12d8.1364: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110 12d8.1364: \SystemRoot\System32\ntdll.dll: 12d8.1364: CreationTime: 2010-11-21T03:24:02.237248300Z 12d8.1364: LastWriteTime: 2010-11-21T03:24:02.237248300Z 12d8.1364: ChangeTime: 2016-10-25T11:50:22.928484300Z 12d8.1364: FileAttributes: 0x20 12d8.1364: Size: 0x1a6d60 12d8.1364: NT Headers: 0xe0 12d8.1364: Timestamp: 0x4ce7c8f9 12d8.1364: Machine: 0x8664 - amd64 12d8.1364: Timestamp: 0x4ce7c8f9 12d8.1364: Image Version: 6.1 12d8.1364: SizeOfImage: 0x1a9000 (1740800) 12d8.1364: Resource Dir: 0x151000 LB 0x560d8 12d8.1364: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 12d8.1364: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] 12d8.1364: ProductName: Microsoft® Windows® Operating System 12d8.1364: ProductVersion: 6.1.7601.17514 12d8.1364: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 12d8.1364: FileDescription: NT Layer DLL 12d8.1364: \SystemRoot\System32\kernel32.dll: 12d8.1364: CreationTime: 2010-11-21T03:24:10.130862200Z 12d8.1364: LastWriteTime: 2010-11-21T03:24:10.130862200Z 12d8.1364: ChangeTime: 2016-10-25T11:50:21.493281700Z 12d8.1364: FileAttributes: 0x20 12d8.1364: Size: 0x11b800 12d8.1364: NT Headers: 0xe8 12d8.1364: Timestamp: 0x4ce7c78b 12d8.1364: Machine: 0x8664 - amd64 12d8.1364: Timestamp: 0x4ce7c78b 12d8.1364: Image Version: 6.1 12d8.1364: SizeOfImage: 0x11f000 (1175552) 12d8.1364: Resource Dir: 0x116000 LB 0x528 12d8.1364: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 12d8.1364: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 12d8.1364: ProductName: Microsoft® Windows® Operating System 12d8.1364: ProductVersion: 6.1.7601.17514 12d8.1364: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 12d8.1364: FileDescription: Windows NT BASE API Client DLL 12d8.1364: \SystemRoot\System32\KernelBase.dll: 12d8.1364: CreationTime: 2010-11-21T03:24:25.294088800Z 12d8.1364: LastWriteTime: 2010-11-21T03:24:25.294088800Z 12d8.1364: ChangeTime: 2016-10-25T11:50:21.493281700Z 12d8.1364: FileAttributes: 0x20 12d8.1364: Size: 0x66800 12d8.1364: NT Headers: 0xf0 12d8.1364: Timestamp: 0x4ce7c78c 12d8.1364: Machine: 0x8664 - amd64 12d8.1364: Timestamp: 0x4ce7c78c 12d8.1364: Image Version: 6.1 12d8.1364: SizeOfImage: 0x6b000 (438272) 12d8.1364: Resource Dir: 0x69000 LB 0x530 12d8.1364: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 12d8.1364: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] 12d8.1364: ProductName: Microsoft® Windows® Operating System 12d8.1364: ProductVersion: 6.1.7601.17514 12d8.1364: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 12d8.1364: FileDescription: Windows NT BASE API Client DLL 12d8.1364: \SystemRoot\System32\apisetschema.dll: 12d8.1364: CreationTime: 2009-07-13T23:18:54.866423200Z 12d8.1364: LastWriteTime: 2009-07-14T01:24:53.779000000Z 12d8.1364: ChangeTime: 2016-10-25T11:50:24.660087300Z 12d8.1364: FileAttributes: 0x20 12d8.1364: Size: 0x1a00 12d8.1364: NT Headers: 0xc0 12d8.1364: Timestamp: 0x4a5bdeab 12d8.1364: Machine: 0x8664 - amd64 12d8.1364: Timestamp: 0x4a5bdeab 12d8.1364: Image Version: 6.1 12d8.1364: SizeOfImage: 0x50000 (327680) 12d8.1364: Resource Dir: 0x30000 LB 0x3f0 12d8.1364: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 12d8.1364: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)] 12d8.1364: ProductName: Microsoft® Windows® Operating System 12d8.1364: ProductVersion: 6.1.7600.16385 12d8.1364: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) 12d8.1364: FileDescription: ApiSet Schema DLL 12d8.1364: supR3HardenedWinFindAdversaries: 0x0 12d8.1364: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox' 12d8.1364: Calling main() 12d8.1364: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 12d8.1364: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\VirtualBox' 12d8.1364: SUPR3HardenedMain: Respawn #1 12d8.1364: System32: \Device\HarddiskVolume2\Windows\System32 12d8.1364: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 12d8.1364: KnownDllPath: C:\Windows\system32 12d8.1364: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports 12d8.1364: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe) 12d8.1364: supR3HardNtEnableThreadCreation: 12d8.1364: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007712c320 pvNtTerminateThread=0000000077151840 12d8.1364: supR3HardenedWinDoReSpawn(1): New child e7c.df4 [kernel32]. 12d8.1364: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380 12d8.1364: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077100000 uNtDllChildAddr=0000000077100000 12d8.1364: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007712c320 12d8.1364: supR3HardenedWinSetupChildInit: Start child. 12d8.1364: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 12d8.1364: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps 12d8.1364: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 12d8.1364: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 12d8.1364: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 12d8.1364: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 12d8.1364: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 12d8.1364: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 12d8.1364: 0000000000041000-00000000001affff 0x0001/0x0000 0x0000000 12d8.1364: *00000000001b0000-00000000002abfff 0x0000/0x0004 0x0020000 12d8.1364: 00000000002ac000-00000000002adfff 0x0104/0x0004 0x0020000 12d8.1364: 00000000002ae000-00000000002affff 0x0004/0x0004 0x0020000 12d8.1364: 00000000002b0000-00000000770fffff 0x0001/0x0000 0x0000000 12d8.1364: *0000000077100000-0000000077100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12d8.1364: 0000000077101000-0000000077202fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12d8.1364: 0000000077203000-0000000077231fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12d8.1364: 0000000077232000-000000007723dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12d8.1364: 000000007723e000-00000000772a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12d8.1364: 00000000772a9000-000000007efdffff 0x0001/0x0000 0x0000000 12d8.1364: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 12d8.1364: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 12d8.1364: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 12d8.1364: 000000007fff0000-000000013fb1ffff 0x0001/0x0000 0x0000000 12d8.1364: *000000013fb20000-000000013fb20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fb21000-000000013fb91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fb92000-000000013fb92fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fb93000-000000013fbd8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fbd9000-000000013fbd9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fbda000-000000013fbdafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fbdb000-000000013fbdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fbe0000-000000013fbe0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fbe1000-000000013fbe1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fbe2000-000000013fbe5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fbe6000-000000013fc2dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe 12d8.1364: 000000013fc2e000-000007feff41ffff 0x0001/0x0000 0x0000000 12d8.1364: *000007feff420000-000007feff420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 12d8.1364: 000007feff421000-000007fffffaffff 0x0001/0x0000 0x0000000 12d8.1364: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 12d8.1364: *000007fffffd3000-000007fffffd3fff 0x0004/0x0004 0x0020000 12d8.1364: 000007fffffd4000-000007fffffddfff 0x0001/0x0000 0x0000000 12d8.1364: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 12d8.1364: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 12d8.1364: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS) 12d8.1364: VirtualBox.exe: timestamp 0x5be4900d (rc=VINF_SUCCESS) 