99c.f54: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110 99c.f54: \SystemRoot\System32\ntdll.dll: 99c.f54: CreationTime: 2013-10-09T09:28:18.281672300Z 99c.f54: LastWriteTime: 2013-08-29T02:16:35.515578900Z 99c.f54: ChangeTime: 2013-10-10T15:02:52.780847600Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x1a6dc0 99c.f54: NT Headers: 0xe0 99c.f54: Timestamp: 0x521eaf24 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x521eaf24 99c.f54: Image Version: 6.1 99c.f54: SizeOfImage: 0x1a9000 (1740800) 99c.f54: Resource Dir: 0x151000 LB 0x560d8 99c.f54: ProductName: Microsoft® Windows® Operating System 99c.f54: ProductVersion: 6.1.7601.18247 99c.f54: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 99c.f54: FileDescription: NT Layer DLL 99c.f54: \SystemRoot\System32\kernel32.dll: 99c.f54: CreationTime: 2014-04-09T19:16:18.464175600Z 99c.f54: LastWriteTime: 2014-03-04T09:44:00.336000000Z 99c.f54: ChangeTime: 2014-04-14T14:05:07.417291600Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x11c000 99c.f54: NT Headers: 0xe8 99c.f54: Timestamp: 0x5315a059 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x5315a059 99c.f54: Image Version: 6.1 99c.f54: SizeOfImage: 0x11f000 (1175552) 99c.f54: Resource Dir: 0x116000 LB 0x528 99c.f54: ProductName: Microsoft® Windows® Operating System 99c.f54: ProductVersion: 6.1.7601.18409 99c.f54: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 99c.f54: FileDescription: Windows NT BASE API Client DLL 99c.f54: \SystemRoot\System32\KernelBase.dll: 99c.f54: CreationTime: 2014-05-15T16:48:03.938503500Z 99c.f54: LastWriteTime: 2014-03-04T09:44:00.336000000Z 99c.f54: ChangeTime: 2014-05-22T23:08:55.079063300Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x67c00 99c.f54: NT Headers: 0xe8 99c.f54: Timestamp: 0x5315a05a 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x5315a05a 99c.f54: Image Version: 6.1 99c.f54: SizeOfImage: 0x6c000 (442368) 99c.f54: Resource Dir: 0x6a000 LB 0x530 99c.f54: ProductName: Microsoft® Windows® Operating System 99c.f54: ProductVersion: 6.1.7601.18409 99c.f54: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 99c.f54: FileDescription: Windows NT BASE API Client DLL 99c.f54: \SystemRoot\System32\apisetschema.dll: 99c.f54: CreationTime: 2013-09-11T09:53:01.074440000Z 99c.f54: LastWriteTime: 2013-08-02T02:12:20.275000000Z 99c.f54: ChangeTime: 2013-09-11T10:20:39.245571700Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x1a00 99c.f54: NT Headers: 0xc0 99c.f54: Timestamp: 0x51fb15ca 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x51fb15ca 99c.f54: Image Version: 6.1 99c.f54: SizeOfImage: 0x50000 (327680) 99c.f54: Resource Dir: 0x30000 LB 0x3f8 99c.f54: ProductName: Microsoft® Windows® Operating System 99c.f54: ProductVersion: 6.1.7601.18229 99c.f54: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 99c.f54: FileDescription: ApiSet Schema DLL 99c.f54: Found driver KLIM6 (0x40) 99c.f54: Found driver kl1 (0x40) 99c.f54: Found driver kneps (0x40) 99c.f54: Found driver kltdi (0x40) 99c.f54: supR3HardenedWinFindAdversaries: 0x40 99c.f54: \SystemRoot\System32\drivers\kl1.sys: 99c.f54: CreationTime: 2012-06-20T00:28:12.000000000Z 99c.f54: LastWriteTime: 2012-06-20T00:28:12.000000000Z 99c.f54: ChangeTime: 2013-07-08T12:26:18.046592700Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x6ff58 99c.f54: NT Headers: 0xe0 99c.f54: Timestamp: 0x4fe07e33 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x4fe07e33 99c.f54: Image Version: 0.0 99c.f54: SizeOfImage: 0x75e000 (7725056) 99c.f54: Resource Dir: 0x75c000 LB 0x448 99c.f54: ProductName: Kaspersky Anti-Virus 99c.f54: ProductVersion: 6.0.1.949 99c.f54: FileVersion: 6.8.0.16 99c.f54: FileDescription: Kaspersky Unified Driver 99c.f54: \SystemRoot\System32\drivers\klflt.sys: 99c.f54: CreationTime: 2013-01-11T23:37:18.000000000Z 99c.f54: LastWriteTime: 2013-01-11T23:37:18.000000000Z 99c.f54: ChangeTime: 2013-08-05T18:34:37.267709900Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x17310 99c.f54: NT Headers: 0xf0 99c.f54: Timestamp: 0x50d2c9c2 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x50d2c9c2 99c.f54: Image Version: 6.0 99c.f54: SizeOfImage: 0x21000 (135168) 99c.f54: Resource Dir: 0x1f000 LB 0x370 99c.f54: ProductName: Kaspersky™ Anti-Virus ® 99c.f54: ProductVersion: 1.2.0.21 99c.f54: FileVersion: 1.2.0.21 99c.f54: FileDescription: Filter Core [fre_wlh_x64] 99c.f54: \SystemRoot\System32\drivers\klif.sys: 99c.f54: CreationTime: 2013-01-11T23:37:14.000000000Z 99c.f54: LastWriteTime: 2013-01-11T23:37:14.000000000Z 99c.f54: ChangeTime: 2013-08-05T18:34:37.220909900Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x9d510 99c.f54: NT Headers: 0x108 99c.f54: Timestamp: 0x50f005d0 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x50f005d0 99c.f54: Image Version: 6.0 99c.f54: SizeOfImage: 0xaa000 (696320) 99c.f54: Resource Dir: 0xa8000 LB 0x388 99c.f54: ProductName: Kaspersky™ Anti-Virus ® 99c.f54: ProductVersion: 8.12.0.293 99c.f54: FileVersion: 8.12.0.293 99c.f54: FileDescription: Klif Mini-Filter [fre_wlh_x64] 99c.f54: \SystemRoot\System32\drivers\klim6.sys: 99c.f54: CreationTime: 2012-11-23T21:18:54.000000000Z 99c.f54: LastWriteTime: 2012-11-23T21:18:54.000000000Z 99c.f54: ChangeTime: 2013-07-08T12:26:19.778592700Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x6f58 99c.f54: NT Headers: 0xf0 99c.f54: Timestamp: 0x50af4d8a 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x50af4d8a 99c.f54: Image Version: 6.0 99c.f54: SizeOfImage: 0xa000 (40960) 99c.f54: Resource Dir: 0x8000 LB 0x470 99c.f54: ProductName: Kaspersky Anti-Virus 99c.f54: ProductVersion: 6.0.1.964 99c.f54: FileVersion: 8.0.0.48 99c.f54: FileDescription: Kaspersky Lab Intermediate Network Driver 99c.f54: \SystemRoot\System32\drivers\kltdi.sys: 99c.f54: CreationTime: 2012-11-22T19:48:12.000000000Z 99c.f54: LastWriteTime: 2012-11-22T19:48:12.000000000Z 99c.f54: ChangeTime: 2013-08-05T18:34:33.991709900Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0xd358 99c.f54: NT Headers: 0x100 99c.f54: Timestamp: 0x50ade6c4 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x50ade6c4 99c.f54: Image Version: 6.1 99c.f54: SizeOfImage: 0x10000 (65536) 99c.f54: Resource Dir: 0xe000 LB 0x398 99c.f54: ProductName: Kaspersky™ Anti-Virus ® 99c.f54: ProductVersion: 1.2.0.10 99c.f54: FileVersion: 1.2.0.10 built by: WinDDK 99c.f54: FileDescription: Network filtering component 99c.f54: \SystemRoot\System32\drivers\kneps.sys: 99c.f54: CreationTime: 2012-11-17T00:46:58.000000000Z 99c.f54: LastWriteTime: 2012-11-17T00:46:58.000000000Z 99c.f54: ChangeTime: 2013-08-05T18:34:34.116509900Z 99c.f54: FileAttributes: 0x20 99c.f54: Size: 0x2b758 99c.f54: NT Headers: 0x118 99c.f54: Timestamp: 0x50a64376 99c.f54: Machine: 0x8664 - amd64 99c.f54: Timestamp: 0x50a64376 99c.f54: Image Version: 6.1 99c.f54: SizeOfImage: 0x2d000 (184320) 99c.f54: Resource Dir: 0x2b000 LB 0x378 99c.f54: ProductName: Kaspersky™ Anti-Virus ® 99c.f54: ProductVersion: 5.2.0.28 99c.f54: FileVersion: 5.2.0.28 built by: WinDDK 99c.f54: FileDescription: KNEPS Power 99c.f54: Calling main() 99c.f54: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 99c.f54: SUPR3HardenedMain: Respawn #1 99c.f54: System32: \Device\HarddiskVolume3\Windows\System32 99c.f54: WinSxS: \Device\HarddiskVolume3\Windows\winsxs 99c.f54: KnownDllPath: C:\Windows\system32 99c.f54: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 99c.f54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 99c.f54: supR3HardNtEnableThreadCreation: 99c.f54: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770bc340 pvNtTerminateThread=00000000770e17e0 99c.f54: supR3HardenedWinDoReSpawn(1): New child 1050.82c [kernel32]. 99c.f54: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380 99c.f54: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077090000 uNtDllChildAddr=0000000077090000 99c.f54: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770bc340 99c.f54: supR3HardenedWinSetupChildInit: Start child. 99c.f54: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 99c.f54: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps 99c.f54: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 99c.f54: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 99c.f54: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 99c.f54: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 99c.f54: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 99c.f54: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 99c.f54: 0000000000041000-ffffffffffee1fff 0x0001/0x0000 0x0000000 99c.f54: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000 99c.f54: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000 99c.f54: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000 99c.f54: 00000000002a0000-ffffffff894affff 0x0001/0x0000 0x0000000 99c.f54: *0000000077090000-000000007708efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 99c.f54: 0000000077091000-0000000076f8efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 99c.f54: 0000000077193000-0000000077163fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 99c.f54: 00000000771c2000-00000000771b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 99c.f54: 00000000771ca000-00000000771c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 99c.f54: 00000000771cb000-00000000771c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 99c.f54: 00000000771ce000-0000000077162fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 99c.f54: 0000000077239000-000000006f491fff 0x0001/0x0000 0x0000000 99c.f54: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 99c.f54: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 99c.f54: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 99c.f54: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000 99c.f54: *000000013f1f0000-000000013f1eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f1f1000-000000013f16cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f275000-000000013f273fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f276000-000000013f238fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f2b3000-000000013f2b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f2b4000-000000013f2b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f2b5000-000000013f2b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f2b7000-000000013f2b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f2b8000-000000013f2b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f2b9000-000000013f2b4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f2bd000-000000013f283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 99c.f54: 000000013f2f6000-fffff8037f23bfff 0x0001/0x0000 0x0000000 99c.f54: *000007feff3b0000-000007feff3aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll 99c.f54: 000007feff3b1000-000007fdfe7b1fff 0x0001/0x0000 0x0000000 99c.f54: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 99c.f54: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000 99c.f54: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000 99c.f54: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000 99c.f54: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000 99c.f54: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 99c.f54: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 99c.f54: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 99c.f54: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 99c.f54: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports 99c.f54: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 99c.f54: supR3HardNtChildPurify: Done after 543 ms and 0 fixes (loop #0). 1050.82c: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 1050.82c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077090000 99c.f54: supR3HardNtEnableThreadCreation: 1050.82c: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS) 1050.82c: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1740800 allocation) 1050.82c: System32: \Device\HarddiskVolume3\Windows\System32 1050.82c: WinSxS: \Device\HarddiskVolume3\Windows\winsxs 1050.82c: KnownDllPath: C:\Windows\system32 1050.82c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1050.82c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1050.82c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1050.82c: Registered Dll notification callback with NTDLL. 1050.82c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 1050.82c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1050.82c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1050.82c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1050.82c: supR3HardenedDllNotificationCallback: load 0000000076e70000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1050.82c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1050.82c: supR3HardenedDllNotificationCallback: load 000007fefcf70000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1050.82c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 1050.82c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1050.82c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll' 1050.82c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770bc340 pvNtTerminateThread=00000000770e17e0 99c.f54: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 17 ms. 1050.82c: \SystemRoot\System32\ntdll.dll: 1050.82c: CreationTime: 2013-10-09T09:28:18.281672300Z 1050.82c: LastWriteTime: 2013-08-29T02:16:35.515578900Z 1050.82c: ChangeTime: 2013-10-10T15:02:52.780847600Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x1a6dc0 1050.82c: NT Headers: 0xe0 1050.82c: Timestamp: 0x521eaf24 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x521eaf24 1050.82c: Image Version: 6.1 1050.82c: SizeOfImage: 0x1a9000 (1740800) 1050.82c: Resource Dir: 0x151000 LB 0x560d8 1050.82c: ProductName: Microsoft® Windows® Operating System 1050.82c: ProductVersion: 6.1.7601.18247 1050.82c: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 1050.82c: FileDescription: NT Layer DLL 1050.82c: \SystemRoot\System32\kernel32.dll: 1050.82c: CreationTime: 2014-04-09T19:16:18.464175600Z 1050.82c: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1050.82c: ChangeTime: 2014-04-14T14:05:07.417291600Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x11c000 1050.82c: NT Headers: 0xe8 1050.82c: Timestamp: 0x5315a059 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x5315a059 1050.82c: Image Version: 6.1 1050.82c: SizeOfImage: 0x11f000 (1175552) 1050.82c: Resource Dir: 0x116000 LB 0x528 1050.82c: ProductName: Microsoft® Windows® Operating System 1050.82c: ProductVersion: 6.1.7601.18409 1050.82c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1050.82c: FileDescription: Windows NT BASE API Client DLL 1050.82c: \SystemRoot\System32\KernelBase.dll: 1050.82c: CreationTime: 2014-05-15T16:48:03.938503500Z 1050.82c: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1050.82c: ChangeTime: 2014-05-22T23:08:55.079063300Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x67c00 1050.82c: NT Headers: 0xe8 1050.82c: Timestamp: 0x5315a05a 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x5315a05a 1050.82c: Image Version: 6.1 1050.82c: SizeOfImage: 0x6c000 (442368) 1050.82c: Resource Dir: 0x6a000 LB 0x530 1050.82c: ProductName: Microsoft® Windows® Operating System 1050.82c: ProductVersion: 6.1.7601.18409 1050.82c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1050.82c: FileDescription: Windows NT BASE API Client DLL 1050.82c: \SystemRoot\System32\apisetschema.dll: 1050.82c: CreationTime: 2013-09-11T09:53:01.074440000Z 1050.82c: LastWriteTime: 2013-08-02T02:12:20.275000000Z 1050.82c: ChangeTime: 2013-09-11T10:20:39.245571700Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x1a00 1050.82c: NT Headers: 0xc0 1050.82c: Timestamp: 0x51fb15ca 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x51fb15ca 1050.82c: Image Version: 6.1 1050.82c: SizeOfImage: 0x50000 (327680) 1050.82c: Resource Dir: 0x30000 LB 0x3f8 1050.82c: ProductName: Microsoft® Windows® Operating System 1050.82c: ProductVersion: 6.1.7601.18229 1050.82c: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 1050.82c: FileDescription: ApiSet Schema DLL 1050.82c: Found driver KLIM6 (0x40) 1050.82c: Found driver kl1 (0x40) 1050.82c: Found driver kneps (0x40) 1050.82c: Found driver kltdi (0x40) 1050.82c: supR3HardenedWinFindAdversaries: 0x40 1050.82c: \SystemRoot\System32\drivers\kl1.sys: 1050.82c: CreationTime: 2012-06-20T00:28:12.000000000Z 1050.82c: LastWriteTime: 2012-06-20T00:28:12.000000000Z 1050.82c: ChangeTime: 2013-07-08T12:26:18.046592700Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x6ff58 1050.82c: NT Headers: 0xe0 1050.82c: Timestamp: 0x4fe07e33 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x4fe07e33 1050.82c: Image Version: 0.0 1050.82c: SizeOfImage: 0x75e000 (7725056) 1050.82c: Resource Dir: 0x75c000 LB 0x448 1050.82c: ProductName: Kaspersky Anti-Virus 1050.82c: ProductVersion: 6.0.1.949 1050.82c: FileVersion: 6.8.0.16 1050.82c: FileDescription: Kaspersky Unified Driver 1050.82c: \SystemRoot\System32\drivers\klflt.sys: 1050.82c: CreationTime: 2013-01-11T23:37:18.000000000Z 1050.82c: LastWriteTime: 2013-01-11T23:37:18.000000000Z 1050.82c: ChangeTime: 2013-08-05T18:34:37.267709900Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x17310 1050.82c: NT Headers: 0xf0 1050.82c: Timestamp: 0x50d2c9c2 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x50d2c9c2 1050.82c: Image Version: 6.0 1050.82c: SizeOfImage: 0x21000 (135168) 1050.82c: Resource Dir: 0x1f000 LB 0x370 1050.82c: ProductName: Kaspersky™ Anti-Virus ® 1050.82c: ProductVersion: 1.2.0.21 1050.82c: FileVersion: 1.2.0.21 1050.82c: FileDescription: Filter Core [fre_wlh_x64] 1050.82c: \SystemRoot\System32\drivers\klif.sys: 1050.82c: CreationTime: 2013-01-11T23:37:14.000000000Z 1050.82c: LastWriteTime: 2013-01-11T23:37:14.000000000Z 1050.82c: ChangeTime: 2013-08-05T18:34:37.220909900Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x9d510 1050.82c: NT Headers: 0x108 1050.82c: Timestamp: 0x50f005d0 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x50f005d0 1050.82c: Image Version: 6.0 1050.82c: SizeOfImage: 0xaa000 (696320) 1050.82c: Resource Dir: 0xa8000 LB 0x388 1050.82c: ProductName: Kaspersky™ Anti-Virus ® 1050.82c: ProductVersion: 8.12.0.293 1050.82c: FileVersion: 8.12.0.293 1050.82c: FileDescription: Klif Mini-Filter [fre_wlh_x64] 1050.82c: \SystemRoot\System32\drivers\klim6.sys: 1050.82c: CreationTime: 2012-11-23T21:18:54.000000000Z 1050.82c: LastWriteTime: 2012-11-23T21:18:54.000000000Z 1050.82c: ChangeTime: 2013-07-08T12:26:19.778592700Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x6f58 1050.82c: NT Headers: 0xf0 1050.82c: Timestamp: 0x50af4d8a 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x50af4d8a 1050.82c: Image Version: 6.0 1050.82c: SizeOfImage: 0xa000 (40960) 1050.82c: Resource Dir: 0x8000 LB 0x470 1050.82c: ProductName: Kaspersky Anti-Virus 1050.82c: ProductVersion: 6.0.1.964 1050.82c: FileVersion: 8.0.0.48 1050.82c: FileDescription: Kaspersky Lab Intermediate Network Driver 1050.82c: \SystemRoot\System32\drivers\kltdi.sys: 1050.82c: CreationTime: 2012-11-22T19:48:12.000000000Z 1050.82c: LastWriteTime: 2012-11-22T19:48:12.000000000Z 1050.82c: ChangeTime: 2013-08-05T18:34:33.991709900Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0xd358 1050.82c: NT Headers: 0x100 1050.82c: Timestamp: 0x50ade6c4 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x50ade6c4 1050.82c: Image Version: 6.1 1050.82c: SizeOfImage: 0x10000 (65536) 1050.82c: Resource Dir: 0xe000 LB 0x398 1050.82c: ProductName: Kaspersky™ Anti-Virus ® 1050.82c: ProductVersion: 1.2.0.10 1050.82c: FileVersion: 1.2.0.10 built by: WinDDK 1050.82c: FileDescription: Network filtering component 1050.82c: \SystemRoot\System32\drivers\kneps.sys: 1050.82c: CreationTime: 2012-11-17T00:46:58.000000000Z 1050.82c: LastWriteTime: 2012-11-17T00:46:58.000000000Z 1050.82c: ChangeTime: 2013-08-05T18:34:34.116509900Z 1050.82c: FileAttributes: 0x20 1050.82c: Size: 0x2b758 1050.82c: NT Headers: 0x118 1050.82c: Timestamp: 0x50a64376 1050.82c: Machine: 0x8664 - amd64 1050.82c: Timestamp: 0x50a64376 1050.82c: Image Version: 6.1 1050.82c: SizeOfImage: 0x2d000 (184320) 1050.82c: Resource Dir: 0x2b000 LB 0x378 