30ec.3598: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000074 g_uNtVerCombined=0x611db110 30ec.3598: \SystemRoot\System32\ntdll.dll: 30ec.3598: CreationTime: 2013-12-16T17:46:21.136494200Z 30ec.3598: LastWriteTime: 2013-08-29T02:16:35.515578900Z 30ec.3598: ChangeTime: 2013-12-16T18:05:56.519173300Z 30ec.3598: FileAttributes: 0x20 30ec.3598: Size: 0x1a6dc0 30ec.3598: NT Headers: 0xe0 30ec.3598: Timestamp: 0x521eaf24 30ec.3598: Machine: 0x8664 - amd64 30ec.3598: Timestamp: 0x521eaf24 30ec.3598: Image Version: 6.1 30ec.3598: SizeOfImage: 0x1a9000 (1740800) 30ec.3598: Resource Dir: 0x151000 LB 0x560d8 30ec.3598: ProductName: Microsoft® Windows® Operating System 30ec.3598: ProductVersion: 6.1.7601.18247 30ec.3598: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 30ec.3598: FileDescription: NT Layer DLL 30ec.3598: \SystemRoot\System32\kernel32.dll: 30ec.3598: CreationTime: 2014-05-02T19:09:02.954739200Z 30ec.3598: LastWriteTime: 2014-03-04T09:44:00.336000000Z 30ec.3598: ChangeTime: 2014-05-02T20:39:36.806070000Z 30ec.3598: FileAttributes: 0x20 30ec.3598: Size: 0x11c000 30ec.3598: NT Headers: 0xe8 30ec.3598: Timestamp: 0x5315a059 30ec.3598: Machine: 0x8664 - amd64 30ec.3598: Timestamp: 0x5315a059 30ec.3598: Image Version: 6.1 30ec.3598: SizeOfImage: 0x11f000 (1175552) 30ec.3598: Resource Dir: 0x116000 LB 0x528 30ec.3598: ProductName: Microsoft® Windows® Operating System 30ec.3598: ProductVersion: 6.1.7601.18409 30ec.3598: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 30ec.3598: FileDescription: Windows NT BASE API Client DLL 30ec.3598: \SystemRoot\System32\KernelBase.dll: 30ec.3598: CreationTime: 2014-05-30T19:04:20.610299900Z 30ec.3598: LastWriteTime: 2014-03-04T09:44:00.336000000Z 30ec.3598: ChangeTime: 2014-05-30T20:35:31.675299900Z 30ec.3598: FileAttributes: 0x20 30ec.3598: Size: 0x67c00 30ec.3598: NT Headers: 0xe8 30ec.3598: Timestamp: 0x5315a05a 30ec.3598: Machine: 0x8664 - amd64 30ec.3598: Timestamp: 0x5315a05a 30ec.3598: Image Version: 6.1 30ec.3598: SizeOfImage: 0x6c000 (442368) 30ec.3598: Resource Dir: 0x6a000 LB 0x530 30ec.3598: ProductName: Microsoft® Windows® Operating System 30ec.3598: ProductVersion: 6.1.7601.18409 30ec.3598: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 30ec.3598: FileDescription: Windows NT BASE API Client DLL 30ec.3598: \SystemRoot\System32\apisetschema.dll: 30ec.3598: CreationTime: 2013-12-16T17:56:13.802401900Z 30ec.3598: LastWriteTime: 2013-08-02T02:12:20.275000000Z 30ec.3598: ChangeTime: 2013-12-16T18:05:58.609157900Z 30ec.3598: FileAttributes: 0x20 30ec.3598: Size: 0x1a00 30ec.3598: NT Headers: 0xc0 30ec.3598: Timestamp: 0x51fb15ca 30ec.3598: Machine: 0x8664 - amd64 30ec.3598: Timestamp: 0x51fb15ca 30ec.3598: Image Version: 6.1 30ec.3598: SizeOfImage: 0x50000 (327680) 30ec.3598: Resource Dir: 0x30000 LB 0x3f8 30ec.3598: ProductName: Microsoft® Windows® Operating System 30ec.3598: ProductVersion: 6.1.7601.18229 30ec.3598: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 30ec.3598: FileDescription: ApiSet Schema DLL 30ec.3598: Found driver mfewfpk (0x20) 30ec.3598: Found driver mfehidk (0x20) 30ec.3598: Found driver mfeavfk (0x20) 30ec.3598: Found driver mfeapfk (0x20) 30ec.3598: supR3HardenedWinFindAdversaries: 0x20 30ec.3598: \SystemRoot\System32\drivers\mfeapfk.sys: 30ec.3598: CreationTime: 2012-10-17T18:56:17.872816300Z 30ec.3598: LastWriteTime: 2014-05-15T00:07:10.555346300Z 30ec.3598: ChangeTime: 2014-05-15T00:08:11.530443200Z 30ec.3598: FileAttributes: 0x20 30ec.3598: Size: 0x2c030 30ec.3598: NT Headers: 0xe8 30ec.3598: Timestamp: 0x52ab7fef 30ec.3598: Machine: 0x8664 - amd64 30ec.3598: Timestamp: 0x52ab7fef 30ec.3598: Image Version: 0.0 30ec.3598: SizeOfImage: 0x29d00 (171264) 30ec.3598: Resource Dir: 0x29500 LB 0x340 30ec.3598: ProductName: SYSCORE 30ec.3598: FileVersion: SYSCORE.15.1.0.656 30ec.3598: PrivateBuild: SYSCORE.15.1.0.656 F16 30ec.3598: FileDescription: Access Protection Filter Driver 30ec.3598: \SystemRoot\System32\drivers\mfeavfk.sys: 30ec.3598: CreationTime: 2012-10-17T18:56:17.794808800Z 30ec.3598: LastWriteTime: 2014-05-15T00:07:10.796370400Z 30ec.3598: ChangeTime: 2014-05-15T00:07:10.796370400Z 30ec.3598: FileAttributes: 0x20 30ec.3598: Size: 0x4c130 30ec.3598: NT Headers: 0xf0 30ec.3598: Timestamp: 0x52ab8004 30ec.3598: Machine: 0x8664 - amd64 30ec.3598: Timestamp: 0x52ab8004 30ec.3598: Image Version: 0.0 30ec.3598: SizeOfImage: 0x49b00 (301824) 30ec.3598: Resource Dir: 0x48d00 LB 0x718 