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
29093e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
29103e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29113e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
29123e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
29133e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29143e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
29153e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
29163e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a70 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29173e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
29183e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
29193e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
29203e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
29213e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29223e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29233e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
29243e98.2c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
29253e98.2c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll)WinVerifyTrust
29263e98.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29273e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29283e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29293e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29303e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29313e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29323e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29333e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
29343e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
29353e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
29363e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29373e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29383e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29393e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29403e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29413e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29423e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29433e98.2c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
29443e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29453e98.2c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29463e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000033c9ad0:C:\Windows\system32\wbem;B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29473e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29483e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef8380000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
29493e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29503e98.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29513e98.2c60: supR3HardenedDllNotificationCallback: load 000007fef8ab0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
29523e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29533e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8380000 'C:\Windows\system32\wbem\fastprox.dll'
29543e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
29553e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60510:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29563e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\OLEAUT32.dll'
29573e98.2c60: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
29583e98.2c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
29593e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
29603e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
29613e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
29623e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
29633e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
29643e98.2c60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29653e98.2c60: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
29663e98.2c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29673e98.2c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9530000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
29683e98.1f80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29693e98.1f80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
29703e98.1f80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29713e98.1f80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
29723e98.1f80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29733e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29743e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29753e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
29763e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
29773e98.1f80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
29783e98.1f80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29793e98.1f80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
29803e98.1f80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
29813e98.1f80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
29823e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29833e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29843e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29853e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29863e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29873e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29883e98.1f80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29893e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29903e98.1f80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29913e98.1f80: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f60630:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
29923e98.1f80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29933e98.1f80: supR3HardenedDllNotificationCallback: load 000007feea040000 LB 0x00291000 B:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
29943e98.1f80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29953e98.1f80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
29963e98.1f80: supR3HardenedDllNotificationCallback: load 000000005fad0000 LB 0x0010a000 B:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
29973e98.1f80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
29983e98.1f80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea040000 'B:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
29993e98.e30: \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys: Owner is administrators group.
30003e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30013e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys)
30023e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
30033e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [avoiding WinVerifyTrust]
30043e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30053e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
30063e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
30073e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
30083e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30093e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
30103e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
30113e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
30123e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
30133e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
30143e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
30153e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
30163e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
30173e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30183e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
30193e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
30203e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
30213e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
30223e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
30233e98.2694: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
30243e98.2694: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
30253e98.2694: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
30263e98.2694: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
30273e98.2694: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys'
30283e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30293e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30303e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30313e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
30323e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
30333e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30343e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30353e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30363e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30373e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30383e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30393e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30403e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30413e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30423e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30433e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
30443e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
30453e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30463e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
30473e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
30483e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys)WinVerifyTrust
30493e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
30503e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
30513e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
30523e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30533e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
30543e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
30553e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys)WinVerifyTrust
30563e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
30573e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
30583e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
30593e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
30603e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
30613e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'kdcom.dll'.
30623e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'clfs.sys'.
30633e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ci.dll'.
30643e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe)WinVerifyTrust
30653e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
30663e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
30673e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
30683e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
30693e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
30703e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
30713e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
30723e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
30733e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
30743e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
30753e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
30763e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
30773e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
30783e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
30793e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
30803e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
30813e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
30823e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
30833e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30843e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll)WinVerifyTrust
30853e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
30863e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
30873e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume2\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
30883e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30893e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clfs.sys)WinVerifyTrust
30903e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clfs.sys
30913e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
30923e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
30933e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
30943e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
30953e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll)WinVerifyTrust
30963e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
30973e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
30983e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
30993e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
31003e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
31013e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
31023e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll)WinVerifyTrust
31033e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
31043e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
31053e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
31063e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
31073e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
31083e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL)WinVerifyTrust
31093e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
31103e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
31113e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
31123e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