1050.82c: ProductName: Kaspersky™ Anti-Virus ® 1050.82c: ProductVersion: 5.2.0.28 1050.82c: FileVersion: 5.2.0.28 built by: WinDDK 1050.82c: FileDescription: KNEPS Power 1050.82c: Calling main() 1050.82c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1050.82c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1050.82c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1050.82c: SUPR3HardenedMain: Respawn #2 1050.82c: supR3HardNtEnableThreadCreation: 1050.82c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll) 1050.82c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll 1050.82c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1050.82c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1050.82c: supR3HardenedDllNotificationCallback: load 000007fefcc50000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 1050.82c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1050.82c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc50000 'C:\Windows\system32\apphelp.dll' 1050.82c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770bc340 pvNtTerminateThread=00000000770e17e0 1050.82c: supR3HardenedWinDoReSpawn(2): New child 106c.13ac [kernel32]. 1050.82c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 1050.82c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077090000 uNtDllChildAddr=0000000077090000 1050.82c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770bc340 1050.82c: supR3HardenedWinSetupChildInit: Start child. 1050.82c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1050.82c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps 1050.82c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1050.82c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 1050.82c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 1050.82c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 1050.82c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 1050.82c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 1050.82c: 0000000000041000-0000000000021fff 0x0001/0x0000 0x0000000 1050.82c: *0000000000060000-fffffffffff63fff 0x0000/0x0004 0x0020000 1050.82c: 000000000015c000-0000000000158fff 0x0104/0x0004 0x0020000 1050.82c: 000000000015f000-000000000015dfff 0x0004/0x0004 0x0020000 1050.82c: 0000000000160000-ffffffff8922ffff 0x0001/0x0000 0x0000000 1050.82c: *0000000077090000-000000007708efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1050.82c: 0000000077091000-0000000076f8efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1050.82c: 0000000077193000-0000000077163fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1050.82c: 00000000771c2000-00000000771b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1050.82c: 00000000771ca000-00000000771c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1050.82c: 00000000771cb000-00000000771c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1050.82c: 00000000771ce000-0000000077162fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1050.82c: 0000000077239000-000000006f491fff 0x0001/0x0000 0x0000000 1050.82c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 1050.82c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1050.82c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1050.82c: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000 1050.82c: *000000013f1f0000-000000013f1eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f1f1000-000000013f16cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f275000-000000013f273fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f276000-000000013f238fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f2b3000-000000013f2b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f2b4000-000000013f2b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f2b5000-000000013f2b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f2b7000-000000013f2b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f2b8000-000000013f2b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f2b9000-000000013f2b4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f2bd000-000000013f283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1050.82c: 000000013f2f6000-fffff8037f23bfff 0x0001/0x0000 0x0000000 1050.82c: *000007feff3b0000-000007feff3aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll 1050.82c: 000007feff3b1000-000007fdfe7b1fff 0x0001/0x0000 0x0000000 1050.82c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 1050.82c: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000 1050.82c: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000 1050.82c: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000 1050.82c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 1050.82c: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 1050.82c: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 1050.82c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1050.82c: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports 1050.82c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 1050.82c: supR3HardNtChildPurify: Done after 543 ms and 0 fixes (loop #0). 106c.13ac: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 106c.13ac: supR3HardenedVmProcessInit: uNtDllAddr=0000000077090000 106c.13ac: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS) 1050.82c: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000) 106c.13ac: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation) 1050.82c: supR3HardNtEnableThreadCreation: 106c.13ac: System32: \Device\HarddiskVolume3\Windows\System32 106c.13ac: WinSxS: \Device\HarddiskVolume3\Windows\winsxs 106c.13ac: KnownDllPath: C:\Windows\system32 106c.13ac: supR3HardenedVmProcessInit: Opening vboxdrv... 106c.13ac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 106c.13ac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 106c.13ac: Registered Dll notification callback with NTDLL. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 0000000076e70000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefcf70000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll' 106c.13ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770bc340 pvNtTerminateThread=00000000770e17e0 1050.82c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 23 ms. 106c.13ac: \SystemRoot\System32\ntdll.dll: 106c.13ac: CreationTime: 2013-10-09T09:28:18.281672300Z 106c.13ac: LastWriteTime: 2013-08-29T02:16:35.515578900Z 106c.13ac: ChangeTime: 2013-10-10T15:02:52.780847600Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x1a6dc0 106c.13ac: NT Headers: 0xe0 106c.13ac: Timestamp: 0x521eaf24 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x521eaf24 106c.13ac: Image Version: 6.1 106c.13ac: SizeOfImage: 0x1a9000 (1740800) 106c.13ac: Resource Dir: 0x151000 LB 0x560d8 106c.13ac: ProductName: Microsoft® Windows® Operating System 106c.13ac: ProductVersion: 6.1.7601.18247 106c.13ac: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 106c.13ac: FileDescription: NT Layer DLL 106c.13ac: \SystemRoot\System32\kernel32.dll: 106c.13ac: CreationTime: 2014-04-09T19:16:18.464175600Z 106c.13ac: LastWriteTime: 2014-03-04T09:44:00.336000000Z 106c.13ac: ChangeTime: 2014-04-14T14:05:07.417291600Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x11c000 106c.13ac: NT Headers: 0xe8 106c.13ac: Timestamp: 0x5315a059 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x5315a059 106c.13ac: Image Version: 6.1 106c.13ac: SizeOfImage: 0x11f000 (1175552) 106c.13ac: Resource Dir: 0x116000 LB 0x528 106c.13ac: ProductName: Microsoft® Windows® Operating System 106c.13ac: ProductVersion: 6.1.7601.18409 106c.13ac: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 106c.13ac: FileDescription: Windows NT BASE API Client DLL 106c.13ac: \SystemRoot\System32\KernelBase.dll: 106c.13ac: CreationTime: 2014-05-15T16:48:03.938503500Z 106c.13ac: LastWriteTime: 2014-03-04T09:44:00.336000000Z 106c.13ac: ChangeTime: 2014-05-22T23:08:55.079063300Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x67c00 106c.13ac: NT Headers: 0xe8 106c.13ac: Timestamp: 0x5315a05a 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x5315a05a 106c.13ac: Image Version: 6.1 106c.13ac: SizeOfImage: 0x6c000 (442368) 106c.13ac: Resource Dir: 0x6a000 LB 0x530 106c.13ac: ProductName: Microsoft® Windows® Operating System 106c.13ac: ProductVersion: 6.1.7601.18409 106c.13ac: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 106c.13ac: FileDescription: Windows NT BASE API Client DLL 106c.13ac: \SystemRoot\System32\apisetschema.dll: 106c.13ac: CreationTime: 2013-09-11T09:53:01.074440000Z 106c.13ac: LastWriteTime: 2013-08-02T02:12:20.275000000Z 106c.13ac: ChangeTime: 2013-09-11T10:20:39.245571700Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x1a00 106c.13ac: NT Headers: 0xc0 106c.13ac: Timestamp: 0x51fb15ca 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x51fb15ca 106c.13ac: Image Version: 6.1 106c.13ac: SizeOfImage: 0x50000 (327680) 106c.13ac: Resource Dir: 0x30000 LB 0x3f8 106c.13ac: ProductName: Microsoft® Windows® Operating System 106c.13ac: ProductVersion: 6.1.7601.18229 106c.13ac: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 106c.13ac: FileDescription: ApiSet Schema DLL 106c.13ac: Found driver KLIM6 (0x40) 106c.13ac: Found driver kl1 (0x40) 106c.13ac: Found driver kneps (0x40) 106c.13ac: Found driver kltdi (0x40) 106c.13ac: supR3HardenedWinFindAdversaries: 0x40 106c.13ac: \SystemRoot\System32\drivers\kl1.sys: 106c.13ac: CreationTime: 2012-06-20T00:28:12.000000000Z 106c.13ac: LastWriteTime: 2012-06-20T00:28:12.000000000Z 106c.13ac: ChangeTime: 2013-07-08T12:26:18.046592700Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x6ff58 106c.13ac: NT Headers: 0xe0 106c.13ac: Timestamp: 0x4fe07e33 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x4fe07e33 106c.13ac: Image Version: 0.0 106c.13ac: SizeOfImage: 0x75e000 (7725056) 106c.13ac: Resource Dir: 0x75c000 LB 0x448 106c.13ac: ProductName: Kaspersky Anti-Virus 106c.13ac: ProductVersion: 6.0.1.949 106c.13ac: FileVersion: 6.8.0.16 106c.13ac: FileDescription: Kaspersky Unified Driver 106c.13ac: \SystemRoot\System32\drivers\klflt.sys: 106c.13ac: CreationTime: 2013-01-11T23:37:18.000000000Z 106c.13ac: LastWriteTime: 2013-01-11T23:37:18.000000000Z 106c.13ac: ChangeTime: 2013-08-05T18:34:37.267709900Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x17310 106c.13ac: NT Headers: 0xf0 106c.13ac: Timestamp: 0x50d2c9c2 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x50d2c9c2 106c.13ac: Image Version: 6.0 106c.13ac: SizeOfImage: 0x21000 (135168) 106c.13ac: Resource Dir: 0x1f000 LB 0x370 106c.13ac: ProductName: Kaspersky™ Anti-Virus ® 106c.13ac: ProductVersion: 1.2.0.21 106c.13ac: FileVersion: 1.2.0.21 106c.13ac: FileDescription: Filter Core [fre_wlh_x64] 106c.13ac: \SystemRoot\System32\drivers\klif.sys: 106c.13ac: CreationTime: 2013-01-11T23:37:14.000000000Z 106c.13ac: LastWriteTime: 2013-01-11T23:37:14.000000000Z 106c.13ac: ChangeTime: 2013-08-05T18:34:37.220909900Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x9d510 106c.13ac: NT Headers: 0x108 106c.13ac: Timestamp: 0x50f005d0 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x50f005d0 106c.13ac: Image Version: 6.0 106c.13ac: SizeOfImage: 0xaa000 (696320) 106c.13ac: Resource Dir: 0xa8000 LB 0x388 106c.13ac: ProductName: Kaspersky™ Anti-Virus ® 106c.13ac: ProductVersion: 8.12.0.293 106c.13ac: FileVersion: 8.12.0.293 106c.13ac: FileDescription: Klif Mini-Filter [fre_wlh_x64] 106c.13ac: \SystemRoot\System32\drivers\klim6.sys: 106c.13ac: CreationTime: 2012-11-23T21:18:54.000000000Z 106c.13ac: LastWriteTime: 2012-11-23T21:18:54.000000000Z 106c.13ac: ChangeTime: 2013-07-08T12:26:19.778592700Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x6f58 106c.13ac: NT Headers: 0xf0 106c.13ac: Timestamp: 0x50af4d8a 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x50af4d8a 106c.13ac: Image Version: 6.0 106c.13ac: SizeOfImage: 0xa000 (40960) 106c.13ac: Resource Dir: 0x8000 LB 0x470 106c.13ac: ProductName: Kaspersky Anti-Virus 106c.13ac: ProductVersion: 6.0.1.964 106c.13ac: FileVersion: 8.0.0.48 106c.13ac: FileDescription: Kaspersky Lab Intermediate Network Driver 106c.13ac: \SystemRoot\System32\drivers\kltdi.sys: 106c.13ac: CreationTime: 2012-11-22T19:48:12.000000000Z 106c.13ac: LastWriteTime: 2012-11-22T19:48:12.000000000Z 106c.13ac: ChangeTime: 2013-08-05T18:34:33.991709900Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0xd358 106c.13ac: NT Headers: 0x100 106c.13ac: Timestamp: 0x50ade6c4 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x50ade6c4 106c.13ac: Image Version: 6.1 106c.13ac: SizeOfImage: 0x10000 (65536) 106c.13ac: Resource Dir: 0xe000 LB 0x398 106c.13ac: ProductName: Kaspersky™ Anti-Virus ® 106c.13ac: ProductVersion: 1.2.0.10 106c.13ac: FileVersion: 1.2.0.10 built by: WinDDK 106c.13ac: FileDescription: Network filtering component 106c.13ac: \SystemRoot\System32\drivers\kneps.sys: 106c.13ac: CreationTime: 2012-11-17T00:46:58.000000000Z 106c.13ac: LastWriteTime: 2012-11-17T00:46:58.000000000Z 106c.13ac: ChangeTime: 2013-08-05T18:34:34.116509900Z 106c.13ac: FileAttributes: 0x20 106c.13ac: Size: 0x2b758 106c.13ac: NT Headers: 0x118 106c.13ac: Timestamp: 0x50a64376 106c.13ac: Machine: 0x8664 - amd64 106c.13ac: Timestamp: 0x50a64376 106c.13ac: Image Version: 6.1 106c.13ac: SizeOfImage: 0x2d000 (184320) 106c.13ac: Resource Dir: 0x2b000 LB 0x378 106c.13ac: ProductName: Kaspersky™ Anti-Virus ® 106c.13ac: ProductVersion: 5.2.0.28 106c.13ac: FileVersion: 5.2.0.28 built by: WinDDK 106c.13ac: FileDescription: KNEPS Power 106c.13ac: Calling main() 106c.13ac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 106c.13ac: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 106c.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 106c.13ac: SUPR3HardenedMain: Final process, opening VBoxDrv... 106c.13ac: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000) 106c.13ac: supR3HardNtEnableThreadCreation: 106c.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007759e0:C:\Windows\system32 [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefbe20000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007759e0:C:\Windows\system32 [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefd150000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefd670000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefce50000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefde90000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\Wintrust.dll' 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc650000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc650000 'C:\Windows\system32\CRYPTSP.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc2b0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2b0000 'C:\Windows\system32\rsaenh.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefd540000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 106c.13ac: supR3HardenedDllNotificationCallback: load 000007feff0b0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\ADVAPI32.dll' 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefccb0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccb0000 'C:\Windows\system32\CRYPTBASE.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\WINTRUST.DLL' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfe0000 'C:\Windows\system32\CRYPT32.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefe160000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe160000 'C:\Windows\system32\imagehlp.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc650000 'C:\Windows\system32\CRYPTSP.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 0000000076f90000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefdcb0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefe310000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefdfc0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\gdi32.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefe130000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe130000 'C:\Windows\system32\IMM32.DLL' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f90000 'C:\Windows\system32\USER32.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc7a0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc770000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7a0000 'C:\Windows\system32\ncrypt.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc1a0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1a0000 'C:\Windows\system32\bcryptprimitives.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc770000 'C:\Windows\system32\bcrypt.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefce80000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce80000 'C:\Windows\system32\USERENV.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefc4e0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4e0000 'C:\Windows\system32\GPAPI.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde90000 'C:\Windows\system32\rpcrt4.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L2-1-0.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fef9460000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefda70000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\Windows\system32\cryptnet.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\profapi.dll' 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 106c.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 106c.13ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 106c.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 106c.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 106c.13ac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedDllNotificationCallback: load 000007fefde00000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\SHLWAPI.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\ADVAPI32.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 106c.13ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000776ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GNU\Claws Mail\pub;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCPackages;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32; [calling] 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: g_pfnWinVerifyTrust=000007fefd151010 106c.13ac: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0752B52B3009339E2F25EAE5A58D7AAA80FBDE38 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0752B52B3009339E2F25EAE5A58D7AAA80FBDE38 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedScreenImage/preload: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' 106c.13ac: Error (rc=0): 106c.13ac: supR3HardenedScreenImage/preload: cached rc=Unknown Status -22900 (0xffffa68c) fImage=0 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Windows\System32\crypt32.dll 106c.13ac: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedScreenImage/preload: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' 106c.13ac: Error (rc=0): 106c.13ac: supR3HardenedScreenImage/preload: cached rc=Unknown Status -22900 (0xffffa68c) fImage=0 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Windows\System32\wintrust.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c0 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D68DA0EBD4E0AA6C401CF7C54CEA904099DD3933 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D68DA0EBD4E0AA6C401CF7C54CEA904099DD3933 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1783; iCat=0x0) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007e7b90 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1783) 106c.13ac: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 106c.13ac: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 106c.13ac: Error (rc=0): 106c.13ac: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume3\Windows\System32\crypt32.dll 106c.13ac: Error (rc=0): 106c.13ac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\crypt32.dll' (C:\Windows\system32\crypt32.dll): rcNt=0xc0000190 106c.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\crypt32.dll' 106c.13ac: Fatal error: 106c.13ac: Error loading 'crypt32.dll': 1790 [C:\Windows\system32\crypt32.dll] 1050.82c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 155 ms, the end); 99c.f54: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 743 ms, the end);