12d8.1364: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports 12d8.1364: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) 12d8.1364: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 12d8.1364: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 12d8.1364: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) 12d8.1364: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 12d8.1364: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 12d8.1364: supR3HardNtChildPurify: Done after 318 ms and 0 fixes (loop #0). e7c.df4: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 e7c.df4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077100000 g_uNtVerCombined=0x611db100 e7c.df4: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS) e7c.df4: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1740800 allocation) 12d8.1364: supR3HardNtEnableThreadCreation: e7c.df4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox' e7c.df4: System32: \Device\HarddiskVolume2\Windows\System32 e7c.df4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs e7c.df4: KnownDllPath: C:\Windows\system32 e7c.df4: supR3HardenedVmProcessInit: Opening vboxdrv stub... e7c.df4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... e7c.df4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... e7c.df4: Registered Dll notification callback with NTDLL. e7c.df4: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) e7c.df4: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). e7c.df4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) e7c.df4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll e7c.df4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] e7c.df4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] e7c.df4: supR3HardenedDllNotificationCallback: load 0000000076fe0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] e7c.df4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] e7c.df4: supR3HardenedDllNotificationCallback: load 000007fefd3b0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] e7c.df4: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) e7c.df4: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). e7c.df4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) e7c.df4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll e7c.df4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\kernel32.dll' e7c.df4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007712c320 pvNtTerminateThread=0000000077151840 12d8.1364: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 43 ms. e7c.df4: \SystemRoot\System32\ntdll.dll: e7c.df4: CreationTime: 2010-11-21T03:24:02.237248300Z e7c.df4: LastWriteTime: 2010-11-21T03:24:02.237248300Z e7c.df4: ChangeTime: 2016-10-25T11:50:22.928484300Z e7c.df4: FileAttributes: 0x20 e7c.df4: Size: 0x1a6d60 e7c.df4: NT Headers: 0xe0 e7c.df4: Timestamp: 0x4ce7c8f9 e7c.df4: Machine: 0x8664 - amd64 e7c.df4: Timestamp: 0x4ce7c8f9 e7c.df4: Image Version: 6.1 e7c.df4: SizeOfImage: 0x1a9000 (1740800) e7c.df4: Resource Dir: 0x151000 LB 0x560d8 e7c.df4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] e7c.df4: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] e7c.df4: ProductName: Microsoft® Windows® Operating System e7c.df4: ProductVersion: 6.1.7601.17514 e7c.df4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) e7c.df4: FileDescription: NT Layer DLL e7c.df4: \SystemRoot\System32\kernel32.dll: e7c.df4: CreationTime: 2010-11-21T03:24:10.130862200Z e7c.df4: LastWriteTime: 2010-11-21T03:24:10.130862200Z e7c.df4: ChangeTime: 2016-10-25T11:50:21.493281700Z e7c.df4: FileAttributes: 0x20 e7c.df4: Size: 0x11b800 e7c.df4: NT Headers: 0xe8 e7c.df4: Timestamp: 0x4ce7c78b e7c.df4: Machine: 0x8664 - amd64 e7c.df4: Timestamp: 0x4ce7c78b e7c.df4: Image Version: 6.1 e7c.df4: SizeOfImage: 0x11f000 (1175552) e7c.df4: Resource Dir: 0x116000 LB 0x528 e7c.df4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] e7c.df4: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] e7c.df4: ProductName: Microsoft® Windows® Operating System e7c.df4: ProductVersion: 6.1.7601.17514 e7c.df4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) e7c.df4: FileDescription: Windows NT BASE API Client DLL e7c.df4: \SystemRoot\System32\KernelBase.dll: e7c.df4: CreationTime: 2010-11-21T03:24:25.294088800Z e7c.df4: LastWriteTime: 2010-11-21T03:24:25.294088800Z e7c.df4: ChangeTime: 2016-10-25T11:50:21.493281700Z e7c.df4: FileAttributes: 0x20 e7c.df4: Size: 0x66800 e7c.df4: NT Headers: 0xf0 e7c.df4: Timestamp: 0x4ce7c78c e7c.df4: Machine: 0x8664 - amd64 e7c.df4: Timestamp: 0x4ce7c78c e7c.df4: Image Version: 6.1 e7c.df4: SizeOfImage: 0x6b000 (438272) e7c.df4: Resource Dir: 0x69000 LB 0x530 e7c.df4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] e7c.df4: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] e7c.df4: ProductName: Microsoft® Windows® Operating System e7c.df4: ProductVersion: 6.1.7601.17514 e7c.df4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) e7c.df4: FileDescription: Windows NT BASE API Client DLL e7c.df4: \SystemRoot\System32\apisetschema.dll: e7c.df4: CreationTime: 2009-07-13T23:18:54.866423200Z e7c.df4: LastWriteTime: 2009-07-14T01:24:53.779000000Z e7c.df4: ChangeTime: 2016-10-25T11:50:24.660087300Z e7c.df4: FileAttributes: 0x20 e7c.df4: Size: 0x1a00 e7c.df4: NT Headers: 0xc0 e7c.df4: Timestamp: 0x4a5bdeab e7c.df4: Machine: 0x8664 - amd64 e7c.df4: Timestamp: 0x4a5bdeab e7c.df4: Image Version: 6.1 e7c.df4: SizeOfImage: 0x50000 (327680) e7c.df4: Resource Dir: 0x30000 LB 0x3f0 e7c.df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] e7c.df4: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)] e7c.df4: ProductName: Microsoft® Windows® Operating System e7c.df4: ProductVersion: 6.1.7600.16385 e7c.df4: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) e7c.df4: FileDescription: ApiSet Schema DLL e7c.df4: supR3HardenedWinFindAdversaries: 0x0 e7c.df4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox' e7c.df4: Calling main() e7c.df4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 e7c.df4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\VirtualBox' e7c.df4: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports e7c.df4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe) e7c.df4: SUPR3HardenedMain: Respawn #2 e7c.df4: supR3HardNtEnableThreadCreation: e7c.df4: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) e7c.df4: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). e7c.df4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) e7c.df4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll e7c.df4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] e7c.df4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] e7c.df4: supR3HardenedDllNotificationCallback: load 000007fefcf20000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] e7c.df4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] e7c.df4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf20000 'C:\Windows\system32\apphelp.dll' e7c.df4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007712c320 pvNtTerminateThread=0000000077151840 e7c.df4: supR3HardenedWinDoReSpawn(2): New child fe4.dfc [kernel32]. e7c.df4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 e7c.df4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077100000 uNtDllChildAddr=0000000077100000 e7c.df4: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007712c320 e7c.df4: supR3HardenedWinSetupChildInit: Start child. e7c.df4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. e7c.df4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 31 sleeps e7c.df4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION e7c.df4: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 e7c.df4: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 e7c.df4: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 e7c.df4: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 e7c.df4: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 