30ec.3598: ProductName: SYSCORE 30ec.3598: FileVersion: SYSCORE.15.1.0.656 30ec.3598: PrivateBuild: SYSCORE.15.1.0.656 F15,F16,F19 30ec.3598: FileDescription: Anti-Virus File System Filter Driver 30ec.3598: \SystemRoot\System32\drivers\mfehidk.sys: 30ec.3598: CreationTime: 2012-10-17T18:56:17.420372800Z 30ec.3598: LastWriteTime: 2014-05-15T00:07:11.104401200Z 30ec.3598: ChangeTime: 2014-05-21T02:04:37.589297600Z 30ec.3598: FileAttributes: 0x20 30ec.3598: Size: 0xbf278 30ec.3598: NT Headers: 0xf0 30ec.3598: Timestamp: 0x52ab7fc4 30ec.3598: Machine: 0x8664 - amd64 30ec.3598: Timestamp: 0x52ab7fc4 30ec.3598: Image Version: 0.0 30ec.3598: SizeOfImage: 0xbc180 (770432) 30ec.3598: Resource Dir: 0xb9b80 LB 0x348 30ec.3598: ProductName: SYSCORE 30ec.3598: FileVersion: SYSCORE.15.1.0.656 30ec.3598: PrivateBuild: SYSCORE.15.1.0.656 F14,F15,F16,F18,F20 30ec.3598: FileDescription: McAfee Link Driver 30ec.3598: \SystemRoot\System32\drivers\mfewfpk.sys: 30ec.3598: CreationTime: 2012-10-17T18:56:14.924132800Z 30ec.3598: LastWriteTime: 2014-05-15T00:07:11.566447400Z 30ec.3598: ChangeTime: 2014-05-21T02:04:37.613302400Z 30ec.3598: FileAttributes: 0x20 30ec.3598: Size: 0x54070 30ec.3598: NT Headers: 0xf0 30ec.3598: Timestamp: 0x52ab7fd3 30ec.3598: Machine: 0x8664 - amd64 30ec.3598: Timestamp: 0x52ab7fd3 30ec.3598: Image Version: 0.0 30ec.3598: SizeOfImage: 0x51980 (334208) 30ec.3598: Resource Dir: 0x50e80 LB 0x348 30ec.3598: ProductName: SYSCORE 30ec.3598: FileVersion: SYSCORE.15.1.0.656 30ec.3598: PrivateBuild: SYSCORE.15.1.0.656 F17,F18 30ec.3598: FileDescription: Anti-Virus Mini-Firewall Driver 30ec.3598: Calling main() 30ec.3598: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 30ec.3598: SUPR3HardenedMain: Respawn #1 30ec.3598: System32: \Device\HarddiskVolume1\Windows\System32 30ec.3598: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 30ec.3598: KnownDllPath: C:\WINDOWS\system32 30ec.3598: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 30ec.3598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 30ec.3598: supR3HardNtEnableThreadCreation: 30ec.3598: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007773c340 pvNtTerminateThread=00000000777617e0 30ec.3598: supR3HardenedWinDoReSpawn(1): New child 36a8.b5c [kernel32]. 30ec.3598: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380 30ec.3598: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077710000 uNtDllChildAddr=0000000077710000 30ec.3598: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007773c340 30ec.3598: supR3HardenedWinSetupChildInit: Start child. 30ec.3598: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 12 ms. 30ec.3598: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps 30ec.3598: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 30ec.3598: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 30ec.3598: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 30ec.3598: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 30ec.3598: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 30ec.3598: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 30ec.3598: 0000000000041000-fffffffffff41fff 0x0001/0x0000 0x0000000 30ec.3598: *0000000000140000-0000000000043fff 0x0000/0x0004 0x0020000 30ec.3598: 000000000023c000-0000000000238fff 0x0104/0x0004 0x0020000 30ec.3598: 000000000023f000-000000000023dfff 0x0004/0x0004 0x0020000 30ec.3598: 0000000000240000-ffffffff88d6ffff 0x0001/0x0000 0x0000000 30ec.3598: *0000000077710000-000000007770efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 30ec.3598: 0000000077711000-000000007760efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 30ec.3598: 0000000077813000-00000000777e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 30ec.3598: 0000000077842000-0000000077839fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 30ec.3598: 000000007784a000-0000000077848fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 30ec.3598: 000000007784b000-0000000077847fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 30ec.3598: 000000007784e000-00000000777e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 30ec.3598: 00000000778b9000-0000000070191fff 0x0001/0x0000 0x0000000 30ec.3598: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 30ec.3598: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 30ec.3598: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 30ec.3598: 000000007fff0000-ffffffffc09dffff 0x0001/0x0000 0x0000000 30ec.3598: *000000013f600000-000000013f5fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f601000-000000013f57cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f685000-000000013f683fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f686000-000000013f648fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f6c3000-000000013f6c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f6c4000-000000013f6c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f6c5000-000000013f6c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f6c7000-000000013f6c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f6c8000-000000013f6c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f6c9000-000000013f6c4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f6cd000-000000013f693fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 30ec.3598: 000000013f706000-fffff8037f3dbfff 0x0001/0x0000 0x0000000 30ec.3598: *000007feffa30000-000007feffa2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 30ec.3598: 000007feffa31000-000007fdff4b1fff 0x0001/0x0000 0x0000000 30ec.3598: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 30ec.3598: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000 30ec.3598: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000 30ec.3598: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 30ec.3598: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 30ec.3598: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 30ec.3598: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 30ec.3598: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 30ec.3598: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 30ec.3598: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 30ec.3598: supR3HardNtChildPurify: Done after 542 ms and 0 fixes (loop #0). 30ec.3598: supR3HardNtEnableThreadCreation: 36a8.b5c: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 36a8.b5c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077710000 36a8.b5c: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS) 36a8.b5c: New simple heap: #1 0000000000340000 LB 0x400000 (for 1740800 allocation) 36a8.b5c: System32: \Device\HarddiskVolume1\Windows\System32 36a8.b5c: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 36a8.b5c: KnownDllPath: C:\WINDOWS\system32 36a8.b5c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 36a8.b5c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 36a8.b5c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 36a8.b5c: Registered Dll notification callback with NTDLL. 36a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 36a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 36a8.b5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 36a8.b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedDllNotificationCallback: load 00000000774f0000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0] 36a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0006c000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 36a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 36a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 36a8.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774f0000 'C:\WINDOWS\system32\kernel32.dll' 36a8.b5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007773c340 pvNtTerminateThread=00000000777617e0 30ec.3598: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 33 ms. 36a8.b5c: \SystemRoot\System32\ntdll.dll: 36a8.b5c: CreationTime: 2013-12-16T17:46:21.136494200Z 36a8.b5c: LastWriteTime: 2013-08-29T02:16:35.515578900Z 36a8.b5c: ChangeTime: 2013-12-16T18:05:56.519173300Z 36a8.b5c: FileAttributes: 0x20 36a8.b5c: Size: 0x1a6dc0 36a8.b5c: NT Headers: 0xe0 36a8.b5c: Timestamp: 0x521eaf24 36a8.b5c: Machine: 0x8664 - amd64 36a8.b5c: Timestamp: 0x521eaf24 36a8.b5c: Image Version: 6.1 36a8.b5c: SizeOfImage: 0x1a9000 (1740800) 36a8.b5c: Resource Dir: 0x151000 LB 0x560d8 36a8.b5c: ProductName: Microsoft® Windows® Operating System 36a8.b5c: ProductVersion: 6.1.7601.18247 36a8.b5c: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 36a8.b5c: FileDescription: NT Layer DLL 36a8.b5c: \SystemRoot\System32\kernel32.dll: 36a8.b5c: CreationTime: 2014-05-02T19:09:02.954739200Z 36a8.b5c: LastWriteTime: 2014-03-04T09:44:00.336000000Z 36a8.b5c: ChangeTime: 2014-05-02T20:39:36.806070000Z 36a8.b5c: FileAttributes: 0x20 36a8.b5c: Size: 0x11c000 36a8.b5c: NT Headers: 0xe8 36a8.b5c: Timestamp: 0x5315a059 36a8.b5c: Machine: 0x8664 - amd64 36a8.b5c: Timestamp: 0x5315a059 36a8.b5c: Image