31133e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
31143e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
31153e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
31163e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
31173e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
31183e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
31193e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
31203e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
31213e98.2694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
31223e98.2694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys)WinVerifyTrust
31233e98.2694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
31243e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
31253e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
31263e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
31273e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
31283e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
31293e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
31303e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
31313e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
31323e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
31333e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
31343e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
31353e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
31363e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
31373e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
31383e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
31393e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
31403e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
31413e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
31423e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
31433e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
31443e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll
31453e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
31463e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
31473e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
31483e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
31493e98.2694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
31503e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
31513e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
31523e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
31533e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
31543e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
31553e98.2694: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
31563e98.2694: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032775a0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31573e98.2694: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
31583e98.2694: supR3HardenedDllNotificationCallback: load 000007fef8720000 LB 0x0000a000 B:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
31593e98.2694: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
31603e98.2694: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8720000 'B:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
31613e98.36e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31623e98.36e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31633e98.36e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31643e98.36e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
31653e98.36e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
31663e98.36e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31673e98.36e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31683e98.36e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31693e98.36e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31703e98.36e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
31713e98.36e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31723e98.36e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31733e98.36e4: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032775a0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31743e98.36e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
31753e98.36e4: supR3HardenedDllNotificationCallback: load 000007fef8370000 LB 0x0000d000 B:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
31763e98.36e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
31773e98.36e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8370000 'B:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
31783e98.1708: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31793e98.1708: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31803e98.1708: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31813e98.1708: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
31823e98.1708: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31833e98.1708: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31843e98.1708: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31853e98.1708: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31863e98.1708: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31873e98.1708: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
31883e98.1708: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31893e98.1708: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31903e98.1708: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032775a0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
31913e98.1708: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31923e98.1708: supR3HardenedDllNotificationCallback: load 000007fef8470000 LB 0x0000f000 B:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
31933e98.1708: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31943e98.1708: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8470000 'B:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
31953e98.2648: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31963e98.2648: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31973e98.2648: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31983e98.2648: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
31993e98.2648: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32003e98.2648: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32013e98.2648: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32023e98.2648: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32033e98.2648: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32043e98.2648: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32053e98.2648: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32063e98.2648: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032775a0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32073e98.2648: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32083e98.2648: supR3HardenedDllNotificationCallback: load 000007fef40b0000 LB 0x0000e000 B:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
32093e98.2648: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32103e98.2648: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'B:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
32113e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3a0000 'C:\Windows\system32/Shell32.dll'
32123e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1a0000 'C:\Windows\system32\ole32.dll'
32133e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004f82840:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32143e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
32153e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
32163e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82840:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32173e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce50000 'C:\Windows\system32\profapi.dll'
32183e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32193e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82840:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32203e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea040000 'B:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
32213e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32223e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32233e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
32243e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
32253e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
32263e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll)WinVerifyTrust
32273e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32283e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
32293e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
32303e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32313e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32323e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32333e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32343e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32353e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32363e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32373e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32383e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
32393e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82840:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
32403e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32413e98.e30: supR3HardenedDllNotificationCallback: load 000007fef1d90000 LB 0x00033000 B:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
32423e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32433e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d90000 'B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
32443e98.e30: supR3HardenedDllNotificationCallback: Unload 000007fef1d90000 LB 0x00033000 B:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
32453e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32463e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dsound.dll'.
32473e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
32483e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
32493e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxddu.dll'.
32503e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vboxdd2.dll'.
32513e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
32523e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
32533e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ws2_32.dll'.
32543e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
32553e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'iphlpapi.dll'.
32563e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
32573e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
32583e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
32593e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
32603e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cdc pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
32613e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
32623e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
32633e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
32643e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
32653e98.e30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32663e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32673e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
32683e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
32693e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
32703e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
32713e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
32723e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32733e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32743e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
32753e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32763e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32773e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
32783e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
32793e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
32803e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
32813e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32823e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32833e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
32843e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
32853e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32863e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32873e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32883e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
32893e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32903e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
32913e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
32923e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32933e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32943e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
32953e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
32963e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
32973e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
32983e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
32993e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
33003e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33013e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33023e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33033e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33043e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33053e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dsound.dll'...