e7c.df4: 0000000000041000-00000000001cffff 0x0001/0x0000 0x0000000 e7c.df4: *00000000001d0000-00000000002cbfff 0x0000/0x0004 0x0020000 e7c.df4: 00000000002cc000-00000000002cdfff 0x0104/0x0004 0x0020000 e7c.df4: 00000000002ce000-00000000002cffff 0x0004/0x0004 0x0020000 e7c.df4: 00000000002d0000-00000000770fffff 0x0001/0x0000 0x0000000 e7c.df4: *0000000077100000-0000000077100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e7c.df4: 0000000077101000-0000000077202fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e7c.df4: 0000000077203000-0000000077231fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e7c.df4: 0000000077232000-000000007723dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e7c.df4: 000000007723e000-00000000772a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e7c.df4: 00000000772a9000-000000007efdffff 0x0001/0x0000 0x0000000 e7c.df4: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 e7c.df4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 e7c.df4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 e7c.df4: 000000007fff0000-000000013fb1ffff 0x0001/0x0000 0x0000000 e7c.df4: *000000013fb20000-000000013fb20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fb21000-000000013fb91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fb92000-000000013fb92fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fb93000-000000013fbd8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fbd9000-000000013fbd9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fbda000-000000013fbdafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fbdb000-000000013fbdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fbe0000-000000013fbe0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fbe1000-000000013fbe1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fbe2000-000000013fbe5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fbe6000-000000013fc2dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe e7c.df4: 000000013fc2e000-000007feff41ffff 0x0001/0x0000 0x0000000 e7c.df4: *000007feff420000-000007feff420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll e7c.df4: 000007feff421000-000007fffffaffff 0x0001/0x0000 0x0000000 e7c.df4: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 e7c.df4: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 e7c.df4: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000 e7c.df4: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000 e7c.df4: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 e7c.df4: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS) e7c.df4: VirtualBox.exe: timestamp 0x5be4900d (rc=VINF_SUCCESS) e7c.df4: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports e7c.df4: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) e7c.df4: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). e7c.df4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports e7c.df4: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) e7c.df4: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). e7c.df4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports e7c.df4: supR3HardNtChildPurify: Done after 306 ms and 0 fixes (loop #0). fe4.dfc: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 fe4.dfc: supR3HardenedVmProcessInit: uNtDllAddr=0000000077100000 g_uNtVerCombined=0x611db100 fe4.dfc: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS) fe4.dfc: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1740800 allocation) e7c.df4: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002b0000 LB 0x400000) e7c.df4: supR3HardNtEnableThreadCreation: fe4.dfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox' fe4.dfc: System32: \Device\HarddiskVolume2\Windows\System32 fe4.dfc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs fe4.dfc: KnownDllPath: C:\Windows\system32 fe4.dfc: supR3HardenedVmProcessInit: Opening vboxdrv... fe4.dfc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... fe4.dfc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... fe4.dfc: Registered Dll notification callback with NTDLL. fe4.dfc: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000076fe0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd3b0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\kernel32.dll' fe4.dfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007712c320 pvNtTerminateThread=0000000077151840 e7c.df4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 60 ms. fe4.dfc: \SystemRoot\System32\ntdll.dll: fe4.dfc: CreationTime: 2010-11-21T03:24:02.237248300Z fe4.dfc: LastWriteTime: 2010-11-21T03:24:02.237248300Z fe4.dfc: ChangeTime: 2016-10-25T11:50:22.928484300Z fe4.dfc: FileAttributes: 0x20 fe4.dfc: Size: 0x1a6d60 fe4.dfc: NT Headers: 0xe0 fe4.dfc: Timestamp: 0x4ce7c8f9 fe4.dfc: Machine: 0x8664 - amd64 fe4.dfc: Timestamp: 0x4ce7c8f9 fe4.dfc: Image Version: 6.1 fe4.dfc: SizeOfImage: 0x1a9000 (1740800) fe4.dfc: Resource Dir: 0x151000 LB 0x560d8 fe4.dfc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fe4.dfc: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] fe4.dfc: ProductName: Microsoft® Windows® Operating System fe4.dfc: ProductVersion: 6.1.7601.17514 fe4.dfc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) fe4.dfc: FileDescription: NT Layer DLL fe4.dfc: \SystemRoot\System32\kernel32.dll: fe4.dfc: CreationTime: 2010-11-21T03:24:10.130862200Z fe4.dfc: LastWriteTime: 2010-11-21T03:24:10.130862200Z fe4.dfc: ChangeTime: 2016-10-25T11:50:21.493281700Z fe4.dfc: FileAttributes: 0x20 fe4.dfc: Size: 0x11b800 fe4.dfc: NT Headers: 0xe8 fe4.dfc: Timestamp: 0x4ce7c78b fe4.dfc: Machine: 0x8664 - amd64 fe4.dfc: Timestamp: 0x4ce7c78b fe4.dfc: Image Version: 6.1 fe4.dfc: SizeOfImage: 0x11f000 (1175552) fe4.dfc: Resource Dir: 0x116000 LB 0x528 fe4.dfc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fe4.dfc: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] fe4.dfc: ProductName: Microsoft® Windows® Operating System fe4.dfc: ProductVersion: 6.1.7601.17514 fe4.dfc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) fe4.dfc: FileDescription: Windows NT BASE API Client DLL fe4.dfc: \SystemRoot\System32\KernelBase.dll: fe4.dfc: CreationTime: 2010-11-21T03:24:25.294088800Z fe4.dfc: LastWriteTime: 2010-11-21T03:24:25.294088800Z fe4.dfc: ChangeTime: 2016-10-25T11:50:21.493281700Z fe4.dfc: FileAttributes: 0x20 fe4.dfc: Size: 0x66800 fe4.dfc: NT Headers: 0xf0 fe4.dfc: Timestamp: 0x4ce7c78c fe4.dfc: Machine: 0x8664 - amd64 fe4.dfc: Timestamp: 0x4ce7c78c fe4.dfc: Image Version: 6.1 fe4.dfc: SizeOfImage: 0x6b000 (438272) fe4.dfc: Resource Dir: 0x69000 LB 0x530 fe4.dfc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fe4.dfc: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] fe4.dfc: ProductName: Microsoft® Windows® Operating System fe4.dfc: ProductVersion: 6.1.7601.17514 fe4.dfc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) fe4.dfc: FileDescription: Windows NT BASE API Client DLL fe4.dfc: \SystemRoot\System32\apisetschema.dll: fe4.dfc: CreationTime: 2009-07-13T23:18:54.866423200Z fe4.dfc: LastWriteTime: 2009-07-14T01:24:53.779000000Z fe4.dfc: ChangeTime: 2016-10-25T11:50:24.660087300Z fe4.dfc: FileAttributes: 0x20 fe4.dfc: Size: 0x1a00 fe4.dfc: NT Headers: 0xc0 fe4.dfc: Timestamp: 0x4a5bdeab fe4.dfc: Machine: 0x8664 - amd64 fe4.dfc: Timestamp: 0x4a5bdeab fe4.dfc: Image Version: 6.1 fe4.dfc: SizeOfImage: 0x50000 (327680) fe4.dfc: Resource Dir: 0x30000 LB 0x3f0 fe4.dfc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fe4.dfc: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)] fe4.dfc: ProductName: Microsoft® Windows® Operating System fe4.dfc: ProductVersion: 6.1.7600.16385 fe4.dfc: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) fe4.dfc: FileDescription: ApiSet Schema DLL fe4.dfc: supR3HardenedWinFindAdversaries: 0x0 fe4.dfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox' fe4.dfc: Calling main() fe4.dfc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 fe4.dfc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\VirtualBox' fe4.dfc: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe) fe4.dfc: SUPR3HardenedMain: Final process, opening VBoxDrv... fe4.dfc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000) fe4.dfc: supR3HardNtEnableThreadCreation: fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef98e0000 LB 0x00005000 C:\Program Files\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wintrust.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wintrust.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd270000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefec70000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd100000 LB 0x00167000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd0f0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd420000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd270000 'C:\Windows\system32\Wintrust.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefcad0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcad0000 'C:\Windows\system32\bcrypt.dll' fe4.dfc: bcrypt.dll loaded at 000007fefcad0000, BCryptOpenAlgorithmProvider at 000007fefcad2640, preloading providers: fe4.dfc: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc5e0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefdba0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\sechost.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\sechost.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefed10000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5e0000 'C:\Windows\system32\bcryptprimitives.dll' fe4.dfc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000094afb0) fe4.dfc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000094c840) fe4.dfc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000094c960) fe4.dfc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000094cb70) fe4.dfc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000094cc90) fe4.dfc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000094cdb0) fe4.dfc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000094cff0) fe4.dfc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000094d110) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefca20000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca20000 'C:\Windows\system32\CRYPTSP.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc560000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc560000 'C:\Windows\system32\rsaenh.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefcf80000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\CRYPTBASE.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\kernel32.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd270000 'C:\Windows\system32\WINTRUST.DLL' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\CRYPT32.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007feff270000 LB 0x00017000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'C:\Windows\system32\imagehlp.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca20000 'C:\Windows\system32\CRYPTSP.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\user32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\lpk.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\lpk.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\usp10.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\usp10.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000076ee0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6a0000 'C:\Windows\system32\gdi32.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\imm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\imm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msctf.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msctf.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd660000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd550000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\Windows\system32\IMM32.DLL' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ee0000 'C:\Windows\system32\USER32.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefca80000 LB 0x0004e000 C:\Windows\system32\ncrypt.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca80000 'C:\Windows\system32\ncrypt.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcad0000 'C:\Windows\system32\bcrypt.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\userenv.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\userenv.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc380000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd050000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc380000 'C:\Windows\system32\USERENV.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc360000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc360000 'C:\Windows\system32\GPAPI.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-Management-L1-1-0.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\Windows\system32\rpcrt4.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-Management-L2-1-0.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef5e10000 LB 0x00026000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd7e0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007feff0c0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0c0000 'C:\Windows\system32\SHLWAPI.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\profapi.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\devobj.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\devobj.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefea10000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd2b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefed30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd850000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd2f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea10000 'C:\Windows\system32\setupapi.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cabinet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cabinet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef7560000 LB 0x0001b000 C:\Windows\system32\Cabinet.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7560000 'C:\Windows\system32\Cabinet.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\devrtl.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\devrtl.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc3a0000 LB 0x00012000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\DEVRTL.dll' fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefea10000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefd2f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefed30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefd850000 LB 0x00203000 C:\Windows\system32\ole32.dll [flags=0x0] fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefd2b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6463B603CF12442718467D754A1EDC45CE1D6E7E fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-Management-L1-1-0.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\SystemRoot\System32\ntdll.dll' fe4.dfc: g_pfnWinVerifyTrust=000007fefd271010 fe4.dfc: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=766DAE0DAEDFFD0DB96611658C619DD5922D2FEC fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' fe4.dfc: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8D9B442D9CC38B2D0501106E104A42A4EE0B238 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000444 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000040c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000408 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26A5C3FE898CBD66951D3BC65E742E0BE561E69B fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003fc pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ec pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e0 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003dc pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000278 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D482C50075646C922DC6A66C97956C5060C361B fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8F7179D2AEB0FEB168A01D182223AC2D7B8F331 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE89CF1060867A10BD3963894BCDB4D3058F804 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBEAC8C0FA88C88B540ACFE0683B1810C077AA53 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC4D9E909DFDD2EE8BA1A5C857D73D49EBE7952C fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06FEC3C858DB28D2F4BFBDA99AF14D4747A8C5D4 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7AE634A00F24BBD4AE27DEA9BCCCE222DE9897B fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\crypt32.dll' fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root fe4.dfc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=15 fe4.dfc: SUPR3HardenedMain: Load Runtime... fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\nsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\nsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef45c0000 LB 0x00595000 C:\Program Files\VirtualBox\VBoxRT.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000073de0000 LB 0x000d2000 C:\Program Files\VirtualBox\MSVCR100.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000073d40000 LB 0x00098000 C:\Program Files\VirtualBox\MSVCP100.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefee10000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd690000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd270000 'C:\Windows\system32\Wintrust.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\crypt32.dll' fe4.dfc: SUPR3HardenedMain: Load TrustedMain... fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\shell32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\shell32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCF00DB9BBECF4126AB4076577BBA73C0F94BDF9 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5OpenGLVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5PrintSupportVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\opengl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\opengl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ddraw.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ddraw.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\glu32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\glu32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\mpr.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\mpr.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\winspool.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\winspool.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\dciman32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\dciman32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3bb0000 LB 0x00a06000 C:\Program Files\VirtualBox\VirtualBox.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef4db0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef4fe0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3ab0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef86b0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefea10000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd2b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefed30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd850000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd2f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefb320000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000072e70000 LB 0x00565000 C:\Program Files\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9730000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef34b0000 LB 0x005f7000 C:\Program Files\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000071f40000 LB 0x00561000 C:\Program Files\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5PrintSupportVBox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3450000 LB 0x00051000 C:\Program Files\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5PrintSupportVBox.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9560000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefda60000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll fe4.dfc: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in WinSxS). fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll) fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef7610000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [avoiding WinVerifyTrust] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5OpenGLVBox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 00000000749f0000 LB 0x00054000 C:\Program Files\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5OpenGLVBox.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef7980000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.dfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll' [rescheduled] fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\Windows\system32\imm32.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.DLL' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\cryptbase.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3bb0000 'C:\Program Files\VirtualBox\VirtualBox.dll' fe4.dfc: SUPR3HardenedMain: Calling TrustedMain (000007fef3bb14f0)... fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\profapi.dll' fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\platforms\qwindows.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\platforms\qwindows.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\platforms\qwindows.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3320000 LB 0x0012e000 C:\Program Files\VirtualBox\platforms\qwindows.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\platforms\qwindows.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3320000 'C:\Program Files\VirtualBox\platforms\qwindows.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\CRYPTBASE.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ee0000 'C:\Windows\system32\user32.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\shell32.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\Wintab32.dll: Owner is administrators group. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'wtsapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\Wintab32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wintab32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000588 pwszName=\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Wintab32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3150000 LB 0x001cb000 C:\Windows\system32\wintab32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Wintab32.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefb340000 LB 0x00011000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3150000 'C:\Windows\system32\wintab32.dll' fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Wacom_Tablet.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033 fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Pen_Tablet.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033 fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\ISD_Tablet.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033 fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\shell32.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000590 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefb9e0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb9e0000 'C:\Windows\system32\uxtheme.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\advapi32.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc380000 'C:\Windows\system32\userenv.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\kernel32.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefdb00000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb00000 'C:\Windows\system32\CLBCatQ.DLL' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca20000 'C:\Windows\system32\CRYPTSP.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c8 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd030000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd030000 'C:\Windows\system32\RpcRtRemote.dll' fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. fe4.1050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll) WinVerifyTrust fe4.1050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.1050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll fe4.1050: supR3HardenedDllNotificationCallback: load 000007fef10c0000 LB 0x00546000 C:\Program Files\VirtualBox\VBoxC.dll [fFlags=0x0] fe4.1050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll fe4.1050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef10c0000 'C:\Program Files\VirtualBox\VBoxC.dll' fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. fe4.1050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust fe4.1050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxProxyStub.dll fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.1050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.1050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxProxyStub.dll fe4.1050: supR3HardenedDllNotificationCallback: load 000007fef3090000 LB 0x000ba000 C:\Program Files\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] fe4.1050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxProxyStub.dll fe4.1050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3090000 'C:\Program Files\VirtualBox\VBoxProxyStub.dll' fe4.1050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.1050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000319c200:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.1050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\oleaut32.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6a0000 'C:\Windows\system32\gdi32.dll' fe4.dfc: \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll: Owner is administrators group. fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006c8 pwszName=\Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0BAE97CCF37353CEC29DD8DDA0ACE75BB110451A fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0BAE97CCF37353CEC29DD8DDA0ACE75BB110451A fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) fe4.dfc: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll) WinVerifyTrust fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll: Not signed. fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.d00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.d00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.d00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust fe4.d00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll fe4.d00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.d00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.d00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.d00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.d00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.d00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll fe4.d00: supR3HardenedDllNotificationCallback: load 000007fef7600000 LB 0x0000e000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0] fe4.d00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll fe4.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7600000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=512 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2048 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\shell32.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\OLEAUT32.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000948 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000954 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031255f0:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9d40000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9ff0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll fe4.dfc: supR3HardenedIsApiSetDll: '' -> true fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9d40000 'C:\Windows\system32\wbem\wbemprox.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000097c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031255f0:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9850000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9850000 'C:\Windows\system32\wbem\wbemsvc.dll' fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000984 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008] fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000990 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'. fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031255f0:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9ec0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9e90000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0] fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ec0000 'C:\Windows\system32\wbem\fastprox.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\OLEAUT32.dll' fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fe4.abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll) WinVerifyTrust fe4.abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. fe4.abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxREM.dll) WinVerifyTrust fe4.abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxREM.dll fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] fe4.abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll fe4.abc: supR3HardenedDllNotificationCallback: load 000007fef0df0000 LB 0x002ca000 C:\Program Files\VirtualBox\VBoxVMM.DLL [fFlags=0x0] fe4.abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll fe4.abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxREM.dll fe4.abc: supR3HardenedDllNotificationCallback: load 0000000073c30000 LB 0x0010b000 C:\Program Files\VirtualBox\VBoxREM.dll [fFlags=0x0] fe4.abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxREM.dll fe4.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0df0000 'C:\Program Files\VirtualBox\VBoxVMM.DLL' fe4.12c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.12c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. fe4.12c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fe4.12c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. fe4.12c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust fe4.12c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedClipboard.dll fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] fe4.12c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.12c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.12c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedClipboard.dll fe4.12c0: supR3HardenedDllNotificationCallback: load 000007fef64b0000 LB 0x0000b000 C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] fe4.12c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedClipboard.dll fe4.12c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef64b0000 'C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL' fe4.12c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ee0000 'C:\Windows\system32\User32.dll' fe4.5d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.5d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fe4.5d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fe4.5d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust fe4.5d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDragAndDropSvc.dll fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.5d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.5d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll fe4.5d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.5d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDragAndDropSvc.dll fe4.5d4: supR3HardenedDllNotificationCallback: load 000007fef4fd0000 LB 0x0000d000 C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] fe4.5d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDragAndDropSvc.dll fe4.5d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4fd0000 'C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL' fe4.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fe4.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fe4.105c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust fe4.105c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestPropSvc.dll fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.105c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.105c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestPropSvc.dll fe4.105c: supR3HardenedDllNotificationCallback: load 000007fef4fc0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] fe4.105c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestPropSvc.dll fe4.105c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4fc0000 'C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL' fe4.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. fe4.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fe4.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust fe4.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestControlSvc.dll fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestControlSvc.dll fe4.10cc: supR3HardenedDllNotificationCallback: load 000007fef4fb0000 LB 0x0000b000 C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] fe4.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestControlSvc.dll fe4.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4fb0000 'C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\Shell32.dll' fe4.9f8: supR3HardenedIsApiSetDll: '' -> true fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0df0000 'C:\Program Files\VirtualBox\VBoxVMM.DLL' fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2c80000 LB 0x00041000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c80000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL' fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2c80000 LB 0x00041000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0] fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] fe4.9f8: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc8 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDDU.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDDU.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] fe4.9f8: \Device\HarddiskVolume2\Windows\System32\winnsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\winnsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007feede80000 LB 0x009cf000 C:\Program Files\VirtualBox\VBoxDD.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD.dll fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDDU.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef3020000 LB 0x00063000 C:\Program Files\VirtualBox\VBoxDDU.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDDU.dll fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2cd0000 LB 0x0005d000 C:\Program Files\VirtualBox\VBoxDD2.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefada0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefad90000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede80000 'C:\Program Files\VirtualBox\VBoxDD.DLL' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2c80000 LB 0x00041000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c80000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef10c0000 'C:\Program Files\VirtualBox\VBoxC.DLL' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2cd0000 'C:\Program Files\VirtualBox\VBoxDD2.DLL' fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2f30000 LB 0x0001f000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2f30000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL' fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2c60000 LB 0x00018000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c60000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL' fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef0dd0000 LB 0x00018000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0dd0000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL' fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef0db0000 LB 0x00019000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0db0000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL' fe4.1b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.1b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. fe4.1b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. fe4.1b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust fe4.1b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedFolders.dll fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] fe4.1b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.1b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.1b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedFolders.dll fe4.1b0: supR3HardenedDllNotificationCallback: load 000007fef2f20000 LB 0x0000d000 C:\Program Files\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] fe4.1b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedFolders.dll fe4.1b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2f20000 'C:\Program Files\VirtualBox\VBoxSharedFolders.DLL' fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2f50000 LB 0x000cd000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2f50000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\Iphlpapi.dll' fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d4c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B9B444EEE6F858BAE572BDDE53A4FA1A1E7957B fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefac20000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac20000 'C:\Windows\system32\dhcpcsvc6.DLL' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\IPHLPAPI.DLL' fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d68 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefaae0000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaae0000 'C:\Windows\system32\dhcpcsvc.DLL' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\IPHLPAPI.DLL' fe4.9f8: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ddc pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] fe4.9f8: \Device\HarddiskVolume2\Windows\System32\propsys.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\propsys.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de0 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003183b00:C:\Windows\System32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefb4a0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefb370000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4a0000 'C:\Windows\System32\MMDevApi.dll' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea10000 'C:\Windows\system32\SETUPAPI.dll' fe4.80c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll fe4.80c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\CFGMGR32.dll' fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dsound.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dsound.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e40 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008] fe4.9f8: \Device\HarddiskVolume2\Windows\System32\powrprof.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\powrprof.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e44 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003183b00:C:\Windows\System32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef03e0000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefa6a0000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\System32\dsound.dll' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\System32\dsound.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\system32\dsound.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0c0000 'C:\Windows\system32\SHLWAPI.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4a0000 'C:\Windows\system32\MMDEVAPI.DLL' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll' fe4.9f8: supR3HardenedIsApiSetDll: '' -> true fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-Management-L1-1-0.dll' fe4.9f8: supR3HardenedIsApiSetDll: '' -> true fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\Windows\system32\RPCRT4.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4a0000 'C:\Windows\system32\MMDevAPI.DLL' fe4.9f8: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e60 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: \Device\HarddiskVolume2\Windows\System32\avrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\avrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e70 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] fe4.9f8: \Device\HarddiskVolume2\Windows\System32\ksuser.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\ksuser.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e64 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef0d70000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 0000000074990000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefa690000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e90 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B5BCEE9F60F75E176D19C778D9B6CD5DBEB84BB fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef78d0000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef78d0000 'C:\Windows\system32\AUDIOSES.DLL' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv' fe4.9f8: \Device\HarddiskVolume2\Windows\System32\msacm32.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\msacm32.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e58 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] fe4.9f8: \Device\HarddiskVolume2\Windows\System32\msacm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\msacm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e9c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2dc0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef0d50000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv' fe4.9f8: \Device\HarddiskVolume2\Windows\System32\midimap.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.9f8: \Device\HarddiskVolume2\Windows\System32\midimap.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3 fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll' fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2c50000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0] fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c50000 'C:\Windows\system32\midimap.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c50000 'C:\Windows\system32\midimap.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c50000 'C:\Windows\system32\midimap.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c50000 'C:\Windows\system32\midimap.dll' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\system32\dsound.dll' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll' fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\WINMM.dll' fe4.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\OLEAUT32.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4096 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.11e0: \Device\HarddiskVolume2\Windows\System32\mswsock.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.11e0: \Device\HarddiskVolume2\Windows\System32\mswsock.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f3c pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=622534330644BBBA6963C90CCFEC015B1518D5BA fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll' fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. fe4.11e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust fe4.11e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] fe4.11e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.11e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll fe4.11e0: supR3HardenedDllNotificationCallback: load 000007fefc860000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0] fe4.11e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll fe4.11e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc860000 'C:\Windows\system32\mswsock.dll' fe4.11e0: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00) fe4.11e0: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f50 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0 fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0 fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL' fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'. fe4.11e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust fe4.11e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] fe4.11e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.11e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL fe4.11e0: supR3HardenedDllNotificationCallback: load 000007fefc270000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0] fe4.11e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL fe4.11e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc270000 'C:\Windows\System32\wshtcpip.dll' fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\system32\dsound.dll' fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll' fe4.7d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll fe4.7d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000319d2e0:C:\Windows\System32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.7d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef78d0000 'C:\Windows\System32\audioses.dll' fe4.114c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll fe4.114c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling] fe4.114c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\avrt.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8192 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16384 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll fe4.dfc: Error (rc=0): fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190 fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' fe4.1b0: supR3HardenedDllNotificationCallback: Unload 000007fef2f20000 LB 0x0000d000 C:\Program Files\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] fe4.10cc: supR3HardenedDllNotificationCallback: Unload 000007fef4fb0000 LB 0x0000b000 C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] fe4.105c: supR3HardenedDllNotificationCallback: Unload 000007fef4fc0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] fe4.5d4: supR3HardenedDllNotificationCallback: Unload 000007fef4fd0000 LB 0x0000d000 C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] fe4.12c0: supR3HardenedDllNotificationCallback: Unload 000007fef64b0000 LB 0x0000b000 C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fefc270000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef0db0000 LB 0x00019000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef0dd0000 LB 0x00018000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2c60000 LB 0x00018000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2f30000 LB 0x0001f000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2c80000 LB 0x00041000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007feede80000 LB 0x009cf000 C:\Program Files\VirtualBox\VBoxDD.DLL [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2cd0000 LB 0x0005d000 C:\Program Files\VirtualBox\VBoxDD2.dll [flags=0x0] fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef3020000 LB 0x00063000 C:\Program Files\VirtualBox\VBoxDDU.dll [flags=0x0] fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fef7600000 LB 0x0000e000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0] fe4.dfc: Terminating the normal way: rcExit=0 e7c.df4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 176826 ms, the end); 12d8.1364: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 177215 ms, the end);