Version: 6.1 36a8.b5c: SizeOfImage: 0x11f000 (1175552) 36a8.b5c: Resource Dir: 0x116000 LB 0x528 36a8.b5c: ProductName: Microsoft® Windows® Operating System 36a8.b5c: ProductVersion: 6.1.7601.18409 36a8.b5c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 36a8.b5c: FileDescription: Windows NT BASE API Client DLL 36a8.b5c: \SystemRoot\System32\KernelBase.dll: 36a8.b5c: CreationTime: 2014-05-30T19:04:20.610299900Z 36a8.b5c: LastWriteTime: 2014-03-04T09:44:00.336000000Z 36a8.b5c: ChangeTime: 2014-05-30T20:35:31.675299900Z 36a8.b5c: FileAttributes: 0x20 36a8.b5c: Size: 0x67c00 36a8.b5c: NT Headers: 0xe8 36a8.b5c: Timestamp: 0x5315a05a 36a8.b5c: Machine: 0x8664 - amd64 36a8.b5c: Timestamp: 0x5315a05a 36a8.b5c: Image Version: 6.1 36a8.b5c: SizeOfImage: 0x6c000 (442368) 36a8.b5c: Resource Dir: 0x6a000 LB 0x530 36a8.b5c: ProductName: Microsoft® Windows® Operating System 36a8.b5c: ProductVersion: 6.1.7601.18409 36a8.b5c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 36a8.b5c: FileDescription: Windows NT BASE API Client DLL 36a8.b5c: \SystemRoot\System32\apisetschema.dll: 36a8.b5c: CreationTime: 2013-12-16T17:56:13.802401900Z 36a8.b5c: LastWriteTime: 2013-08-02T02:12:20.275000000Z 36a8.b5c: ChangeTime: 2013-12-16T18:05:58.609157900Z 36a8.b5c: FileAttributes: 0x20 36a8.b5c: Size: 0x1a00 36a8.b5c: NT Headers: 0xc0 36a8.b5c: Timestamp: 0x51fb15ca 36a8.b5c: Machine: 0x8664 - amd64 36a8.b5c: Timestamp: 0x51fb15ca 36a8.b5c: Image Version: 6.1 36a8.b5c: SizeOfImage: 0x50000 (327680) 36a8.b5c: Resource Dir: 0x30000 LB 0x3f8 36a8.b5c: ProductName: Microsoft® Windows® Operating System 36a8.b5c: ProductVersion: 6.1.7601.18229 36a8.b5c: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 36a8.b5c: FileDescription: ApiSet Schema DLL 36a8.b5c: Found driver mfewfpk (0x20) 36a8.b5c: Found driver mfehidk (0x20) 36a8.b5c: Found driver mfeavfk (0x20) 36a8.b5c: Found driver mfeapfk (0x20) 36a8.b5c: supR3HardenedWinFindAdversaries: 0x20 36a8.b5c: \SystemRoot\System32\drivers\mfeapfk.sys: 36a8.b5c: CreationTime: 2012-10-17T18:56:17.872816300Z 36a8.b5c: LastWriteTime: 2014-05-15T00:07:10.555346300Z 36a8.b5c: ChangeTime: 2014-05-15T00:08:11.530443200Z 36a8.b5c: FileAttributes: 0x20 36a8.b5c: Size: 0x2c030 36a8.b5c: NT Headers: 0xe8 36a8.b5c: Timestamp: 0x52ab7fef 36a8.b5c: Machine: 0x8664 - amd64 36a8.b5c: Timestamp: 0x52ab7fef 36a8.b5c: Image Version: 0.0 36a8.b5c: SizeOfImage: 0x29d00 (171264) 36a8.b5c: Resource Dir: 0x29500 LB 0x340 36a8.b5c: ProductName: SYSCORE 36a8.b5c: FileVersion: SYSCORE.15.1.0.656 36a8.b5c: PrivateBuild: SYSCORE.15.1.0.656 F16 36a8.b5c: FileDescription: Access Protection Filter Driver 36a8.b5c: \SystemRoot\System32\drivers\mfeavfk.sys: 36a8.b5c: CreationTime: 2012-10-17T18:56:17.794808800Z 36a8.b5c: LastWriteTime: 2014-05-15T00:07:10.796370400Z 36a8.b5c: ChangeTime: 2014-05-15T00:07:10.796370400Z 36a8.b5c: FileAttributes: 0x20 36a8.b5c: Size: 0x4c130 36a8.b5c: NT Headers: 0xf0 36a8.b5c: Timestamp: 0x52ab8004 36a8.b5c: Machine: 0x8664 - amd64 36a8.b5c: Timestamp: 0x52ab8004 36a8.b5c: Image Version: 0.0 36a8.b5c: SizeOfImage: 0x49b00 (301824) 36a8.b5c: Resource Dir: 0x48d00 LB 0x718 36a8.b5c: ProductName: SYSCORE 36a8.b5c: FileVersion: SYSCORE.15.1.0.656 36a8.b5c: PrivateBuild: SYSCORE.15.1.0.656 F15,F16,F19 36a8.b5c: FileDescription: Anti-Virus File System Filter Driver 36a8.b5c: \SystemRoot\System32\drivers\mfehidk.sys: 36a8.b5c: CreationTime: 2012-10-17T18:56:17.420372800Z 36a8.b5c: LastWriteTime: 2014-05-15T00:07:11.104401200Z 36a8.b5c: ChangeTime: 2014-05-21T02:04:37.589297600Z 36a8.b5c: FileAttributes: 0x20 36a8.b5c: Size: 0xbf278 36a8.b5c: NT Headers: 0xf0 36a8.b5c: Timestamp: 0x52ab7fc4 36a8.b5c: Machine: 0x8664 - amd64 36a8.b5c: Timestamp: 0x52ab7fc4 36a8.b5c: Image Version: 0.0 36a8.b5c: SizeOfImage: 0xbc180 (770432) 36a8.b5c: Resource Dir: 0xb9b80 LB 0x348 36a8.b5c: ProductName: SYSCORE 36a8.b5c: FileVersion: SYSCORE.15.1.0.656 36a8.b5c: PrivateBuild: SYSCORE.15.1.0.656 F14,F15,F16,F18,F20 36a8.b5c: FileDescription: McAfee Link Driver 36a8.b5c: \SystemRoot\System32\drivers\mfewfpk.sys: 36a8.b5c: CreationTime: 2012-10-17T18:56:14.924132800Z 36a8.b5c: LastWriteTime: 2014-05-15T00:07:11.566447400Z 36a8.b5c: ChangeTime: 2014-05-21T02:04:37.613302400Z 36a8.b5c: FileAttributes: 0x20 36a8.b5c: Size: 0x54070 36a8.b5c: NT Headers: 0xf0 36a8.b5c: Timestamp: 0x52ab7fd3 36a8.b5c: Machine: 0x8664 - amd64 36a8.b5c: Timestamp: 0x52ab7fd3 36a8.b5c: Image Version: 0.0 36a8.b5c: SizeOfImage: 0x51980 (334208) 36a8.b5c: Resource Dir: 0x50e80 LB 0x348 36a8.b5c: ProductName: SYSCORE 36a8.b5c: FileVersion: SYSCORE.15.1.0.656 36a8.b5c: PrivateBuild: SYSCORE.15.1.0.656 F17,F18 36a8.b5c: FileDescription: Anti-Virus Mini-Firewall Driver 36a8.b5c: Calling main() 36a8.b5c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 36a8.b5c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 36a8.b5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 36a8.b5c: SUPR3HardenedMain: Respawn #2 36a8.b5c: supR3HardNtEnableThreadCreation: 36a8.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 36a8.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 36a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) 36a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll 36a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 36a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 36a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 36a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 36a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 36a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 36a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 36a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 36a8.b5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000: [calling] 36a8.b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefe520000 LB 0x000db000 C:\WINDOWS\system32\ADVAPI32.DLL [fFlags=0x0] 36a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedDllNotificationCallback: load 000007feff560000 LB 0x0009f000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 36a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 36a8.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 36a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) 36a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll 36a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefe730000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0] 36a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0012d000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 36a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe520000 'C:\WINDOWS\system32\ADVAPI32.DLL' 36a8.b5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) 36a8.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll 36a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 36a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 36a8.b5c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 36a8.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 36a8.b5c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 36a8.b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00057000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0] 36a8.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd980000 'C:\WINDOWS\system32\apphelp.dll' 36a8.b5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007773c340 pvNtTerminateThread=00000000777617e0 36a8.b5c: supR3HardenedWinDoReSpawn(2): New child 13c8.2bd0 [kernel32]. 36a8.b5c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380 36a8.b5c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077710000 uNtDllChildAddr=0000000077710000 36a8.b5c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007773c340 36a8.b5c: supR3HardenedWinSetupChildInit: Start child. 36a8.b5c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 15 ms. 36a8.b5c: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 64 sleeps 36a8.b5c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 36a8.b5c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 36a8.b5c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 36a8.b5c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 36a8.b5c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 36a8.b5c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 36a8.b5c: 0000000000041000-ffffffffffed1fff 0x0001/0x0000 0x0000000 36a8.b5c: *00000000001b0000-00000000000b3fff 0x0000/0x0004 0x0020000 36a8.b5c: 00000000002ac000-00000000002a8fff 0x0104/0x0004 0x0020000 36a8.b5c: 00000000002af000-00000000002adfff 0x0004/0x0004 0x0020000 36a8.b5c: 00000000002b0000-ffffffff88e4ffff 0x0001/0x0000 0x0000000 36a8.b5c: *0000000077710000-000000007770efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 36a8.b5c: 0000000077711000-000000007760efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 36a8.b5c: 0000000077813000-00000000777e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 36a8.b5c: 0000000077842000-0000000077839fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 36a8.b5c: 000000007784a000-0000000077848fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 36a8.b5c: 000000007784b000-0000000077847fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 36a8.b5c: 000000007784e000-00000000777e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 36a8.b5c: 00000000778b9000-0000000070191fff 0x0001/0x0000 0x0000000 36a8.b5c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 36a8.b5c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 36a8.b5c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 36a8.b5c: 000000007fff0000-ffffffffc09dffff 0x0001/0x0000 0x0000000 36a8.b5c: *000000013f600000-000000013f5fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f601000-000000013f57cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f685000-000000013f683fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f686000-000000013f648fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f6c3000-000000013f6c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f6c4000-000000013f6c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f6c5000-000000013f6c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f6c7000-000000013f6c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f6c8000-000000013f6c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f6c9000-000000013f6c4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f6cd000-000000013f693fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 36a8.b5c: 000000013f706000-fffff8037f3dbfff 0x0001/0x0000 0x0000000 36a8.b5c: *000007feffa30000-000007feffa2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 36a8.b5c: 000007feffa31000-000007fdff4b1fff 0x0001/0x0000 0x0000000 36a8.b5c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 36a8.b5c: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000 36a8.b5c: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000 36a8.b5c: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000 36a8.b5c: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000 36a8.b5c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 36a8.b5c: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 36a8.b5c: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 36a8.b5c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 36a8.b5c: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 36a8.b5c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 36a8.b5c: supR3HardNtChildPurify: Done after 538 ms and 0 fixes (loop #0). 36a8.b5c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000340000 LB 0x400000) 36a8.b5c: supR3HardNtEnableThreadCreation: 13c8.2bd0: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 13c8.2bd0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077710000 13c8.2bd0: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS) 13c8.2bd0: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1740800 allocation) 13c8.2bd0: System32: \Device\HarddiskVolume1\Windows\System32 13c8.2bd0: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 13c8.2bd0: KnownDllPath: C:\WINDOWS\system32 13c8.2bd0: supR3HardenedVmProcessInit: Opening vboxdrv... 13c8.2bd0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 13c8.2bd0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 13c8.2bd0: Registered Dll notification callback with NTDLL. 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 13c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 00000000774f0000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0006c000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774f0000 'C:\WINDOWS\system32\kernel32.dll' 13c8.2bd0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007773c340 pvNtTerminateThread=00000000777617e0 36a8.b5c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 35 ms. 13c8.2bd0: \SystemRoot\System32\ntdll.dll: 13c8.2bd0: CreationTime: 2013-12-16T17:46:21.136494200Z 13c8.2bd0: LastWriteTime: 2013-08-29T02:16:35.515578900Z 13c8.2bd0: ChangeTime: 2013-12-16T18:05:56.519173300Z 13c8.2bd0: FileAttributes: 0x20 13c8.2bd0: Size: 0x1a6dc0 13c8.2bd0: NT Headers: 0xe0 13c8.2bd0: Timestamp: 0x521eaf24 13c8.2bd0: Machine: 0x8664 - amd64 13c8.2bd0: Timestamp: 0x521eaf24 13c8.2bd0: Image Version: 6.1 13c8.2bd0: SizeOfImage: 0x1a9000 (1740800) 13c8.2bd0: Resource Dir: 0x151000 LB 0x560d8 13c8.2bd0: ProductName: Microsoft® Windows® Operating System 13c8.2bd0: ProductVersion: 6.1.7601.18247 13c8.2bd0: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 13c8.2bd0: FileDescription: NT Layer DLL 13c8.2bd0: \SystemRoot\System32\kernel32.dll: 13c8.2bd0: CreationTime: 2014-05-02T19:09:02.954739200Z 13c8.2bd0: LastWriteTime: 2014-03-04T09:44:00.336000000Z 13c8.2bd0: ChangeTime: 2014-05-02T20:39:36.806070000Z 13c8.2bd0: FileAttributes: 0x20 13c8.2bd0: Size: 0x11c000 13c8.2bd0: NT Headers: 0xe8 13c8.2bd0: Timestamp: 0x5315a059 13c8.2bd0: Machine: 0x8664 - amd64 13c8.2bd0: Timestamp: 0x5315a059 13c8.2bd0: Image Version: 6.1 13c8.2bd0: SizeOfImage: 0x11f000 (1175552) 13c8.2bd0: Resource Dir: 0x116000 LB 0x528 13c8.2bd0: ProductName: Microsoft® Windows® Operating System 13c8.2bd0: ProductVersion: 6.1.7601.18409 13c8.2bd0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 13c8.2bd0: FileDescription: Windows NT BASE API Client DLL 13c8.2bd0: \SystemRoot\System32\KernelBase.dll: 13c8.2bd0: CreationTime: 2014-05-30T19:04:20.610299900Z 13c8.2bd0: LastWriteTime: 2014-03-04T09:44:00.336000000Z 13c8.2bd0: ChangeTime: 2014-05-30T20:35:31.675299900Z 13c8.2bd0: FileAttributes: 0x20 13c8.2bd0: Size: 0x67c00 13c8.2bd0: NT Headers: 0xe8 13c8.2bd0: Timestamp: 0x5315a05a 13c8.2bd0: Machine: 0x8664 - amd64 13c8.2bd0: Timestamp: 0x5315a05a 13c8.2bd0: Image Version: 6.1 13c8.2bd0: SizeOfImage: 0x6c000 (442368) 13c8.2bd0: Resource Dir: 0x6a000 LB 0x530 13c8.2bd0: ProductName: Microsoft® Windows® Operating System 13c8.2bd0: ProductVersion: 6.1.7601.18409 13c8.2bd0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 13c8.2bd0: FileDescription: Windows NT BASE API Client DLL 13c8.2bd0: \SystemRoot\System32\apisetschema.dll: 13c8.2bd0: CreationTime: 2013-12-16T17:56:13.802401900Z 13c8.2bd0: LastWriteTime: 2013-08-02T02:12:20.275000000Z 13c8.2bd0: ChangeTime: 2013-12-16T18:05:58.609157900Z 13c8.2bd0: FileAttributes: 0x20 13c8.2bd0: Size: 0x1a00 13c8.2bd0: NT Headers: 0xc0 13c8.2bd0: Timestamp: 0x51fb15ca 13c8.2bd0: Machine: 0x8664 - amd64 13c8.2bd0: Timestamp: 0x51fb15ca 13c8.2bd0: Image Version: 6.1 13c8.2bd0: SizeOfImage: 0x50000 (327680) 13c8.2bd0: Resource Dir: 0x30000 LB 0x3f8 13c8.2bd0: ProductName: Microsoft® Windows® Operating System 13c8.2bd0: ProductVersion: 6.1.7601.18229 13c8.2bd0: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 13c8.2bd0: FileDescription: ApiSet Schema DLL 13c8.2bd0: Found driver mfewfpk (0x20) 13c8.2bd0: Found driver mfehidk (0x20) 13c8.2bd0: Found driver mfeavfk (0x20) 13c8.2bd0: Found driver mfeapfk (0x20) 13c8.2bd0: supR3HardenedWinFindAdversaries: 0x20 13c8.2bd0: \SystemRoot\System32\drivers\mfeapfk.sys: 13c8.2bd0: CreationTime: 2012-10-17T18:56:17.872816300Z 13c8.2bd0: LastWriteTime: 2014-05-15T00:07:10.555346300Z 13c8.2bd0: ChangeTime: 2014-05-15T00:08:11.530443200Z 13c8.2bd0: FileAttributes: 0x20 13c8.2bd0: Size: 0x2c030 13c8.2bd0: NT Headers: 0xe8 13c8.2bd0: Timestamp: 0x52ab7fef 13c8.2bd0: Machine: 0x8664 - amd64 13c8.2bd0: Timestamp: 0x52ab7fef 13c8.2bd0: Image Version: 0.0 13c8.2bd0: SizeOfImage: 0x29d00 (171264) 13c8.2bd0: Resource Dir: 0x29500 LB 0x340 13c8.2bd0: ProductName: SYSCORE 13c8.2bd0: FileVersion: SYSCORE.15.1.0.656 13c8.2bd0: PrivateBuild: SYSCORE.15.1.0.656 F16 13c8.2bd0: FileDescription: Access Protection Filter Driver 13c8.2bd0: \SystemRoot\System32\drivers\mfeavfk.sys: 13c8.2bd0: CreationTime: 2012-10-17T18:56:17.794808800Z 13c8.2bd0: LastWriteTime: 2014-05-15T00:07:10.796370400Z 13c8.2bd0: ChangeTime: 2014-05-15T00:07:10.796370400Z 13c8.2bd0: FileAttributes: 0x20 13c8.2bd0: Size: 0x4c130 13c8.2bd0: NT Headers: 0xf0 13c8.2bd0: Timestamp: 0x52ab8004 13c8.2bd0: Machine: 0x8664 - amd64 13c8.2bd0: Timestamp: 0x52ab8004 13c8.2bd0: Image Version: 0.0 13c8.2bd0: SizeOfImage: 0x49b00 (301824) 13c8.2bd0: Resource Dir: 0x48d00 LB 0x718 13c8.2bd0: ProductName: SYSCORE 13c8.2bd0: FileVersion: SYSCORE.15.1.0.656 13c8.2bd0: PrivateBuild: SYSCORE.15.1.0.656 F15,F16,F19 13c8.2bd0: FileDescription: Anti-Virus File System Filter Driver 13c8.2bd0: \SystemRoot\System32\drivers\mfehidk.sys: 13c8.2bd0: CreationTime: 2012-10-17T18:56:17.420372800Z 13c8.2bd0: LastWriteTime: 2014-05-15T00:07:11.104401200Z 13c8.2bd0: ChangeTime: 2014-05-21T02:04:37.589297600Z 13c8.2bd0: FileAttributes: 0x20 13c8.2bd0: Size: 0xbf278 13c8.2bd0: NT Headers: 0xf0 13c8.2bd0: Timestamp: 0x52ab7fc4 13c8.2bd0: Machine: 0x8664 - amd64 13c8.2bd0: Timestamp: 0x52ab7fc4 13c8.2bd0: Image Version: 0.0 13c8.2bd0: SizeOfImage: 0xbc180 (770432) 13c8.2bd0: Resource Dir: 0xb9b80 LB 0x348 13c8.2bd0: ProductName: SYSCORE 13c8.2bd0: FileVersion: SYSCORE.15.1.0.656 13c8.2bd0: PrivateBuild: SYSCORE.15.1.0.656 F14,F15,F16,F18,F20 13c8.2bd0: FileDescription: McAfee Link Driver 13c8.2bd0: \SystemRoot\System32\drivers\mfewfpk.sys: 13c8.2bd0: CreationTime: 2012-10-17T18:56:14.924132800Z 13c8.2bd0: LastWriteTime: 2014-05-15T00:07:11.566447400Z 13c8.2bd0: ChangeTime: 2014-05-21T02:04:37.613302400Z 13c8.2bd0: FileAttributes: 0x20 13c8.2bd0: Size: 0x54070 13c8.2bd0: NT Headers: 0xf0 13c8.2bd0: Timestamp: 0x52ab7fd3 13c8.2bd0: Machine: 0x8664 - amd64 13c8.2bd0: Timestamp: 0x52ab7fd3 13c8.2bd0: Image Version: 0.0 13c8.2bd0: SizeOfImage: 0x51980 (334208) 13c8.2bd0: Resource Dir: 0x50e80 LB 0x348 13c8.2bd0: ProductName: SYSCORE 13c8.2bd0: FileVersion: SYSCORE.15.1.0.656 13c8.2bd0: PrivateBuild: SYSCORE.15.1.0.656 F17,F18 13c8.2bd0: FileDescription: Anti-Virus Mini-Firewall Driver 13c8.2bd0: Calling main() 13c8.2bd0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 13c8.2bd0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 13c8.2bd0: SUPR3HardenedMain: Final process, opening VBoxDrv... 13c8.2bd0: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002b0000 LB 0x400000) 13c8.2bd0: supR3HardNtEnableThreadCreation: 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008947a0:C:\WINDOWS\system32 [calling] 13c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefa730000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008947a0:C:\WINDOWS\system32 [calling] 13c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefdc20000 LB 0x0003a000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007feff560000 LB 0x0009f000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefdd30000 LB 0x0016c000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefdc10000 LB 0x0000f000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0012d000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc20000 'C:\WINDOWS\system32\Wintrust.dll' 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling] 13c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefd450000 LB 0x00017000 C:\WINDOWS\system32\CRYPTSP.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\WINDOWS\system32\CRYPTSP.dll' 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling] 13c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefd010000 LB 0x00047000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd010000 'C:\WINDOWS\system32\rsaenh.dll' 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling] 13c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefe520000 LB 0x000db000 C:\WINDOWS\system32\ADVAPI32.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 13c8.2bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefe730000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe520000 'C:\WINDOWS\system32\ADVAPI32.dll' 13c8.2bd0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll) 13c8.2bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.2bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.2bd0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000894fc0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\1E\NomadBranch\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Envitia\MapLink Pro\7.1\bin;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Enterprise Vault\EVClient\;C:\Program Files\Microsoft Windows Performance Toolkit\ [calling] 13c8.2bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x0000f000 C:\WINDOWS\system32\CRYPTBASE.dll [fFlags=0x0] 13c8.2bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 13c8.2bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\WINDOWS\system32\CRYPTBASE.dll' 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\version.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 13c8.3134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 13c8.3134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll) 13c8.3134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 13c8.3134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 13c8.3134: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 13c8.3134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 13c8.3134: supR3HardenedDllNotificationCallback: load 000007fefda80000 LB 0x0002d000 C:\WINDOWS\system32\privman64.dll [fFlags=0x0] 13c8.3134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 36a8.b5c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1368 ms, the end); 30ec.3598: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1993 ms, the end);