33063e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'dsound.dll' -> '\Device\HarddiskVolume2\Windows\System32\dsound.dll' [rcNtRedir=0xc0150008]
33073e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cec pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
33083e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
33093e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
33103e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
33113e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
33123e98.e30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33133e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33143e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
33153e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
33163e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
33173e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
33183e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
33193e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll)WinVerifyTrust
33203e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
33213e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33223e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33233e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
33243e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
33253e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd0 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
33263e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
33273e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
33283e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
33293e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
33303e98.e30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33313e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33323e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
33333e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
33343e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)WinVerifyTrust
33353e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
33363e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33373e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33383e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
33393e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
33403e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
33413e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33423e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33433e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33443e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33453e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33463e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33473e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33483e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33493e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
33503e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
33513e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce4 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
33523e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
33533e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
33543e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
33553e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
33563e98.e30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33573e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33583e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
33593e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
33603e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
33613e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
33623e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
33633e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
33643e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust
33653e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
33663e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
33673e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
33683e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
33693e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33703e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33713e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33723e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33733e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33743e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33753e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33763e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33773e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33783e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33793e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33803e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33813e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33823e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33833e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33843e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
33853e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
33863e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce0 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
33873e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032aa0d0
33883e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032aa0d0
33893e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
33903e98.e30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
33913e98.e30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33923e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33933e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
33943e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
33953e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)WinVerifyTrust
33963e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
33973e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
33983e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
33993e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
34003e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34013e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34023e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
34033e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
34043e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
34053e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34063e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34073e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34083e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34093e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
34103e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
34113e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
34123e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
34133e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
34143e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
34153e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
34163e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
34173e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34183e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34193e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34203e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34213e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34223e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34233e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34243e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34253e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
34263e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
34273e98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
34283e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34293e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34303e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34313e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34323e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34333e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
34343e98.e30: supR3HardenedDllNotificationCallback: load 000007fedafd0000 LB 0x008d8000 B:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
34353e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
34363e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
34373e98.e30: supR3HardenedDllNotificationCallback: load 000007feee090000 LB 0x00088000 C:\Windows\system32\DSOUND.dll [fFlags=0x0]
34383e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
34393e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
34403e98.e30: supR3HardenedDllNotificationCallback: load 000007fefb8c0000 LB 0x0002c000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0]
34413e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
34423e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
34433e98.e30: supR3HardenedDllNotificationCallback: load 000007fef27d0000 LB 0x00061000 B:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
34443e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
34453e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
34463e98.e30: supR3HardenedDllNotificationCallback: load 000007fef1240000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
34473e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
34483e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34493e98.e30: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
34503e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
34513e98.e30: supR3HardenedDllNotificationCallback: load 000007fefc140000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
34523e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
34533e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
34543e98.e30: supR3HardenedDllNotificationCallback: load 000007fef20d0000 LB 0x00035000 B:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
34553e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
34563e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
34573e98.e30: supR3HardenedDllNotificationCallback: load 000007fef9be0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
34583e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
34593e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
34603e98.e30: supR3HardenedDllNotificationCallback: load 000007fef9bd0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
34613e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
34623e98.e30: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'.
34633e98.e30: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' [rescheduled]
34643e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
34653e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34663e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34673e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DSOUND.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f827b0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34683e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee090000 'C:\Windows\system32\DSOUND.dll'
34693e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedafd0000 'B:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
34703e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
34713e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34723e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
34733e98.e30: supR3HardenedDllNotificationCallback: load 000007fef1c10000 LB 0x00033000 B:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
34743e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
34753e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1c10000 'B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
34763e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
34773e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34783e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
34793e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7780000 'B:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
34803e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
34813e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34823e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
34833e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef20d0000 'B:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
34843e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34853e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
34863e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll)WinVerifyTrust
34873e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
34883e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34893e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34903e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34913e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34923e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
34933e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
34943e98.e30: supR3HardenedDllNotificationCallback: load 000007fef27b0000 LB 0x0001d000 B:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
34953e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
34963e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef27b0000 'B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
34973e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34983e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
34993e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll)WinVerifyTrust
35003e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
35013e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35023e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35033e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35043e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35053e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35063e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
35073e98.e30: supR3HardenedDllNotificationCallback: load 000007fef1db0000 LB 0x00018000 B:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
35083e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
35093e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1db0000 'B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
35103e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35113e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
35123e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll)WinVerifyTrust
35133e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
35143e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35153e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35163e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35173e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35183e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35193e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
35203e98.e30: supR3HardenedDllNotificationCallback: load 000007fef1df0000 LB 0x00019000 B:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
35213e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
35223e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1df0000 'B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
35233e98.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35243e98.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
35253e98.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
35263e98.37d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
35273e98.37d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
35283e98.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35293e98.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35303e98.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
35313e98.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
35323e98.37d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
35333e98.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35343e98.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35353e98.37d8: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032775a0:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35363e98.37d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
35373e98.37d8: supR3HardenedDllNotificationCallback: load 000007fef4b60000 LB 0x0000d000 B:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
35383e98.37d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
35393e98.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b60000 'B:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
35403e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35413e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
35423e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
35433e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
35443e98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
35453e98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll)WinVerifyTrust
35463e98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
35473e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35483e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35493e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
35503e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
35513e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35523e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35533e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35543e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35553e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35563e98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35573e98.e30: supR3HardenedMonitor_LdrLoadDll: pName=B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f82720:B:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
35583e98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
35593e98.e30: supR3HardenedDllNotificationCallback: load 000007fef1930000 LB 0x000c4000 B:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
35603e98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
35613e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1930000 'B:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
35623e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea040000 'B:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
35633e98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e80000 'C:\Windows\system32/kernel32.dll'
35643e98.1f80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\OLEAUT32.dll'
35653c78.1dc8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 22572 ms, the end);
35668a8.3754: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 23183 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy