API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 21st, 2015
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 394.39 KB | None | 0 0
raw download clone embed print report
  1. 2760.d4: Log file opened: 5.0.2r102096 g_hStartupLog=000000000000003c g_uNtVerCombined=0x63258000
  2. 2760.d4: \SystemRoot\System32\ntdll.dll:
  3. 2760.d4: CreationTime: 2015-08-12T09:26:23.662729300Z
  4. 2760.d4: LastWriteTime: 2015-07-16T00:29:35.716166500Z
  5. 2760.d4: ChangeTime: 2015-08-13T11:12:25.917951300Z
  6. 2760.d4: FileAttributes: 0x20
  7. 2760.d4: Size: 0x1a7958
  8. 2760.d4: NT Headers: 0xd8
  9. 2760.d4: Timestamp: 0x55a68e0c
  10. 2760.d4: Machine: 0x8664 - amd64
  11. 2760.d4: Timestamp: 0x55a68e0c
  12. 2760.d4: Image Version: 6.3
  13. 2760.d4: SizeOfImage: 0x1ac000 (1753088)
  14. 2760.d4: Resource Dir: 0x148000 LB 0x62450
  15. 2760.d4: ProductName: Microsoft® Windows® Operating System
  16. 2760.d4: ProductVersion: 6.3.9600.17936
  17. 2760.d4: FileVersion: 6.3.9600.17936 (winblue_ltsb.150715-0840)
  18. 2760.d4: FileDescription: NT Layer DLL
  19. 2760.d4: \SystemRoot\System32\kernel32.dll:
  20. 2760.d4: CreationTime: 2015-03-14T20:28:31.738792600Z
  21. 2760.d4: LastWriteTime: 2014-10-29T04:09:24.572407200Z
  22. 2760.d4: ChangeTime: 2015-07-18T12:25:07.449370600Z
  23. 2760.d4: FileAttributes: 0x20
  24. 2760.d4: Size: 0x13fc30
  25. 2760.d4: NT Headers: 0xf8
  26. 2760.d4: Timestamp: 0x545054ca
  27. 2760.d4: Machine: 0x8664 - amd64
  28. 2760.d4: Timestamp: 0x545054ca
  29. 2760.d4: Image Version: 6.3
  30. 2760.d4: SizeOfImage: 0x13e000 (1302528)
  31. 2760.d4: Resource Dir: 0x12e000 LB 0x518
  32. 2760.d4: ProductName: Microsoft® Windows® Operating System
  33. 2760.d4: ProductVersion: 6.3.9600.17415
  34. 2760.d4: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  35. 2760.d4: FileDescription: Windows NT BASE API Client DLL
  36. 2760.d4: \SystemRoot\System32\KernelBase.dll:
  37. 2760.d4: CreationTime: 2015-03-14T20:29:36.178416000Z
  38. 2760.d4: LastWriteTime: 2014-10-29T03:55:08.402989600Z
  39. 2760.d4: ChangeTime: 2015-07-18T12:25:08.086057700Z
  40. 2760.d4: FileAttributes: 0x20
  41. 2760.d4: Size: 0x114a90
  42. 2760.d4: NT Headers: 0xf0
  43. 2760.d4: Timestamp: 0x54505737
  44. 2760.d4: Machine: 0x8664 - amd64
  45. 2760.d4: Timestamp: 0x54505737
  46. 2760.d4: Image Version: 6.3
  47. 2760.d4: SizeOfImage: 0x115000 (1134592)
  48. 2760.d4: Resource Dir: 0x110000 LB 0x3528
  49. 2760.d4: ProductName: Microsoft® Windows® Operating System
  50. 2760.d4: ProductVersion: 6.3.9600.17415
  51. 2760.d4: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  52. 2760.d4: FileDescription: Windows NT BASE API Client DLL
  53. 2760.d4: \SystemRoot\System32\apisetschema.dll:
  54. 2760.d4: CreationTime: 2013-08-22T12:13:09.745625900Z
  55. 2760.d4: LastWriteTime: 2013-08-22T12:35:12.091034400Z
  56. 2760.d4: ChangeTime: 2013-12-18T09:31:37.632685500Z
  57. 2760.d4: FileAttributes: 0x20
  58. 2760.d4: Size: 0x11360
  59. 2760.d4: NT Headers: 0xd0
  60. 2760.d4: Timestamp: 0x52160049
  61. 2760.d4: Machine: 0x8664 - amd64
  62. 2760.d4: Timestamp: 0x52160049
  63. 2760.d4: Image Version: 6.3
  64. 2760.d4: SizeOfImage: 0x13000 (77824)
  65. 2760.d4: Resource Dir: 0x11000 LB 0x3f8
  66. 2760.d4: ProductName: Microsoft® Windows® Operating System
  67. 2760.d4: ProductVersion: 6.3.9600.16384
  68. 2760.d4: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
  69. 2760.d4: FileDescription: ApiSet Schema DLL
  70. 2760.d4: Found driver aswHwid (0x4)
  71. 2760.d4: Found driver aswVmm (0x4)
  72. 2760.d4: Found driver aswStm (0x4)
  73. 2760.d4: Found driver aswRvrt (0x4)
  74. 2760.d4: supR3HardenedWinFindAdversaries: 0x84
  75. 2760.d4: \SystemRoot\System32\drivers\aswHwid.sys:
  76. 2760.d4: CreationTime: 2014-07-29T11:41:50.215412500Z
  77. 2760.d4: LastWriteTime: 2015-08-03T21:42:30.100155000Z
  78. 2760.d4: ChangeTime: 2015-08-03T21:42:32.590529000Z
  79. 2760.d4: FileAttributes: 0x20
  80. 2760.d4: Size: 0x6ff0
  81. 2760.d4: NT Headers: 0xe8
  82. 2760.d4: Timestamp: 0x55b66532
  83. 2760.d4: Machine: 0x8664 - amd64
  84. 2760.d4: Timestamp: 0x55b66532
  85. 2760.d4: Image Version: 6.0
  86. 2760.d4: SizeOfImage: 0xa000 (40960)
  87. 2760.d4: Resource Dir: 0x8000 LB 0x398
  88. 2760.d4: ProductName: Avast Antivirus
  89. 2760.d4: ProductVersion: 10.3.2225.1172
  90. 2760.d4: FileVersion: 10.3.2225.1172
  91. 2760.d4: FileDescription: avast! HWID
  92. 2760.d4: \SystemRoot\System32\drivers\aswMonFlt.sys:
  93. 2760.d4: CreationTime: 2014-02-13T14:38:38.340070500Z
  94. 2760.d4: LastWriteTime: 2015-08-03T21:42:30.116187300Z
  95. 2760.d4: ChangeTime: 2015-08-03T21:42:32.590529000Z
  96. 2760.d4: FileAttributes: 0x20
  97. 2760.d4: Size: 0x16358
  98. 2760.d4: NT Headers: 0xe8
  99. 2760.d4: Timestamp: 0x55b66516
  100. 2760.d4: Machine: 0x8664 - amd64
  101. 2760.d4: Timestamp: 0x55b66516
  102. 2760.d4: Image Version: 6.0
  103. 2760.d4: SizeOfImage: 0x24000 (147456)
  104. 2760.d4: Resource Dir: 0x22000 LB 0x3c0
  105. 2760.d4: ProductName: Avast Antivirus
  106. 2760.d4: ProductVersion: 10.3.2225.1172
  107. 2760.d4: FileVersion: 10.3.2225.1172
  108. 2760.d4: FileDescription: avast! File System Minifilter for Windows 2003/Vista
  109. 2760.d4: \SystemRoot\System32\drivers\aswRdr2.sys:
  110. 2760.d4: CreationTime: 2014-02-13T14:38:38.339051900Z
  111. 2760.d4: LastWriteTime: 2015-08-03T21:42:29.840010600Z
  112. 2760.d4: ChangeTime: 2015-08-03T21:42:32.590529000Z
  113. 2760.d4: FileAttributes: 0x20
  114. 2760.d4: Size: 0x16d58
  115. 2760.d4: NT Headers: 0xf0
  116. 2760.d4: Timestamp: 0x55b66550
  117. 2760.d4: Machine: 0x8664 - amd64
  118. 2760.d4: Timestamp: 0x55b66550
  119. 2760.d4: Image Version: 6.1
  120. 2760.d4: SizeOfImage: 0x1a000 (106496)
  121. 2760.d4: Resource Dir: 0x18000 LB 0x3a8
  122. 2760.d4: ProductName: Avast Antivirus
  123. 2760.d4: ProductVersion: 10.3.2225.1172
  124. 2760.d4: FileVersion: 10.3.2225.1172 built by: WinDDK
  125. 2760.d4: FileDescription: avast! WFP Redirect Driver
  126. 2760.d4: \SystemRoot\System32\drivers\aswRvrt.sys:
  127. 2760.d4: CreationTime: 2014-02-13T14:38:38.345069400Z
  128. 2760.d4: LastWriteTime: 2015-08-03T21:42:30.132190100Z
  129. 2760.d4: ChangeTime: 2015-08-03T21:42:32.590529000Z
  130. 2760.d4: FileAttributes: 0x20
  131. 2760.d4: Size: 0xfec8
  132. 2760.d4: NT Headers: 0xf8
  133. 2760.d4: Timestamp: 0x55b66505
  134. 2760.d4: Machine: 0x8664 - amd64
  135. 2760.d4: Timestamp: 0x55b66505
  136. 2760.d4: Image Version: 6.0
  137. 2760.d4: SizeOfImage: 0x13000 (77824)
  138. 2760.d4: Resource Dir: 0x11000 LB 0x398
  139. 2760.d4: ProductName: Avast Antivirus
  140. 2760.d4: ProductVersion: 10.3.2225.1172
  141. 2760.d4: FileVersion: 10.3.2225.1172
  142. 2760.d4: FileDescription: avast! Revert
  143. 2760.d4: \SystemRoot\System32\drivers\aswSnx.sys:
  144. 2760.d4: CreationTime: 2014-02-13T14:38:38.344056700Z
  145. 2760.d4: LastWriteTime: 2015-08-14T21:42:44.775945300Z
  146. 2760.d4: ChangeTime: 2015-08-14T21:42:44.775945300Z
  147. 2760.d4: FileAttributes: 0x20
  148. 2760.d4: Size: 0xfff18
  149. 2760.d4: NT Headers: 0xe8
  150. 2760.d4: Timestamp: 0x55cb5be2
  151. 2760.d4: Machine: 0x8664 - amd64
  152. 2760.d4: Timestamp: 0x55cb5be2
  153. 2760.d4: Image Version: 6.0
  154. 2760.d4: SizeOfImage: 0x104000 (1064960)
  155. 2760.d4: Resource Dir: 0xfc000 LB 0x388
  156. 2760.d4: ProductName: Avast Antivirus
  157. 2760.d4: ProductVersion: 10.3.2225.1177
  158. 2760.d4: FileVersion: 10.3.2225.1177
  159. 2760.d4: FileDescription: avast! Virtualization Driver
  160. 2760.d4: \SystemRoot\System32\drivers\aswsp.sys:
  161. 2760.d4: CreationTime: 2014-02-13T14:38:38.342067200Z
  162. 2760.d4: LastWriteTime: 2015-08-03T21:42:30.178075100Z
  163. 2760.d4: ChangeTime: 2015-08-03T21:42:32.590529000Z
  164. 2760.d4: FileAttributes: 0x20
  165. 2760.d4: Size: 0x6d5c8
  166. 2760.d4: NT Headers: 0x100
  167. 2760.d4: Timestamp: 0x55b66ba3
  168. 2760.d4: Machine: 0x8664 - amd64
  169. 2760.d4: Timestamp: 0x55b66ba3
  170. 2760.d4: Image Version: 6.0
  171. 2760.d4: SizeOfImage: 0x75000 (479232)
  172. 2760.d4: Resource Dir: 0x73000 LB 0x380
  173. 2760.d4: ProductName: Avast Antivirus
  174. 2760.d4: ProductVersion: 10.3.2225.1172
  175. 2760.d4: FileVersion: 10.3.2225.1172
  176. 2760.d4: FileDescription: avast! self protection module
  177. 2760.d4: \SystemRoot\System32\drivers\aswStm.sys:
  178. 2760.d4: CreationTime: 2014-02-13T14:38:38.348077000Z
  179. 2760.d4: LastWriteTime: 2015-08-03T21:42:30.301772500Z
  180. 2760.d4: ChangeTime: 2015-08-03T21:42:32.590529000Z
  181. 2760.d4: FileAttributes: 0x20
  182. 2760.d4: Size: 0x24c90
  183. 2760.d4: NT Headers: 0x100
  184. 2760.d4: Timestamp: 0x55b66c74
  185. 2760.d4: Machine: 0x8664 - amd64
  186. 2760.d4: Timestamp: 0x55b66c74
  187. 2760.d4: Image Version: 6.2
  188. 2760.d4: SizeOfImage: 0x27000 (159744)
  189. 2760.d4: Resource Dir: 0x25000 LB 0x360
  190. 2760.d4: ProductName: Avast Antivirus
  191. 2760.d4: ProductVersion: 10.3.2225.1172
  192. 2760.d4: FileVersion: 10.3.2225.1172
  193. 2760.d4: FileDescription: Stream Filter
  194. 2760.d4: \SystemRoot\System32\drivers\aswVmm.sys:
  195. 2760.d4: CreationTime: 2014-02-13T14:38:38.347058000Z
  196. 2760.d4: LastWriteTime: 2015-08-03T21:42:30.210076800Z
  197. 2760.d4: ChangeTime: 2015-08-03T21:42:32.590529000Z
  198. 2760.d4: FileAttributes: 0x20
  199. 2760.d4: Size: 0x43178
  200. 2760.d4: NT Headers: 0xf8
  201. 2760.d4: Timestamp: 0x55b66b89
  202. 2760.d4: Machine: 0x8664 - amd64
  203. 2760.d4: Timestamp: 0x55b66b89
  204. 2760.d4: Image Version: 6.0
  205. 2760.d4: SizeOfImage: 0x45000 (282624)
  206. 2760.d4: Resource Dir: 0x42000 LB 0x3a0
  207. 2760.d4: ProductName: Avast Antivirus
  208. 2760.d4: ProductVersion: 10.3.2225.1172
  209. 2760.d4: FileVersion: 10.3.2225.1172
  210. 2760.d4: FileDescription: avast! VM Monitor
  211. 2760.d4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  212. 2760.d4: CreationTime: 2015-05-22T18:26:34.883212300Z
  213. 2760.d4: LastWriteTime: 2015-07-06T10:51:39.278596200Z
  214. 2760.d4: ChangeTime: 2015-07-06T10:51:39.278596200Z
  215. 2760.d4: FileAttributes: 0x20
  216. 2760.d4: Size: 0x214d8
  217. 2760.d4: NT Headers: 0xf0
  218. 2760.d4: Timestamp: 0x54af40d7
  219. 2760.d4: Machine: 0x8664 - amd64
  220. 2760.d4: Timestamp: 0x54af40d7
  221. 2760.d4: Image Version: 6.1
  222. 2760.d4: SizeOfImage: 0x26000 (155648)
  223. 2760.d4: Resource Dir: 0x24000 LB 0x3f0
  224. 2760.d4: ProductName: Malwarebytes Anti-Malware
  225. 2760.d4: ProductVersion: 0.2.21.0
  226. 2760.d4: FileVersion: 0.2.21.0
  227. 2760.d4: FileDescription: Malwarebytes Anti-Malware
  228. 2760.d4: \SystemRoot\System32\drivers\mwac.sys:
  229. 2760.d4: CreationTime: 2015-05-22T18:25:41.689178100Z
  230. 2760.d4: LastWriteTime: 2015-04-14T07:38:00.000000000Z
  231. 2760.d4: ChangeTime: 2015-05-22T18:25:41.706770500Z
  232. 2760.d4: FileAttributes: 0x20
  233. 2760.d4: Size: 0xfad8
  234. 2760.d4: NT Headers: 0xe0
  235. 2760.d4: Timestamp: 0x53a0f444
  236. 2760.d4: Machine: 0x8664 - amd64
  237. 2760.d4: Timestamp: 0x53a0f444
  238. 2760.d4: Image Version: 6.2
  239. 2760.d4: SizeOfImage: 0x13000 (77824)
  240. 2760.d4: Resource Dir: 0x11000 LB 0x3e0
  241. 2760.d4: ProductName: Malwarebytes Web Access Control
  242. 2760.d4: ProductVersion: 1.0.6.0
  243. 2760.d4: FileVersion: 1.0.6.0
  244. 2760.d4: FileDescription: Malwarebytes Web Access Control
  245. 2760.d4: \SystemRoot\System32\drivers\mbamchameleon.sys:
  246. 2760.d4: CreationTime: 2015-05-22T18:25:41.708726100Z
  247. 2760.d4: LastWriteTime: 2015-04-14T07:37:46.000000000Z
  248. 2760.d4: ChangeTime: 2015-05-22T18:25:41.720456600Z
  249. 2760.d4: FileAttributes: 0x20
  250. 2760.d4: Size: 0x1a4d8
  251. 2760.d4: NT Headers: 0xd8
  252. 2760.d4: Timestamp: 0x54c00c44
  253. 2760.d4: Machine: 0x8664 - amd64
  254. 2760.d4: Timestamp: 0x54c00c44
  255. 2760.d4: Image Version: 6.1
  256. 2760.d4: SizeOfImage: 0x1e000 (122880)
  257. 2760.d4: Resource Dir: 0x1c000 LB 0xbd8
  258. 2760.d4: ProductName: Malwarebytes Chameleon
  259. 2760.d4: ProductVersion: 1.1.13.0
  260. 2760.d4: FileVersion: 1.1.13.0
  261. 2760.d4: FileDescription: Malwarebytes Chameleon Protection Driver
  262. 2760.d4: \SystemRoot\System32\drivers\mbam.sys:
  263. 2760.d4: CreationTime: 2015-05-22T18:25:41.681381600Z
  264. 2760.d4: LastWriteTime: 2015-04-14T07:37:42.000000000Z
  265. 2760.d4: ChangeTime: 2015-05-22T18:25:41.687237000Z
  266. 2760.d4: FileAttributes: 0x20
  267. 2760.d4: Size: 0x64d8
  268. 2760.d4: NT Headers: 0xd8
  269. 2760.d4: Timestamp: 0x540754e1
  270. 2760.d4: Machine: 0x8664 - amd64
  271. 2760.d4: Timestamp: 0x540754e1
  272. 2760.d4: Image Version: 6.1
  273. 2760.d4: SizeOfImage: 0xa000 (40960)
  274. 2760.d4: Resource Dir: 0x8000 LB 0x3d0
  275. 2760.d4: ProductName: Malwarebytes Anti-Malware
  276. 2760.d4: ProductVersion: 0.1.15.0
  277. 2760.d4: FileVersion: 0.1.15.0
  278. 2760.d4: FileDescription: Malwarebytes Anti-Malware
  279. 2760.d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  280. 2760.d4: Calling main()
  281. 2760.d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  282. 2760.d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  283. 2760.d4: SUPR3HardenedMain: Respawn #1
  284. 2760.d4: System32: \Device\HarddiskVolume4\Windows\System32
  285. 2760.d4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  286. 2760.d4: KnownDllPath: C:\WINDOWS\system32
  287. 2760.d4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  288. 2760.d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  289. 2760.d4: supR3HardNtEnableThreadCreation:
  290. 2760.d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd58a28ec0 pvNtTerminateThread=00007ffd58aa1700
  291. 2760.d4: supR3HardenedWinDoReSpawn(1): New child bdc.668 [kernel32].
  292. 2760.d4: supR3HardNtChildGatherData: PebBaseAddress=00007ff78a2b5000 cbPeb=0x388
  293. 2760.d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd58a10000 uNtDllChildAddr=00007ffd58a10000
  294. 2760.d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd58a28ec0
  295. 2760.d4: supR3HardenedWinSetupChildInit: Start child.
  296. 2760.d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  297. 2760.d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 58 sleeps
  298. 2760.d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  299. 2760.d4: *0000000000000000-ffffffffff0dffff 0x0001/0x0000 0x0000000
  300. 2760.d4: *0000000000f20000-0000000000efffff 0x0004/0x0004 0x0020000
  301. 2760.d4: *0000000000f40000-0000000000f30fff 0x0002/0x0002 0x0040000
  302. 2760.d4: 0000000000f4f000-0000000000f4dfff 0x0001/0x0000 0x0000000
  303. 2760.d4: *0000000000f50000-0000000000e53fff 0x0000/0x0004 0x0020000
  304. 2760.d4: 000000000104c000-0000000001048fff 0x0104/0x0004 0x0020000
  305. 2760.d4: 000000000104f000-000000000104dfff 0x0004/0x0004 0x0020000
  306. 2760.d4: *0000000001050000-000000000104bfff 0x0002/0x0002 0x0040000
  307. 2760.d4: 0000000001054000-0000000001047fff 0x0001/0x0000 0x0000000
  308. 2760.d4: *0000000001060000-000000000105dfff 0x0004/0x0004 0x0020000
  309. 2760.d4: 0000000001062000-ffffffff820e3fff 0x0001/0x0000 0x0000000
  310. 2760.d4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
  311. 2760.d4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
  312. 2760.d4: 000000007fff0000-ffff800975d4ffff 0x0001/0x0000 0x0000000
  313. 2760.d4: *00007ff78a290000-00007ff78a26cfff 0x0002/0x0002 0x0040000
  314. 2760.d4: 00007ff78a2b3000-00007ff78a2b0fff 0x0001/0x0000 0x0000000
  315. 2760.d4: *00007ff78a2b5000-00007ff78a2b3fff 0x0004/0x0004 0x0020000
  316. 2760.d4: 00007ff78a2b6000-00007ff78a2adfff 0x0001/0x0000 0x0000000
  317. 2760.d4: *00007ff78a2be000-00007ff78a2bbfff 0x0004/0x0004 0x0020000
  318. 2760.d4: 00007ff78a2c0000-00007ff789c8ffff 0x0001/0x0000 0x0000000
  319. 2760.d4: *00007ff78a8f0000-00007ff78a8f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  320. 2760.d4: 00007ff78a8f1000-00007ff78a976fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  321. 2760.d4: 00007ff78a977000-00007ff78a977fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  322. 2760.d4: 00007ff78a978000-00007ff78a9c1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  323. 2760.d4: 00007ff78a9c2000-00007ff78a9c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  324. 2760.d4: 00007ff78a9c3000-00007ff78a9c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  325. 2760.d4: 00007ff78a9c4000-00007ff78a9c5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  326. 2760.d4: 00007ff78a9c6000-00007ff78a9c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  327. 2760.d4: 00007ff78a9c7000-00007ff78a9c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  328. 2760.d4: 00007ff78a9c8000-00007ff78a9cbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  329. 2760.d4: 00007ff78a9cc000-00007ff78aa15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  330. 2760.d4: 00007ff78aa16000-00007ff1bca1bfff 0x0001/0x0000 0x0000000
  331. 2760.d4: *00007ffd58a10000-00007ffd58a10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  332. 2760.d4: 00007ffd58a11000-00007ffd58b3cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  333. 2760.d4: 00007ffd58b3d000-00007ffd58b42fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  334. 2760.d4: 00007ffd58b43000-00007ffd58b4ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  335. 2760.d4: 00007ffd58b50000-00007ffd58b50fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  336. 2760.d4: 00007ffd58b51000-00007ffd58b53fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  337. 2760.d4: 00007ffd58b54000-00007ffd58b54fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  338. 2760.d4: 00007ffd58b55000-00007ffd58bbbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  339. 2760.d4: 00007ffd58bbc000-00007ffab1797fff 0x0001/0x0000 0x0000000
  340. 2760.d4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
  341. 2760.d4: VirtualBox.exe: timestamp 0x55ccc4d5 (rc=VINF_SUCCESS)
  342. 2760.d4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  343. 2760.d4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  344. 2760.d4: supR3HardNtChildPurify: Done after 543 ms and 0 fixes (loop #0).
  345. bdc.668: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
  346. bdc.668: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd58a10000
  347. 2760.d4: supR3HardNtEnableThreadCreation:
  348. bdc.668: ntdll.dll: timestamp 0x55a68e0c (rc=VINF_SUCCESS)
  349. bdc.668: New simple heap: #1 0000000001170000 LB 0x400000 (for 1753088 allocation)
  350. bdc.668: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  351. bdc.668: System32: \Device\HarddiskVolume4\Windows\System32
  352. bdc.668: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  353. bdc.668: KnownDllPath: C:\WINDOWS\system32
  354. bdc.668: supR3HardenedVmProcessInit: Opening vboxdrv stub...
  355. bdc.668: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  356. bdc.668: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  357. bdc.668: Registered Dll notification callback with NTDLL.
  358. bdc.668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
  359. bdc.668: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  360. bdc.668: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
  361. bdc.668: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  362. bdc.668: supR3HardenedDllNotificationCallback: load 00007ffd55c90000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
  363. bdc.668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
  364. bdc.668: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  365. bdc.668: supR3HardenedDllNotificationCallback: load 00007ffd580b0000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
  366. bdc.668: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  367. bdc.668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd580b0000 'C:\WINDOWS\system32\KERNEL32.DLL'
  368. bdc.668: supR3HardenedDllNotificationCallback: load 00007ff78a8f0000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  369. bdc.668: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  370. bdc.668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  371. bdc.668: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  372. bdc.668: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd58a28ec0 pvNtTerminateThread=00007ffd58aa1700
  373. 2760.d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms.
  374. bdc.668: \SystemRoot\System32\ntdll.dll:
  375. bdc.668: CreationTime: 2015-08-12T09:26:23.662729300Z
  376. bdc.668: LastWriteTime: 2015-07-16T00:29:35.716166500Z
  377. bdc.668: ChangeTime: 2015-08-13T11:12:25.917951300Z
  378. bdc.668: FileAttributes: 0x20
  379. bdc.668: Size: 0x1a7958
  380. bdc.668: NT Headers: 0xd8
  381. bdc.668: Timestamp: 0x55a68e0c
  382. bdc.668: Machine: 0x8664 - amd64
  383. bdc.668: Timestamp: 0x55a68e0c
  384. bdc.668: Image Version: 6.3
  385. bdc.668: SizeOfImage: 0x1ac000 (1753088)
  386. bdc.668: Resource Dir: 0x148000 LB 0x62450
  387. bdc.668: ProductName: Microsoft® Windows® Operating System
  388. bdc.668: ProductVersion: 6.3.9600.17936
  389. bdc.668: FileVersion: 6.3.9600.17936 (winblue_ltsb.150715-0840)
  390. bdc.668: FileDescription: NT Layer DLL
  391. bdc.668: \SystemRoot\System32\kernel32.dll:
  392. bdc.668: CreationTime: 2015-03-14T20:28:31.738792600Z
  393. bdc.668: LastWriteTime: 2014-10-29T04:09:24.572407200Z
  394. bdc.668: ChangeTime: 2015-07-18T12:25:07.449370600Z
  395. bdc.668: FileAttributes: 0x20
  396. bdc.668: Size: 0x13fc30
  397. bdc.668: NT Headers: 0xf8
  398. bdc.668: Timestamp: 0x545054ca
  399. bdc.668: Machine: 0x8664 - amd64
  400. bdc.668: Timestamp: 0x545054ca
  401. bdc.668: Image Version: 6.3
  402. bdc.668: SizeOfImage: 0x13e000 (1302528)
  403. bdc.668: Resource Dir: 0x12e000 LB 0x518
  404. bdc.668: ProductName: Microsoft® Windows® Operating System
  405. bdc.668: ProductVersion: 6.3.9600.17415
  406. bdc.668: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  407. bdc.668: FileDescription: Windows NT BASE API Client DLL
  408. bdc.668: \SystemRoot\System32\KernelBase.dll:
  409. bdc.668: CreationTime: 2015-03-14T20:29:36.178416000Z
  410. bdc.668: LastWriteTime: 2014-10-29T03:55:08.402989600Z
  411. bdc.668: ChangeTime: 2015-07-18T12:25:08.086057700Z
  412. bdc.668: FileAttributes: 0x20
  413. bdc.668: Size: 0x114a90
  414. bdc.668: NT Headers: 0xf0
  415. bdc.668: Timestamp: 0x54505737
  416. bdc.668: Machine: 0x8664 - amd64
  417. bdc.668: Timestamp: 0x54505737
  418. bdc.668: Image Version: 6.3
  419. bdc.668: SizeOfImage: 0x115000 (1134592)
  420. bdc.668: Resource Dir: 0x110000 LB 0x3528
  421. bdc.668: ProductName: Microsoft® Windows® Operating System
  422. bdc.668: ProductVersion: 6.3.9600.17415
  423. bdc.668: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  424. bdc.668: FileDescription: Windows NT BASE API Client DLL
  425. bdc.668: \SystemRoot\System32\apisetschema.dll:
  426. bdc.668: CreationTime: 2013-08-22T12:13:09.745625900Z
  427. bdc.668: LastWriteTime: 2013-08-22T12:35:12.091034400Z
  428. bdc.668: ChangeTime: 2013-12-18T09:31:37.632685500Z
  429. bdc.668: FileAttributes: 0x20
  430. bdc.668: Size: 0x11360
  431. bdc.668: NT Headers: 0xd0
  432. bdc.668: Timestamp: 0x52160049
  433. bdc.668: Machine: 0x8664 - amd64
  434. bdc.668: Timestamp: 0x52160049
  435. bdc.668: Image Version: 6.3
  436. bdc.668: SizeOfImage: 0x13000 (77824)
  437. bdc.668: Resource Dir: 0x11000 LB 0x3f8
  438. bdc.668: ProductName: Microsoft® Windows® Operating System
  439. bdc.668: ProductVersion: 6.3.9600.16384
  440. bdc.668: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
  441. bdc.668: FileDescription: ApiSet Schema DLL
  442. bdc.668: Found driver aswHwid (0x4)
  443. bdc.668: Found driver aswVmm (0x4)
  444. bdc.668: Found driver aswStm (0x4)
  445. bdc.668: Found driver aswRvrt (0x4)
  446. bdc.668: supR3HardenedWinFindAdversaries: 0x84
  447. bdc.668: \SystemRoot\System32\drivers\aswHwid.sys:
  448. bdc.668: CreationTime: 2014-07-29T11:41:50.215412500Z
  449. bdc.668: LastWriteTime: 2015-08-03T21:42:30.100155000Z
  450. bdc.668: ChangeTime: 2015-08-03T21:42:32.590529000Z
  451. bdc.668: FileAttributes: 0x20
  452. bdc.668: Size: 0x6ff0
  453. bdc.668: NT Headers: 0xe8
  454. bdc.668: Timestamp: 0x55b66532
  455. bdc.668: Machine: 0x8664 - amd64
  456. bdc.668: Timestamp: 0x55b66532
  457. bdc.668: Image Version: 6.0
  458. bdc.668: SizeOfImage: 0xa000 (40960)
  459. bdc.668: Resource Dir: 0x8000 LB 0x398
  460. bdc.668: ProductName: Avast Antivirus
  461. bdc.668: ProductVersion: 10.3.2225.1172
  462. bdc.668: FileVersion: 10.3.2225.1172
  463. bdc.668: FileDescription: avast! HWID
  464. bdc.668: \SystemRoot\System32\drivers\aswMonFlt.sys:
  465. bdc.668: CreationTime: 2014-02-13T14:38:38.340070500Z
  466. bdc.668: LastWriteTime: 2015-08-03T21:42:30.116187300Z
  467. bdc.668: ChangeTime: 2015-08-03T21:42:32.590529000Z
  468. bdc.668: FileAttributes: 0x20
  469. bdc.668: Size: 0x16358
  470. bdc.668: NT Headers: 0xe8
  471. bdc.668: Timestamp: 0x55b66516
  472. bdc.668: Machine: 0x8664 - amd64
  473. bdc.668: Timestamp: 0x55b66516
  474. bdc.668: Image Version: 6.0
  475. bdc.668: SizeOfImage: 0x24000 (147456)
  476. bdc.668: Resource Dir: 0x22000 LB 0x3c0
  477. bdc.668: ProductName: Avast Antivirus
  478. bdc.668: ProductVersion: 10.3.2225.1172
  479. bdc.668: FileVersion: 10.3.2225.1172
  480. bdc.668: FileDescription: avast! File System Minifilter for Windows 2003/Vista
  481. bdc.668: \SystemRoot\System32\drivers\aswRdr2.sys:
  482. bdc.668: CreationTime: 2014-02-13T14:38:38.339051900Z
  483. bdc.668: LastWriteTime: 2015-08-03T21:42:29.840010600Z
  484. bdc.668: ChangeTime: 2015-08-03T21:42:32.590529000Z
  485. bdc.668: FileAttributes: 0x20
  486. bdc.668: Size: 0x16d58
  487. bdc.668: NT Headers: 0xf0
  488. bdc.668: Timestamp: 0x55b66550
  489. bdc.668: Machine: 0x8664 - amd64
  490. bdc.668: Timestamp: 0x55b66550
  491. bdc.668: Image Version: 6.1
  492. bdc.668: SizeOfImage: 0x1a000 (106496)
  493. bdc.668: Resource Dir: 0x18000 LB 0x3a8
  494. bdc.668: ProductName: Avast Antivirus
  495. bdc.668: ProductVersion: 10.3.2225.1172
  496. bdc.668: FileVersion: 10.3.2225.1172 built by: WinDDK
  497. bdc.668: FileDescription: avast! WFP Redirect Driver
  498. bdc.668: \SystemRoot\System32\drivers\aswRvrt.sys:
  499. bdc.668: CreationTime: 2014-02-13T14:38:38.345069400Z
  500. bdc.668: LastWriteTime: 2015-08-03T21:42:30.132190100Z
  501. bdc.668: ChangeTime: 2015-08-03T21:42:32.590529000Z
  502. bdc.668: FileAttributes: 0x20
  503. bdc.668: Size: 0xfec8
  504. bdc.668: NT Headers: 0xf8
  505. bdc.668: Timestamp: 0x55b66505
  506. bdc.668: Machine: 0x8664 - amd64
  507. bdc.668: Timestamp: 0x55b66505
  508. bdc.668: Image Version: 6.0
  509. bdc.668: SizeOfImage: 0x13000 (77824)
  510. bdc.668: Resource Dir: 0x11000 LB 0x398
  511. bdc.668: ProductName: Avast Antivirus
  512. bdc.668: ProductVersion: 10.3.2225.1172
  513. bdc.668: FileVersion: 10.3.2225.1172
  514. bdc.668: FileDescription: avast! Revert
  515. bdc.668: \SystemRoot\System32\drivers\aswSnx.sys:
  516. bdc.668: CreationTime: 2014-02-13T14:38:38.344056700Z
  517. bdc.668: LastWriteTime: 2015-08-14T21:42:44.775945300Z
  518. bdc.668: ChangeTime: 2015-08-14T21:42:44.775945300Z
  519. bdc.668: FileAttributes: 0x20
  520. bdc.668: Size: 0xfff18
  521. bdc.668: NT Headers: 0xe8
  522. bdc.668: Timestamp: 0x55cb5be2
  523. bdc.668: Machine: 0x8664 - amd64
  524. bdc.668: Timestamp: 0x55cb5be2
  525. bdc.668: Image Version: 6.0
  526. bdc.668: SizeOfImage: 0x104000 (1064960)
  527. bdc.668: Resource Dir: 0xfc000 LB 0x388
  528. bdc.668: ProductName: Avast Antivirus
  529. bdc.668: ProductVersion: 10.3.2225.1177
  530. bdc.668: FileVersion: 10.3.2225.1177
  531. bdc.668: FileDescription: avast! Virtualization Driver
  532. bdc.668: \SystemRoot\System32\drivers\aswsp.sys:
  533. bdc.668: CreationTime: 2014-02-13T14:38:38.342067200Z
  534. bdc.668: LastWriteTime: 2015-08-03T21:42:30.178075100Z
  535. bdc.668: ChangeTime: 2015-08-03T21:42:32.590529000Z
  536. bdc.668: FileAttributes: 0x20
  537. bdc.668: Size: 0x6d5c8
  538. bdc.668: NT Headers: 0x100
  539. bdc.668: Timestamp: 0x55b66ba3
  540. bdc.668: Machine: 0x8664 - amd64
  541. bdc.668: Timestamp: 0x55b66ba3
  542. bdc.668: Image Version: 6.0
  543. bdc.668: SizeOfImage: 0x75000 (479232)
  544. bdc.668: Resource Dir: 0x73000 LB 0x380
  545. bdc.668: ProductName: Avast Antivirus
  546. bdc.668: ProductVersion: 10.3.2225.1172
  547. bdc.668: FileVersion: 10.3.2225.1172
  548. bdc.668: FileDescription: avast! self protection module
  549. bdc.668: \SystemRoot\System32\drivers\aswStm.sys:
  550. bdc.668: CreationTime: 2014-02-13T14:38:38.348077000Z
  551. bdc.668: LastWriteTime: 2015-08-03T21:42:30.301772500Z
  552. bdc.668: ChangeTime: 2015-08-03T21:42:32.590529000Z
  553. bdc.668: FileAttributes: 0x20
  554. bdc.668: Size: 0x24c90
  555. bdc.668: NT Headers: 0x100
  556. bdc.668: Timestamp: 0x55b66c74
  557. bdc.668: Machine: 0x8664 - amd64
  558. bdc.668: Timestamp: 0x55b66c74
  559. bdc.668: Image Version: 6.2
  560. bdc.668: SizeOfImage: 0x27000 (159744)
  561. bdc.668: Resource Dir: 0x25000 LB 0x360
  562. bdc.668: ProductName: Avast Antivirus
  563. bdc.668: ProductVersion: 10.3.2225.1172
  564. bdc.668: FileVersion: 10.3.2225.1172
  565. bdc.668: FileDescription: Stream Filter
  566. bdc.668: \SystemRoot\System32\drivers\aswVmm.sys:
  567. bdc.668: CreationTime: 2014-02-13T14:38:38.347058000Z
  568. bdc.668: LastWriteTime: 2015-08-03T21:42:30.210076800Z
  569. bdc.668: ChangeTime: 2015-08-03T21:42:32.590529000Z
  570. bdc.668: FileAttributes: 0x20
  571. bdc.668: Size: 0x43178
  572. bdc.668: NT Headers: 0xf8
  573. bdc.668: Timestamp: 0x55b66b89
  574. bdc.668: Machine: 0x8664 - amd64
  575. bdc.668: Timestamp: 0x55b66b89
  576. bdc.668: Image Version: 6.0
  577. bdc.668: SizeOfImage: 0x45000 (282624)
  578. bdc.668: Resource Dir: 0x42000 LB 0x3a0
  579. bdc.668: ProductName: Avast Antivirus
  580. bdc.668: ProductVersion: 10.3.2225.1172
  581. bdc.668: FileVersion: 10.3.2225.1172
  582. bdc.668: FileDescription: avast! VM Monitor
  583. bdc.668: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  584. bdc.668: CreationTime: 2015-05-22T18:26:34.883212300Z
  585. bdc.668: LastWriteTime: 2015-07-06T10:51:39.278596200Z
  586. bdc.668: ChangeTime: 2015-07-06T10:51:39.278596200Z
  587. bdc.668: FileAttributes: 0x20
  588. bdc.668: Size: 0x214d8
  589. bdc.668: NT Headers: 0xf0
  590. bdc.668: Timestamp: 0x54af40d7
  591. bdc.668: Machine: 0x8664 - amd64
  592. bdc.668: Timestamp: 0x54af40d7
  593. bdc.668: Image Version: 6.1
  594. bdc.668: SizeOfImage: 0x26000 (155648)
  595. bdc.668: Resource Dir: 0x24000 LB 0x3f0
  596. bdc.668: ProductName: Malwarebytes Anti-Malware
  597. bdc.668: ProductVersion: 0.2.21.0
  598. bdc.668: FileVersion: 0.2.21.0
  599. bdc.668: FileDescription: Malwarebytes Anti-Malware
  600. bdc.668: \SystemRoot\System32\drivers\mwac.sys:
  601. bdc.668: CreationTime: 2015-05-22T18:25:41.689178100Z
  602. bdc.668: LastWriteTime: 2015-04-14T07:38:00.000000000Z
  603. bdc.668: ChangeTime: 2015-05-22T18:25:41.706770500Z
  604. bdc.668: FileAttributes: 0x20
  605. bdc.668: Size: 0xfad8
  606. bdc.668: NT Headers: 0xe0
  607. bdc.668: Timestamp: 0x53a0f444
  608. bdc.668: Machine: 0x8664 - amd64
  609. bdc.668: Timestamp: 0x53a0f444
  610. bdc.668: Image Version: 6.2
  611. bdc.668: SizeOfImage: 0x13000 (77824)
  612. bdc.668: Resource Dir: 0x11000 LB 0x3e0
  613. bdc.668: ProductName: Malwarebytes Web Access Control
  614. bdc.668: ProductVersion: 1.0.6.0
  615. bdc.668: FileVersion: 1.0.6.0
  616. bdc.668: FileDescription: Malwarebytes Web Access Control
  617. bdc.668: \SystemRoot\System32\drivers\mbamchameleon.sys:
  618. bdc.668: CreationTime: 2015-05-22T18:25:41.708726100Z
  619. bdc.668: LastWriteTime: 2015-04-14T07:37:46.000000000Z
  620. bdc.668: ChangeTime: 2015-05-22T18:25:41.720456600Z
  621. bdc.668: FileAttributes: 0x20
  622. bdc.668: Size: 0x1a4d8
  623. bdc.668: NT Headers: 0xd8
  624. bdc.668: Timestamp: 0x54c00c44
  625. bdc.668: Machine: 0x8664 - amd64
  626. bdc.668: Timestamp: 0x54c00c44
  627. bdc.668: Image Version: 6.1
  628. bdc.668: SizeOfImage: 0x1e000 (122880)
  629. bdc.668: Resource Dir: 0x1c000 LB 0xbd8
  630. bdc.668: ProductName: Malwarebytes Chameleon
  631. bdc.668: ProductVersion: 1.1.13.0
  632. bdc.668: FileVersion: 1.1.13.0
  633. bdc.668: FileDescription: Malwarebytes Chameleon Protection Driver
  634. bdc.668: \SystemRoot\System32\drivers\mbam.sys:
  635. bdc.668: CreationTime: 2015-05-22T18:25:41.681381600Z
  636. bdc.668: LastWriteTime: 2015-04-14T07:37:42.000000000Z
  637. bdc.668: ChangeTime: 2015-05-22T18:25:41.687237000Z
  638. bdc.668: FileAttributes: 0x20
  639. bdc.668: Size: 0x64d8
  640. bdc.668: NT Headers: 0xd8
  641. bdc.668: Timestamp: 0x540754e1
  642. bdc.668: Machine: 0x8664 - amd64
  643. bdc.668: Timestamp: 0x540754e1
  644. bdc.668: Image Version: 6.1
  645. bdc.668: SizeOfImage: 0xa000 (40960)
  646. bdc.668: Resource Dir: 0x8000 LB 0x3d0
  647. bdc.668: ProductName: Malwarebytes Anti-Malware
  648. bdc.668: ProductVersion: 0.1.15.0
  649. bdc.668: FileVersion: 0.1.15.0
  650. bdc.668: FileDescription: Malwarebytes Anti-Malware
  651. bdc.668: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  652. bdc.668: Calling main()
  653. bdc.668: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  654. bdc.668: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  655. bdc.668: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  656. bdc.668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  657. bdc.668: SUPR3HardenedMain: Respawn #2
  658. bdc.668: supR3HardNtEnableThreadCreation:
  659. bdc.668: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
  660. bdc.668: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
  661. bdc.668: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
  662. bdc.668: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
  663. bdc.668: supR3HardenedDllNotificationCallback: load 00007ffd54640000 LB 0x0008e000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
  664. bdc.668: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
  665. bdc.668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54640000 'C:\WINDOWS\system32\apphelp.dll'
  666. bdc.668: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd58a28ec0 pvNtTerminateThread=00007ffd58aa1700
  667. bdc.668: supR3HardenedWinDoReSpawn(2): New child 1eb8.1e40 [kernel32].
  668. bdc.668: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  669. bdc.668: supR3HardNtChildGatherData: PebBaseAddress=00007ff789ef5000 cbPeb=0x388
  670. bdc.668: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd58a10000 uNtDllChildAddr=00007ffd58a10000
  671. bdc.668: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd58a28ec0
  672. bdc.668: supR3HardenedWinSetupChildInit: Start child.
  673. bdc.668: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  674. bdc.668: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 59 sleeps
  675. bdc.668: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  676. bdc.668: *0000000000000000-ffffffffff99ffff 0x0001/0x0000 0x0000000
  677. bdc.668: *0000000000660000-000000000063ffff 0x0004/0x0004 0x0020000
  678. bdc.668: *0000000000680000-0000000000670fff 0x0002/0x0002 0x0040000
  679. bdc.668: 000000000068f000-000000000068dfff 0x0001/0x0000 0x0000000
  680. bdc.668: *0000000000690000-0000000000593fff 0x0000/0x0004 0x0020000
  681. bdc.668: 000000000078c000-0000000000788fff 0x0104/0x0004 0x0020000
  682. bdc.668: 000000000078f000-000000000078dfff 0x0004/0x0004 0x0020000
  683. bdc.668: *0000000000790000-000000000078bfff 0x0002/0x0002 0x0040000
  684. bdc.668: 0000000000794000-0000000000787fff 0x0001/0x0000 0x0000000
  685. bdc.668: *00000000007a0000-000000000079dfff 0x0004/0x0004 0x0020000
  686. bdc.668: 00000000007a2000-ffffffff80f63fff 0x0001/0x0000 0x0000000
  687. bdc.668: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
  688. bdc.668: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
  689. bdc.668: 000000007fff0000-ffff80097610ffff 0x0001/0x0000 0x0000000
  690. bdc.668: *00007ff789ed0000-00007ff789eacfff 0x0002/0x0002 0x0040000
  691. bdc.668: 00007ff789ef3000-00007ff789ef0fff 0x0001/0x0000 0x0000000
  692. bdc.668: *00007ff789ef5000-00007ff789ef3fff 0x0004/0x0004 0x0020000
  693. bdc.668: 00007ff789ef6000-00007ff789eedfff 0x0001/0x0000 0x0000000
  694. bdc.668: *00007ff789efe000-00007ff789efbfff 0x0004/0x0004 0x0020000
  695. bdc.668: 00007ff789f00000-00007ff78950ffff 0x0001/0x0000 0x0000000
  696. bdc.668: *00007ff78a8f0000-00007ff78a8f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  697. bdc.668: 00007ff78a8f1000-00007ff78a976fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  698. bdc.668: 00007ff78a977000-00007ff78a977fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  699. bdc.668: 00007ff78a978000-00007ff78a9c1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  700. bdc.668: 00007ff78a9c2000-00007ff78a9c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  701. bdc.668: 00007ff78a9c3000-00007ff78a9c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  702. bdc.668: 00007ff78a9c4000-00007ff78a9c5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  703. bdc.668: 00007ff78a9c6000-00007ff78a9c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  704. bdc.668: 00007ff78a9c7000-00007ff78a9c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  705. bdc.668: 00007ff78a9c8000-00007ff78a9cbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  706. bdc.668: 00007ff78a9cc000-00007ff78aa15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  707. bdc.668: 00007ff78aa16000-00007ff1bca1bfff 0x0001/0x0000 0x0000000
  708. bdc.668: *00007ffd58a10000-00007ffd58a10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  709. bdc.668: 00007ffd58a11000-00007ffd58b3cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  710. bdc.668: 00007ffd58b3d000-00007ffd58b42fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  711. bdc.668: 00007ffd58b43000-00007ffd58b4ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  712. bdc.668: 00007ffd58b50000-00007ffd58b50fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  713. bdc.668: 00007ffd58b51000-00007ffd58b53fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  714. bdc.668: 00007ffd58b54000-00007ffd58b54fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  715. bdc.668: 00007ffd58b55000-00007ffd58bbbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  716. bdc.668: 00007ffd58bbc000-00007ffab1797fff 0x0001/0x0000 0x0000000
  717. bdc.668: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
  718. bdc.668: VirtualBox.exe: timestamp 0x55ccc4d5 (rc=VINF_SUCCESS)
  719. bdc.668: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  720. bdc.668: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  721. bdc.668: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
  722. 1eb8.1e40: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
  723. 1eb8.1e40: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd58a10000
  724. 1eb8.1e40: ntdll.dll: timestamp 0x55a68e0c (rc=VINF_SUCCESS)
  725. 1eb8.1e40: New simple heap: #1 00000000008b0000 LB 0x400000 (for 1753088 allocation)
  726. bdc.668: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001170000 LB 0x400000)
  727. bdc.668: supR3HardNtEnableThreadCreation:
  728. 1eb8.1e40: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  729. 1eb8.1e40: System32: \Device\HarddiskVolume4\Windows\System32
  730. 1eb8.1e40: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  731. 1eb8.1e40: KnownDllPath: C:\WINDOWS\system32
  732. 1eb8.1e40: supR3HardenedVmProcessInit: Opening vboxdrv...
  733. 1eb8.1e40: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  734. 1eb8.1e40: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  735. 1eb8.1e40: Registered Dll notification callback with NTDLL.
  736. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
  737. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  738. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
  739. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  740. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55c90000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
  741. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
  742. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  743. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd580b0000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
  744. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  745. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd580b0000 'C:\WINDOWS\system32\KERNEL32.DLL'
  746. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ff78a8f0000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  747. 1eb8.1e40: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  748. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  749. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  750. 1eb8.1e40: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd58a28ec0 pvNtTerminateThread=00007ffd58aa1700
  751. bdc.668: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 73 ms.
  752. 1eb8.1e40: \SystemRoot\System32\ntdll.dll:
  753. 1eb8.1e40: CreationTime: 2015-08-12T09:26:23.662729300Z
  754. 1eb8.1e40: LastWriteTime: 2015-07-16T00:29:35.716166500Z
  755. 1eb8.1e40: ChangeTime: 2015-08-13T11:12:25.917951300Z
  756. 1eb8.1e40: FileAttributes: 0x20
  757. 1eb8.1e40: Size: 0x1a7958
  758. 1eb8.1e40: NT Headers: 0xd8
  759. 1eb8.1e40: Timestamp: 0x55a68e0c
  760. 1eb8.1e40: Machine: 0x8664 - amd64
  761. 1eb8.1e40: Timestamp: 0x55a68e0c
  762. 1eb8.1e40: Image Version: 6.3
  763. 1eb8.1e40: SizeOfImage: 0x1ac000 (1753088)
  764. 1eb8.1e40: Resource Dir: 0x148000 LB 0x62450
  765. 1eb8.1e40: ProductName: Microsoft® Windows® Operating System
  766. 1eb8.1e40: ProductVersion: 6.3.9600.17936
  767. 1eb8.1e40: FileVersion: 6.3.9600.17936 (winblue_ltsb.150715-0840)
  768. 1eb8.1e40: FileDescription: NT Layer DLL
  769. 1eb8.1e40: \SystemRoot\System32\kernel32.dll:
  770. 1eb8.1e40: CreationTime: 2015-03-14T20:28:31.738792600Z
  771. 1eb8.1e40: LastWriteTime: 2014-10-29T04:09:24.572407200Z
  772. 1eb8.1e40: ChangeTime: 2015-07-18T12:25:07.449370600Z
  773. 1eb8.1e40: FileAttributes: 0x20
  774. 1eb8.1e40: Size: 0x13fc30
  775. 1eb8.1e40: NT Headers: 0xf8
  776. 1eb8.1e40: Timestamp: 0x545054ca
  777. 1eb8.1e40: Machine: 0x8664 - amd64
  778. 1eb8.1e40: Timestamp: 0x545054ca
  779. 1eb8.1e40: Image Version: 6.3
  780. 1eb8.1e40: SizeOfImage: 0x13e000 (1302528)
  781. 1eb8.1e40: Resource Dir: 0x12e000 LB 0x518
  782. 1eb8.1e40: ProductName: Microsoft® Windows® Operating System
  783. 1eb8.1e40: ProductVersion: 6.3.9600.17415
  784. 1eb8.1e40: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  785. 1eb8.1e40: FileDescription: Windows NT BASE API Client DLL
  786. 1eb8.1e40: \SystemRoot\System32\KernelBase.dll:
  787. 1eb8.1e40: CreationTime: 2015-03-14T20:29:36.178416000Z
  788. 1eb8.1e40: LastWriteTime: 2014-10-29T03:55:08.402989600Z
  789. 1eb8.1e40: ChangeTime: 2015-07-18T12:25:08.086057700Z
  790. 1eb8.1e40: FileAttributes: 0x20
  791. 1eb8.1e40: Size: 0x114a90
  792. 1eb8.1e40: NT Headers: 0xf0
  793. 1eb8.1e40: Timestamp: 0x54505737
  794. 1eb8.1e40: Machine: 0x8664 - amd64
  795. 1eb8.1e40: Timestamp: 0x54505737
  796. 1eb8.1e40: Image Version: 6.3
  797. 1eb8.1e40: SizeOfImage: 0x115000 (1134592)
  798. 1eb8.1e40: Resource Dir: 0x110000 LB 0x3528
  799. 1eb8.1e40: ProductName: Microsoft® Windows® Operating System
  800. 1eb8.1e40: ProductVersion: 6.3.9600.17415
  801. 1eb8.1e40: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  802. 1eb8.1e40: FileDescription: Windows NT BASE API Client DLL
  803. 1eb8.1e40: \SystemRoot\System32\apisetschema.dll:
  804. 1eb8.1e40: CreationTime: 2013-08-22T12:13:09.745625900Z
  805. 1eb8.1e40: LastWriteTime: 2013-08-22T12:35:12.091034400Z
  806. 1eb8.1e40: ChangeTime: 2013-12-18T09:31:37.632685500Z
  807. 1eb8.1e40: FileAttributes: 0x20
  808. 1eb8.1e40: Size: 0x11360
  809. 1eb8.1e40: NT Headers: 0xd0
  810. 1eb8.1e40: Timestamp: 0x52160049
  811. 1eb8.1e40: Machine: 0x8664 - amd64
  812. 1eb8.1e40: Timestamp: 0x52160049
  813. 1eb8.1e40: Image Version: 6.3
  814. 1eb8.1e40: SizeOfImage: 0x13000 (77824)
  815. 1eb8.1e40: Resource Dir: 0x11000 LB 0x3f8
  816. 1eb8.1e40: ProductName: Microsoft® Windows® Operating System
  817. 1eb8.1e40: ProductVersion: 6.3.9600.16384
  818. 1eb8.1e40: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
  819. 1eb8.1e40: FileDescription: ApiSet Schema DLL
  820. 1eb8.1e40: Found driver aswHwid (0x4)
  821. 1eb8.1e40: Found driver aswVmm (0x4)
  822. 1eb8.1e40: Found driver aswStm (0x4)
  823. 1eb8.1e40: Found driver aswRvrt (0x4)
  824. 1eb8.1e40: supR3HardenedWinFindAdversaries: 0x84
  825. 1eb8.1e40: \SystemRoot\System32\drivers\aswHwid.sys:
  826. 1eb8.1e40: CreationTime: 2014-07-29T11:41:50.215412500Z
  827. 1eb8.1e40: LastWriteTime: 2015-08-03T21:42:30.100155000Z
  828. 1eb8.1e40: ChangeTime: 2015-08-03T21:42:32.590529000Z
  829. 1eb8.1e40: FileAttributes: 0x20
  830. 1eb8.1e40: Size: 0x6ff0
  831. 1eb8.1e40: NT Headers: 0xe8
  832. 1eb8.1e40: Timestamp: 0x55b66532
  833. 1eb8.1e40: Machine: 0x8664 - amd64
  834. 1eb8.1e40: Timestamp: 0x55b66532
  835. 1eb8.1e40: Image Version: 6.0
  836. 1eb8.1e40: SizeOfImage: 0xa000 (40960)
  837. 1eb8.1e40: Resource Dir: 0x8000 LB 0x398
  838. 1eb8.1e40: ProductName: Avast Antivirus
  839. 1eb8.1e40: ProductVersion: 10.3.2225.1172
  840. 1eb8.1e40: FileVersion: 10.3.2225.1172
  841. 1eb8.1e40: FileDescription: avast! HWID
  842. 1eb8.1e40: \SystemRoot\System32\drivers\aswMonFlt.sys:
  843. 1eb8.1e40: CreationTime: 2014-02-13T14:38:38.340070500Z
  844. 1eb8.1e40: LastWriteTime: 2015-08-03T21:42:30.116187300Z
  845. 1eb8.1e40: ChangeTime: 2015-08-03T21:42:32.590529000Z
  846. 1eb8.1e40: FileAttributes: 0x20
  847. 1eb8.1e40: Size: 0x16358
  848. 1eb8.1e40: NT Headers: 0xe8
  849. 1eb8.1e40: Timestamp: 0x55b66516
  850. 1eb8.1e40: Machine: 0x8664 - amd64
  851. 1eb8.1e40: Timestamp: 0x55b66516
  852. 1eb8.1e40: Image Version: 6.0
  853. 1eb8.1e40: SizeOfImage: 0x24000 (147456)
  854. 1eb8.1e40: Resource Dir: 0x22000 LB 0x3c0
  855. 1eb8.1e40: ProductName: Avast Antivirus
  856. 1eb8.1e40: ProductVersion: 10.3.2225.1172
  857. 1eb8.1e40: FileVersion: 10.3.2225.1172
  858. 1eb8.1e40: FileDescription: avast! File System Minifilter for Windows 2003/Vista
  859. 1eb8.1e40: \SystemRoot\System32\drivers\aswRdr2.sys:
  860. 1eb8.1e40: CreationTime: 2014-02-13T14:38:38.339051900Z
  861. 1eb8.1e40: LastWriteTime: 2015-08-03T21:42:29.840010600Z
  862. 1eb8.1e40: ChangeTime: 2015-08-03T21:42:32.590529000Z
  863. 1eb8.1e40: FileAttributes: 0x20
  864. 1eb8.1e40: Size: 0x16d58
  865. 1eb8.1e40: NT Headers: 0xf0
  866. 1eb8.1e40: Timestamp: 0x55b66550
  867. 1eb8.1e40: Machine: 0x8664 - amd64
  868. 1eb8.1e40: Timestamp: 0x55b66550
  869. 1eb8.1e40: Image Version: 6.1
  870. 1eb8.1e40: SizeOfImage: 0x1a000 (106496)
  871. 1eb8.1e40: Resource Dir: 0x18000 LB 0x3a8
  872. 1eb8.1e40: ProductName: Avast Antivirus
  873. 1eb8.1e40: ProductVersion: 10.3.2225.1172
  874. 1eb8.1e40: FileVersion: 10.3.2225.1172 built by: WinDDK
  875. 1eb8.1e40: FileDescription: avast! WFP Redirect Driver
  876. 1eb8.1e40: \SystemRoot\System32\drivers\aswRvrt.sys:
  877. 1eb8.1e40: CreationTime: 2014-02-13T14:38:38.345069400Z
  878. 1eb8.1e40: LastWriteTime: 2015-08-03T21:42:30.132190100Z
  879. 1eb8.1e40: ChangeTime: 2015-08-03T21:42:32.590529000Z
  880. 1eb8.1e40: FileAttributes: 0x20
  881. 1eb8.1e40: Size: 0xfec8
  882. 1eb8.1e40: NT Headers: 0xf8
  883. 1eb8.1e40: Timestamp: 0x55b66505
  884. 1eb8.1e40: Machine: 0x8664 - amd64
  885. 1eb8.1e40: Timestamp: 0x55b66505
  886. 1eb8.1e40: Image Version: 6.0
  887. 1eb8.1e40: SizeOfImage: 0x13000 (77824)
  888. 1eb8.1e40: Resource Dir: 0x11000 LB 0x398
  889. 1eb8.1e40: ProductName: Avast Antivirus
  890. 1eb8.1e40: ProductVersion: 10.3.2225.1172
  891. 1eb8.1e40: FileVersion: 10.3.2225.1172
  892. 1eb8.1e40: FileDescription: avast! Revert
  893. 1eb8.1e40: \SystemRoot\System32\drivers\aswSnx.sys:
  894. 1eb8.1e40: CreationTime: 2014-02-13T14:38:38.344056700Z
  895. 1eb8.1e40: LastWriteTime: 2015-08-14T21:42:44.775945300Z
  896. 1eb8.1e40: ChangeTime: 2015-08-14T21:42:44.775945300Z
  897. 1eb8.1e40: FileAttributes: 0x20
  898. 1eb8.1e40: Size: 0xfff18
  899. 1eb8.1e40: NT Headers: 0xe8
  900. 1eb8.1e40: Timestamp: 0x55cb5be2
  901. 1eb8.1e40: Machine: 0x8664 - amd64
  902. 1eb8.1e40: Timestamp: 0x55cb5be2
  903. 1eb8.1e40: Image Version: 6.0
  904. 1eb8.1e40: SizeOfImage: 0x104000 (1064960)
  905. 1eb8.1e40: Resource Dir: 0xfc000 LB 0x388
  906. 1eb8.1e40: ProductName: Avast Antivirus
  907. 1eb8.1e40: ProductVersion: 10.3.2225.1177
  908. 1eb8.1e40: FileVersion: 10.3.2225.1177
  909. 1eb8.1e40: FileDescription: avast! Virtualization Driver
  910. 1eb8.1e40: \SystemRoot\System32\drivers\aswsp.sys:
  911. 1eb8.1e40: CreationTime: 2014-02-13T14:38:38.342067200Z
  912. 1eb8.1e40: LastWriteTime: 2015-08-03T21:42:30.178075100Z
  913. 1eb8.1e40: ChangeTime: 2015-08-03T21:42:32.590529000Z
  914. 1eb8.1e40: FileAttributes: 0x20
  915. 1eb8.1e40: Size: 0x6d5c8
  916. 1eb8.1e40: NT Headers: 0x100
  917. 1eb8.1e40: Timestamp: 0x55b66ba3
  918. 1eb8.1e40: Machine: 0x8664 - amd64
  919. 1eb8.1e40: Timestamp: 0x55b66ba3
  920. 1eb8.1e40: Image Version: 6.0
  921. 1eb8.1e40: SizeOfImage: 0x75000 (479232)
  922. 1eb8.1e40: Resource Dir: 0x73000 LB 0x380
  923. 1eb8.1e40: ProductName: Avast Antivirus
  924. 1eb8.1e40: ProductVersion: 10.3.2225.1172
  925. 1eb8.1e40: FileVersion: 10.3.2225.1172
  926. 1eb8.1e40: FileDescription: avast! self protection module
  927. 1eb8.1e40: \SystemRoot\System32\drivers\aswStm.sys:
  928. 1eb8.1e40: CreationTime: 2014-02-13T14:38:38.348077000Z
  929. 1eb8.1e40: LastWriteTime: 2015-08-03T21:42:30.301772500Z
  930. 1eb8.1e40: ChangeTime: 2015-08-03T21:42:32.590529000Z
  931. 1eb8.1e40: FileAttributes: 0x20
  932. 1eb8.1e40: Size: 0x24c90
  933. 1eb8.1e40: NT Headers: 0x100
  934. 1eb8.1e40: Timestamp: 0x55b66c74
  935. 1eb8.1e40: Machine: 0x8664 - amd64
  936. 1eb8.1e40: Timestamp: 0x55b66c74
  937. 1eb8.1e40: Image Version: 6.2
  938. 1eb8.1e40: SizeOfImage: 0x27000 (159744)
  939. 1eb8.1e40: Resource Dir: 0x25000 LB 0x360
  940. 1eb8.1e40: ProductName: Avast Antivirus
  941. 1eb8.1e40: ProductVersion: 10.3.2225.1172
  942. 1eb8.1e40: FileVersion: 10.3.2225.1172
  943. 1eb8.1e40: FileDescription: Stream Filter
  944. 1eb8.1e40: \SystemRoot\System32\drivers\aswVmm.sys:
  945. 1eb8.1e40: CreationTime: 2014-02-13T14:38:38.347058000Z
  946. 1eb8.1e40: LastWriteTime: 2015-08-03T21:42:30.210076800Z
  947. 1eb8.1e40: ChangeTime: 2015-08-03T21:42:32.590529000Z
  948. 1eb8.1e40: FileAttributes: 0x20
  949. 1eb8.1e40: Size: 0x43178
  950. 1eb8.1e40: NT Headers: 0xf8
  951. 1eb8.1e40: Timestamp: 0x55b66b89
  952. 1eb8.1e40: Machine: 0x8664 - amd64
  953. 1eb8.1e40: Timestamp: 0x55b66b89
  954. 1eb8.1e40: Image Version: 6.0
  955. 1eb8.1e40: SizeOfImage: 0x45000 (282624)
  956. 1eb8.1e40: Resource Dir: 0x42000 LB 0x3a0
  957. 1eb8.1e40: ProductName: Avast Antivirus
  958. 1eb8.1e40: ProductVersion: 10.3.2225.1172
  959. 1eb8.1e40: FileVersion: 10.3.2225.1172
  960. 1eb8.1e40: FileDescription: avast! VM Monitor
  961. 1eb8.1e40: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  962. 1eb8.1e40: CreationTime: 2015-05-22T18:26:34.883212300Z
  963. 1eb8.1e40: LastWriteTime: 2015-07-06T10:51:39.278596200Z
  964. 1eb8.1e40: ChangeTime: 2015-07-06T10:51:39.278596200Z
  965. 1eb8.1e40: FileAttributes: 0x20
  966. 1eb8.1e40: Size: 0x214d8
  967. 1eb8.1e40: NT Headers: 0xf0
  968. 1eb8.1e40: Timestamp: 0x54af40d7
  969. 1eb8.1e40: Machine: 0x8664 - amd64
  970. 1eb8.1e40: Timestamp: 0x54af40d7
  971. 1eb8.1e40: Image Version: 6.1
  972. 1eb8.1e40: SizeOfImage: 0x26000 (155648)
  973. 1eb8.1e40: Resource Dir: 0x24000 LB 0x3f0
  974. 1eb8.1e40: ProductName: Malwarebytes Anti-Malware
  975. 1eb8.1e40: ProductVersion: 0.2.21.0
  976. 1eb8.1e40: FileVersion: 0.2.21.0
  977. 1eb8.1e40: FileDescription: Malwarebytes Anti-Malware
  978. 1eb8.1e40: \SystemRoot\System32\drivers\mwac.sys:
  979. 1eb8.1e40: CreationTime: 2015-05-22T18:25:41.689178100Z
  980. 1eb8.1e40: LastWriteTime: 2015-04-14T07:38:00.000000000Z
  981. 1eb8.1e40: ChangeTime: 2015-05-22T18:25:41.706770500Z
  982. 1eb8.1e40: FileAttributes: 0x20
  983. 1eb8.1e40: Size: 0xfad8
  984. 1eb8.1e40: NT Headers: 0xe0
  985. 1eb8.1e40: Timestamp: 0x53a0f444
  986. 1eb8.1e40: Machine: 0x8664 - amd64
  987. 1eb8.1e40: Timestamp: 0x53a0f444
  988. 1eb8.1e40: Image Version: 6.2
  989. 1eb8.1e40: SizeOfImage: 0x13000 (77824)
  990. 1eb8.1e40: Resource Dir: 0x11000 LB 0x3e0
  991. 1eb8.1e40: ProductName: Malwarebytes Web Access Control
  992. 1eb8.1e40: ProductVersion: 1.0.6.0
  993. 1eb8.1e40: FileVersion: 1.0.6.0
  994. 1eb8.1e40: FileDescription: Malwarebytes Web Access Control
  995. 1eb8.1e40: \SystemRoot\System32\drivers\mbamchameleon.sys:
  996. 1eb8.1e40: CreationTime: 2015-05-22T18:25:41.708726100Z
  997. 1eb8.1e40: LastWriteTime: 2015-04-14T07:37:46.000000000Z
  998. 1eb8.1e40: ChangeTime: 2015-05-22T18:25:41.720456600Z
  999. 1eb8.1e40: FileAttributes: 0x20
  1000. 1eb8.1e40: Size: 0x1a4d8
  1001. 1eb8.1e40: NT Headers: 0xd8
  1002. 1eb8.1e40: Timestamp: 0x54c00c44
  1003. 1eb8.1e40: Machine: 0x8664 - amd64
  1004. 1eb8.1e40: Timestamp: 0x54c00c44
  1005. 1eb8.1e40: Image Version: 6.1
  1006. 1eb8.1e40: SizeOfImage: 0x1e000 (122880)
  1007. 1eb8.1e40: Resource Dir: 0x1c000 LB 0xbd8
  1008. 1eb8.1e40: ProductName: Malwarebytes Chameleon
  1009. 1eb8.1e40: ProductVersion: 1.1.13.0
  1010. 1eb8.1e40: FileVersion: 1.1.13.0
  1011. 1eb8.1e40: FileDescription: Malwarebytes Chameleon Protection Driver
  1012. 1eb8.1e40: \SystemRoot\System32\drivers\mbam.sys:
  1013. 1eb8.1e40: CreationTime: 2015-05-22T18:25:41.681381600Z
  1014. 1eb8.1e40: LastWriteTime: 2015-04-14T07:37:42.000000000Z
  1015. 1eb8.1e40: ChangeTime: 2015-05-22T18:25:41.687237000Z
  1016. 1eb8.1e40: FileAttributes: 0x20
  1017. 1eb8.1e40: Size: 0x64d8
  1018. 1eb8.1e40: NT Headers: 0xd8
  1019. 1eb8.1e40: Timestamp: 0x540754e1
  1020. 1eb8.1e40: Machine: 0x8664 - amd64
  1021. 1eb8.1e40: Timestamp: 0x540754e1
  1022. 1eb8.1e40: Image Version: 6.1
  1023. 1eb8.1e40: SizeOfImage: 0xa000 (40960)
  1024. 1eb8.1e40: Resource Dir: 0x8000 LB 0x3d0
  1025. 1eb8.1e40: ProductName: Malwarebytes Anti-Malware
  1026. 1eb8.1e40: ProductVersion: 0.1.15.0
  1027. 1eb8.1e40: FileVersion: 0.1.15.0
  1028. 1eb8.1e40: FileDescription: Malwarebytes Anti-Malware
  1029. 1eb8.1e40: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  1030. 1eb8.1e40: Calling main()
  1031. 1eb8.1e40: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  1032. 1eb8.1e40: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  1033. 1eb8.1e40: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  1034. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  1035. 1eb8.1e40: SUPR3HardenedMain: Final process, opening VBoxDrv...
  1036. 1eb8.1e40: supR3HardenedEarlyCompact: Removed heap 1 (0x000000008b0000 LB 0x400000)
  1037. 1eb8.1e40: supR3HardNtEnableThreadCreation:
  1038. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  1039. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  1040. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1041. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1042. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd534c0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  1043. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1044. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1045. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1046. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd534c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1047. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1048. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1049. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd534c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1050. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd534c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1051. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1052. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
  1053. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
  1054. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
  1055. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
  1056. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
  1057. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1058. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1059. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
  1060. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  1061. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  1062. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  1063. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
  1064. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
  1065. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  1066. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  1067. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1068. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
  1069. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
  1070. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  1071. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1072. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1073. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
  1074. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  1075. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  1076. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  1077. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  1078. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1079. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1080. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1081. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1082. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1083. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd58960000 LB 0x000aa000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
  1084. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1085. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55c20000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
  1086. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  1087. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55ec0000 LB 0x001df000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
  1088. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1089. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd57ac0000 LB 0x00141000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
  1090. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1091. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55e60000 LB 0x00051000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
  1092. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1093. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\WINDOWS\system32\Wintrust.dll'
  1094. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
  1095. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
  1096. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1097. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1098. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd556b0000 LB 0x00026000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
  1099. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1100. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd556b0000 'C:\WINDOWS\system32\bcrypt.dll'
  1101. 1eb8.1e40: bcrypt.dll loaded at 00007ffd556b0000, BCryptOpenAlgorithmProvider at 00007ffd556b34a0, preloading providers:
  1102. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
  1103. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
  1104. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1105. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  1106. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd559f0000 LB 0x00063000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
  1107. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  1108. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd559f0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
  1109. 1eb8.1e40: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000cc8a10)
  1110. 1eb8.1e40: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000cc8e00)
  1111. 1eb8.1e40: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000cc8f20)
  1112. 1eb8.1e40: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000cc9170)
  1113. 1eb8.1e40: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000cc9290)
  1114. 1eb8.1e40: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000cc9880)
  1115. 1eb8.1e40: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000cc9be0)
  1116. 1eb8.1e40: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000cc9d00)
  1117. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1118. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1119. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1120. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1121. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1122. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1123. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1124. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1125. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1126. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1127. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1128. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1129. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1130. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1131. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1132. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1133. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1134. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1135. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1136. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1137. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
  1138. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
  1139. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55390000 LB 0x00020000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
  1140. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  1141. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
  1142. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
  1143. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  1144. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  1145. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  1146. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1147. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1148. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1149. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd54fb0000 LB 0x00036000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
  1150. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1151. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1152. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
  1153. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
  1154. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
  1155. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55a60000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
  1156. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  1157. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  1158. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  1159. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  1160. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  1161. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1162. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd580b0000 'C:\WINDOWS\system32\kernel32.dll'
  1163. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1164. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1165. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1166. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1167. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\CRYPT32.dll'
  1168. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd56250000 LB 0x00016000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
  1169. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1170. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
  1171. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
  1172. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1173. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1174. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1175. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1176. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1177. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1178. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
  1179. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
  1180. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
  1181. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
  1182. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
  1183. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
  1184. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55640000 LB 0x00037000 C:\WINDOWS\SYSTEM32\NTASN1.dll [fFlags=0x0]
  1185. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
  1186. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55680000 LB 0x00025000 C:\WINDOWS\SYSTEM32\ncrypt.dll [fFlags=0x0]
  1187. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
  1188. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  1189. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
  1190. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
  1191. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd57eb0000 LB 0x00059000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
  1192. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  1193. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1194. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
  1195. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
  1196. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
  1197. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd54cb0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
  1198. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  1199. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
  1200. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
  1201. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55b70000 LB 0x00015000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
  1202. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
  1203. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1204. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
  1205. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
  1206. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
  1207. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
  1208. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
  1209. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
  1210. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1211. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
  1212. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
  1213. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  1214. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  1215. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1216. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1217. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1218. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1219. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1220. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1221. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1222. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1223. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1224. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1225. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1226. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1227. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1228. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
  1229. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
  1230. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
  1231. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  1232. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  1233. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1234. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1235. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1236. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1237. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1238. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1239. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd57da0000 LB 0x0005c000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
  1240. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
  1241. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd47aa0000 LB 0x00039000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
  1242. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1243. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1244. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1245. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1246. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1247. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1248. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1249. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1250. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1251. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1252. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1253. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1254. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1255. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1256. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1257. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1258. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1259. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1260. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1261. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1262. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1263. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1264. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1265. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1266. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1267. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1268. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1269. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1270. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1271. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\WINDOWS\system32\cryptnet.dll'
  1272. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1273. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47aa0000 'C:\Windows\System32\cryptnet.dll'
  1274. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1275. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
  1276. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
  1277. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
  1278. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  1279. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd57e00000 LB 0x000aa000 C:\WINDOWS\SYSTEM32\advapi32.dll [fFlags=0x0]
  1280. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
  1281. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1282. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1283. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1284. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1285. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
  1286. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
  1287. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  1288. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1289. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1290. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1291. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1292. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1293. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1294. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1295. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1296. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
  1297. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000d41580
  1298. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  1299. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1D21B204783C581830BF39EFD25EDC86A66A5219
  1300. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1301. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1302. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57ac0000 'C:\WINDOWS\system32\rpcrt4.dll'
  1303. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1304. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1305. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1306. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1307. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1308. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1309. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1310. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1311. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1312. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1313. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1314. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1315. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1316. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1317. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  1318. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1319. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1320. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1321. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1322. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1323. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1324. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_65_for_KB3071756~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
  1325. 1eb8.1e40: g_pfnWinVerifyTrust=00007ffd55e61050
  1326. 1eb8.1e40: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
  1327. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1328. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1329. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1330. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1331. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1332. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1333. 1eb8.1e40: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
  1334. 1eb8.1e40: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
  1335. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1336. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1337. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1338. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  1339. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1340. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1341. 1eb8.1e40: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
  1342. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1343. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1344. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1345. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1346. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
  1347. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
  1348. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  1349. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  1350. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC3979054487C3D01C936AC44608445F3BDB24A
  1351. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1352. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1353. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1354. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
  1355. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1356. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
  1357. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
  1358. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  1359. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  1360. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFA081F787F20E906CEFF5631F4EC1F5B874BBA5
  1361. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1362. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1363. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1364. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
  1365. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1366. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
  1367. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1368. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1369. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1370. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
  1371. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1372. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1373. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1374. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
  1375. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1376. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1377. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1378. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
  1379. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1380. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1381. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1382. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
  1383. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1384. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1385. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  1386. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1387. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1388. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
  1389. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1390. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1391. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1392. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1393. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
  1394. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1395. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1396. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1397. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
  1398. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1399. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1400. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1401. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
  1402. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1403. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1404. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
  1405. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1406. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1407. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
  1408. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1409. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1410. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
  1411. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1412. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1413. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
  1414. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1415. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1416. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
  1417. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1418. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1419. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
  1420. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1421. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  1422. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1423. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
  1424. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1425. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1426. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
  1427. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1428. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1429. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
  1430. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1431. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
  1432. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xad30da2a7746b400 OU=generated by avast! antivirus for SSL/TLS scanning, O=avast! Web/Mail Shield, CN=avast! Web/Mail Shield Root
  1433. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
  1434. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
  1435. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
  1436. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
  1437. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
  1438. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xac8302424e4ea100 OU=generated by avast! antivirus for SSL scanning, O=avast! Mail Scanner, CN=avast! Mail Scanner Root
  1439. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BZ, ST=Belize, L=Belize city, O=Disc Soft Ltd, CN=Disc Soft Ltd, Email=finpr@disc-soft.com
  1440. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
  1441. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
  1442. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
  1443. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
  1444. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
  1445. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
  1446. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
  1447. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
  1448. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
  1449. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
  1450. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
  1451. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
  1452. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
  1453. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
  1454. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xc3f08e9b8780ab00 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II
  1455. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
  1456. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
  1457. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
  1458. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
  1459. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
  1460. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
  1461. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
  1462. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  1463. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
  1464. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
  1465. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xe6519d844e429500 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
  1466. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
  1467. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
  1468. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
  1469. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
  1470. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
  1471. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
  1472. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xbbd90ca8b0b9d000 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
  1473. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
  1474. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
  1475. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  1476. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
  1477. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
  1478. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
  1479. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
  1480. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
  1481. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
  1482. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
  1483. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
  1484. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
  1485. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xe69c54164257cc00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
  1486. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
  1487. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
  1488. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
  1489. 1eb8.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
  1490. 1eb8.1e40: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=58
  1491. 1eb8.1e40: SUPR3HardenedMain: Load Runtime...
  1492. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1493. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  1494. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  1495. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
  1496. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
  1497. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
  1498. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1499. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1500. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1501. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  1502. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1503. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1504. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1505. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1506. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
  1507. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
  1508. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
  1509. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  1510. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1511. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1512. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1513. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1514. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  1515. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  1516. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  1517. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
  1518. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
  1519. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
  1520. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1521. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  1522. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
  1523. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  1524. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1525. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1526. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  1527. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1528. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1529. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
  1530. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
  1531. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
  1532. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1533. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1534. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
  1535. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  1536. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1537. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
  1538. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  1539. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 0000000061e00000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
  1540. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
  1541. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 0000000060fe0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
  1542. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  1543. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd58720000 LB 0x00009000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
  1544. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
  1545. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd563c0000 LB 0x0005a000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
  1546. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  1547. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd32ba0000 LB 0x00543000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
  1548. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1549. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
  1550. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
  1551. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
  1552. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled]
  1553. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1554. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1555. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1556. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1557. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1558. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1559. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1560. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1561. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1562. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1563. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1564. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1565. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1566. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1567. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1568. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1569. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1570. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1571. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1572. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1573. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1574. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1575. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1576. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1577. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1578. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1579. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1580. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1581. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1582. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1583. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1584. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1585. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1586. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1587. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1588. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1589. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1590. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1591. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1592. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1593. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1594. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1595. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1596. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1597. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1598. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1599. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1600. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1601. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32ba0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1602. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\WINDOWS\system32\Wintrust.dll'
  1603. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1604. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1605. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1606. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1607. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  1608. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1609. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1610. 1eb8.1e40: SUPR3HardenedMain: Load TrustedMain...
  1611. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1612. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
  1613. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  1614. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
  1615. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
  1616. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
  1617. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
  1618. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
  1619. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
  1620. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
  1621. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
  1622. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
  1623. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
  1624. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
  1625. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
  1626. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
  1627. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
  1628. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
  1629. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
  1630. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  1631. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  1632. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1633. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1634. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
  1635. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
  1636. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
  1637. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
  1638. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
  1639. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
  1640. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
  1641. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
  1642. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  1643. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  1644. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
  1645. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1646. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1647. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
  1648. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
  1649. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
  1650. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
  1651. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1652. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1653. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  1654. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
  1655. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
  1656. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
  1657. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1658. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
  1659. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
  1660. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
  1661. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
  1662. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
  1663. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
  1664. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1665. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
  1666. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
  1667. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
  1668. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1669. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1670. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1671. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1672. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
  1673. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
  1674. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
  1675. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
  1676. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1677. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1678. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1679. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  1680. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  1681. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
  1682. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
  1683. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
  1684. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1685. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1686. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1687. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1688. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
  1689. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1690. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1691. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
  1692. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1693. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
  1694. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
  1695. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
  1696. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll) WinVerifyTrust
  1697. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
  1698. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  1699. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  1700. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1701. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1702. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
  1703. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1704. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
  1705. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
  1706. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
  1707. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
  1708. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
  1709. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
  1710. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
  1711. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
  1712. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  1713. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1714. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  1715. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
  1716. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
  1717. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1718. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1719. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1720. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1721. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1722. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1723. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  1724. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  1725. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
  1726. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1727. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
  1728. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
  1729. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
  1730. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
  1731. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1732. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1733. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1734. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1735. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1736. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1737. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1738. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1739. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1740. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1741. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1742. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1743. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1744. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1745. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1746. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1747. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1748. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1749. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  1750. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1751. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1752. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1753. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  1754. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  1755. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
  1756. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1757. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1758. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1759. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1760. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1761. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1762. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1763. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1764. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
  1765. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  1766. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
  1767. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  1768. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1769. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1770. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1771. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1772. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  1773. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  1774. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  1775. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
  1776. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1777. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
  1778. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
  1779. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
  1780. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1781. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1782. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1783. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1784. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1785. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1786. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1787. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1788. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1789. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  1790. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
  1791. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
  1792. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
  1793. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
  1794. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
  1795. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1796. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1797. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
  1798. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  1799. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  1800. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
  1801. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1802. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1803. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1804. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1805. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1806. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1807. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1808. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1809. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1810. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1811. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  1812. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1813. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1814. 1eb8.1e40: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
  1815. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1816. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1817. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  1818. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1819. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1820. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
  1821. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1822. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1823. 1eb8.1e40: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
  1824. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1825. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1826. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
  1827. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1828. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  1829. 1eb8.1e40: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
  1830. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
  1831. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
  1832. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  1833. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
  1834. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
  1835. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  1836. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
  1837. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
  1838. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
  1839. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
  1840. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
  1841. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
  1842. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
  1843. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1844. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1845. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1846. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
  1847. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
  1848. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
  1849. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1850. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
  1851. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  1852. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
  1853. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
  1854. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
  1855. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
  1856. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
  1857. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
  1858. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
  1859. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
  1860. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  1861. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
  1862. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
  1863. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
  1864. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
  1865. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
  1866. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
  1867. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
  1868. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
  1869. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
  1870. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
  1871. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
  1872. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
  1873. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
  1874. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
  1875. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1876. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1877. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
  1878. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1879. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1880. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
  1881. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1882. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1883. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
  1884. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1885. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  1886. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
  1887. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
  1888. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
  1889. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
  1890. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
  1891. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
  1892. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1893. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1894. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
  1895. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
  1896. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
  1897. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1898. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
  1899. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
  1900. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
  1901. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
  1902. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
  1903. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
  1904. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
  1905. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
  1906. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1907. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
  1908. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1909. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
  1910. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
  1911. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1912. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1913. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
  1914. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1915. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1916. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  1917. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1918. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1919. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1920. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1921. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1922. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1923. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1924. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  1925. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
  1926. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
  1927. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
  1928. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1929. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1930. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  1931. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1932. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1933. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  1934. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1935. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1936. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1937. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1938. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  1939. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
  1940. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
  1941. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
  1942. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1943. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
  1944. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
  1945. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  1946. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  1947. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  1948. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  1949. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  1950. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
  1951. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
  1952. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
  1953. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
  1954. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
  1955. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  1956. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  1957. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  1958. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
  1959. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
  1960. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
  1961. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1962. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1963. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1964. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1965. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1966. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1967. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1968. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  1969. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1970. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1971. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  1972. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1973. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1974. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  1975. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1976. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1977. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  1978. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1979. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1980. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
  1981. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
  1982. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
  1983. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1984. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
  1985. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
  1986. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
  1987. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
  1988. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
  1989. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1990. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1991. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1992. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1993. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1994. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1995. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1996. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1997. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
  1998. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1999. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2000. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
  2001. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
  2002. 1eb8.1e40: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
  2003. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2004. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
  2005. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  2006. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
  2007. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
  2008. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2009. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2010. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2011. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2012. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2013. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2014. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2015. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2016. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2017. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2018. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2019. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2020. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  2021. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  2022. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
  2023. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2024. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2025. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2026. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2027. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
  2028. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2029. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2030. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2031. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
  2032. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
  2033. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
  2034. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
  2035. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
  2036. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
  2037. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
  2038. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
  2039. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2040. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2041. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  2042. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
  2043. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
  2044. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
  2045. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2046. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2047. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  2048. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2049. 1eb8.1e40: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
  2050. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
  2051. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
  2052. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
  2053. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2054. 1eb8.1e40: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
  2055. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2056. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2057. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
  2058. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2059. 1eb8.1e40: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
  2060. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2061. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2062. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  2063. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2064. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2065. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  2066. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  2067. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
  2068. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
  2069. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  2070. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  2071. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
  2072. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2073. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2074. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
  2075. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2076. 1eb8.1e40: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
  2077. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  2078. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
  2079. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
  2080. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
  2081. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
  2082. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
  2083. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
  2084. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  2085. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
  2086. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
  2087. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
  2088. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
  2089. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  2090. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  2091. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  2092. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll)
  2093. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
  2094. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
  2095. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
  2096. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
  2097. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
  2098. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2099. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
  2100. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
  2101. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
  2102. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd57940000 LB 0x00177000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
  2103. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd56270000 LB 0x00150000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
  2104. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd4f8d0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
  2105. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
  2106. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd3f150000 LB 0x000f8000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
  2107. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
  2108. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd3ea20000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
  2109. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
  2110. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd3df90000 LB 0x0012b000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
  2111. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
  2112. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd58500000 LB 0x00211000 C:\WINDOWS\SYSTEM32\combase.dll [fFlags=0x0]
  2113. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
  2114. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd57f10000 LB 0x00194000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
  2115. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2116. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 000000005f5b0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
  2117. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
  2118. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd58750000 LB 0x00054000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0]
  2119. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
  2120. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd533a0000 LB 0x000a4000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll [fFlags=0x0]
  2121. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [avoiding WinVerifyTrust]
  2122. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd56420000 LB 0x01519000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
  2123. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  2124. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd54010000 LB 0x000b2000 C:\WINDOWS\SYSTEM32\SHCORE.DLL [fFlags=0x0]
  2125. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
  2126. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd57c10000 LB 0x000b6000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
  2127. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
  2128. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd57cd0000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
  2129. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2130. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd58800000 LB 0x00152000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
  2131. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
  2132. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd587b0000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
  2133. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
  2134. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55c40000 LB 0x0004f000 C:\WINDOWS\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
  2135. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
  2136. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd54890000 LB 0x00028000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
  2137. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
  2138. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd52f60000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
  2139. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
  2140. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd530b0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
  2141. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  2142. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd4fcf0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
  2143. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
  2144. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 000000005ec40000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
  2145. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
  2146. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 000000005eb30000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
  2147. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
  2148. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 000000005ea50000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
  2149. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
  2150. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd30810000 LB 0x00ab1000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
  2151. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
  2152. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
  2153. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
  2154. 1eb8.1e40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'.
  2155. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [rescheduled]
  2156. 1eb8.1e40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
  2157. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
  2158. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
  2159. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled]
  2160. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
  2161. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
  2162. 1eb8.1e40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
  2163. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
  2164. 1eb8.1e40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
  2165. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
  2166. 1eb8.1e40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
  2167. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
  2168. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
  2169. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
  2170. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
  2171. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
  2172. 1eb8.1e40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
  2173. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
  2174. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
  2175. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
  2176. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
  2177. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled]
  2178. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
  2179. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
  2180. 1eb8.1e40: \Device\HarddiskVolume4\Windows\System32\nvinitx.dll: Owner is administrators group.
  2181. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nvinitx.dll'.
  2182. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
  2183. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  2184. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  2185. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nvinitx.dll)
  2186. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nvinitx.dll
  2187. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2188. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2189. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  2190. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2191. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2192. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
  2193. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
  2194. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
  2195. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  2196. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll)
  2197. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
  2198. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  2199. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  2200. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
  2201. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
  2202. 1eb8.1e40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
  2203. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2204. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2205. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2206. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2207. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2208. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2209. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2210. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2211. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  2212. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2213. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2214. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2215. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nvinitx.dll [avoiding WinVerifyTrust]
  2216. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
  2217. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55b10000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
  2218. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
  2219. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd55b20000 LB 0x00031000 C:\Windows\system32\nvinitx.dll [fFlags=0x0]
  2220. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nvinitx.dll [avoiding WinVerifyTrust]
  2221. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
  2222. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
  2223. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nvinitx.dll'.
  2224. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nvinitx.dll' [rescheduled]
  2225. 1eb8.1e40: \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll: Owner is administrators group.
  2226. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
  2227. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll)
  2228. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
  2229. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2230. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [avoiding WinVerifyTrust]
  2231. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 000000000f000000 LB 0x00006000 C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll [fFlags=0x0]
  2232. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [avoiding WinVerifyTrust]
  2233. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000000000f000000 'C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll'
  2234. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
  2235. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rescheduled]
  2236. 1eb8.1e40: \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll: Owner is administrators group.
  2237. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'.
  2238. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
  2239. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  2240. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  2241. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'setupapi.dll'.
  2242. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'detoured.dll'.
  2243. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll)
  2244. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll
  2245. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
  2246. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
  2247. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [redoing WinVerifyTrust]
  2248. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
  2249. 1eb8.1e40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
  2250. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  2251. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  2252. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\setupapi.dll'.
  2253. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
  2254. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  2255. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
  2256. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll)
  2257. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
  2258. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2259. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2260. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2261. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2262. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2263. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2264. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2265. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2266. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2267. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2268. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  2269. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  2270. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
  2271. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
  2272. 1eb8.1e40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
  2273. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2274. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [avoiding WinVerifyTrust]
  2275. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd581f0000 LB 0x001da000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
  2276. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll [avoiding WinVerifyTrust]
  2277. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd538a0000 LB 0x00031000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll [fFlags=0x0]
  2278. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [avoiding WinVerifyTrust]
  2279. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd538a0000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll'
  2280. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\setupapi.dll'.
  2281. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rescheduled]
  2282. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'.
  2283. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll' [rescheduled]
  2284. 1eb8.1e40: \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll: Owner is administrators group.
  2285. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'.
  2286. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
  2287. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'detoured.dll'.
  2288. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll)
  2289. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
  2290. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
  2291. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
  2292. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [redoing WinVerifyTrust]
  2293. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
  2294. 1eb8.1e40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
  2295. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2296. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2297. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2298. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [avoiding WinVerifyTrust]
  2299. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd534d0000 LB 0x00022000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll [fFlags=0x0]
  2300. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [avoiding WinVerifyTrust]
  2301. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd534d0000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll'
  2302. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'.
  2303. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll' [rescheduled]
  2304. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55b20000 'C:\Windows\system32\nvinitx.dll'
  2305. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nvinitx.dll [redoing WinVerifyTrust]
  2306. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nvinitx.dll'.
  2307. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\nvinitx.dll
  2308. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2309. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55b20000 'C:\WINDOWS\system32\nvinitx.dll'
  2310. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
  2311. 1eb8.1e40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
  2312. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
  2313. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2314. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd587b0000 'C:\WINDOWS\system32\imm32.dll'
  2315. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd30810000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
  2316. 1eb8.1e40: SUPR3HardenedMain: Calling TrustedMain (00007ffd30811770)...
  2317. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  2318. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2319. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  2320. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000660 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2321. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  2322. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  2323. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=011C79DEF7FEEC81838000B9664073BAE4A7CB92
  2324. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2325. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2326. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
  2327. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2328. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2329. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
  2330. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
  2331. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
  2332. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2333. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2334. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2335. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
  2336. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2337. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2338. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2339. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2340. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2341. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2342. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd54710000 LB 0x00129000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
  2343. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2344. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54710000 'C:\WINDOWS\system32\uxtheme.dll'
  2345. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2346. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2347. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54710000 'C:\WINDOWS\system32\uxtheme.dll'
  2348. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2349. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2350. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54710000 'C:\WINDOWS\system32\uxtheme.dll'
  2351. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2352. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2353. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54710000 'C:\WINDOWS\system32\uxtheme.dll'
  2354. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2355. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
  2356. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
  2357. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
  2358. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
  2359. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd53e10000 LB 0x00021000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
  2360. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
  2361. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
  2362. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
  2363. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
  2364. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
  2365. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd548e0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
  2366. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
  2367. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2368. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2369. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2370. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2371. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2372. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2373. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2374. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2375. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2376. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2377. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2378. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2379. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
  2380. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2381. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2382. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
  2383. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  2384. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2385. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56420000 'C:\WINDOWS\system32\shell32.dll'
  2386. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  2387. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2388. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd580b0000 'C:\WINDOWS\system32\kernel32.dll'
  2389. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2390. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2391. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54710000 'C:\WINDOWS\system32\uxtheme.dll'
  2392. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2393. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2394. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54710000 'C:\WINDOWS\system32\uxtheme.dll'
  2395. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
  2396. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2397. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
  2398. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57940000 'C:\WINDOWS\system32\user32.dll'
  2399. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2400. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2401. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54710000 'C:\WINDOWS\system32\uxtheme.dll'
  2402. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57940000 'C:\WINDOWS\system32\user32.dll'
  2403. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e00000 'C:\WINDOWS\system32\advapi32.dll'
  2404. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2405. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2406. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2407. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  2408. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
  2409. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
  2410. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
  2411. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
  2412. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
  2413. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
  2414. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2415. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2416. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2417. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2418. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2419. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
  2420. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd550c0000 LB 0x00021000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
  2421. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
  2422. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd550c0000 'C:\WINDOWS\system32\userenv.dll'
  2423. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  2424. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2425. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd580b0000 'C:\WINDOWS\system32\kernel32.dll'
  2426. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2427. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
  2428. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
  2429. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
  2430. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd58440000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\clbcatq.dll [fFlags=0x0]
  2431. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
  2432. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2433. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2434. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2435. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2436. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2437. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2438. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
  2439. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2440. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2441. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2442. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  2443. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
  2444. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  2445. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
  2446. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
  2447. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
  2448. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
  2449. 1eb8.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
  2450. 1eb8.2748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
  2451. 1eb8.2748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
  2452. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2453. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2454. 1eb8.2748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2455. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2456. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2457. 1eb8.2748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2458. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2459. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2460. 1eb8.2748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  2461. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
  2462. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
  2463. 1eb8.2748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [redoing WinVerifyTrust]
  2464. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2465. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2466. 1eb8.2748: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\version.dll'
  2467. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2468. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2469. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2470. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2471. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
  2472. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
  2473. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2474. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2475. 1eb8.2748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\psapi.dll) WinVerifyTrust
  2476. 1eb8.2748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\psapi.dll
  2477. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2478. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2479. 1eb8.2748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  2480. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2481. 1eb8.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2482. 1eb8.2748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
  2483. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2484. 1eb8.2748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
  2485. 1eb8.2748: supR3HardenedDllNotificationCallback: load 00007ffd58730000 LB 0x00007000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
  2486. 1eb8.2748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\psapi.dll
  2487. 1eb8.2748: supR3HardenedDllNotificationCallback: load 00007ffd325c0000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
  2488. 1eb8.2748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
  2489. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd325c0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
  2490. 1eb8.2748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2491. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2492. 1eb8.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57cd0000 'C:\Windows\System32\oleaut32.dll'
  2493. 1eb8.2748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
  2494. 1eb8.2748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
  2495. 1eb8.2748: supR3HardenedDllNotificationCallback: load 00007ffd55a70000 LB 0x00099000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
  2496. 1eb8.2748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
  2497. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000798 pwszName=\Device\HarddiskVolume4\Windows\System32\sxs.dll
  2498. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  2499. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  2500. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE9E354C30F5B2A6EDC3DE9416DF14533BE89816
  2501. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2502. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2503. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_846_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\sxs.dll'
  2504. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2505. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
  2506. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2507. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2508. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57cd0000 'C:\WINDOWS\system32\OLEAUT32.dll'
  2509. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
  2510. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2511. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
  2512. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56270000 'C:\WINDOWS\system32\gdi32.dll'
  2513. 1eb8.1158: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2514. 1eb8.1158: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2515. 1eb8.1158: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2516. 1eb8.1158: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2517. 1eb8.1158: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2518. 1eb8.1158: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
  2519. 1eb8.1158: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
  2520. 1eb8.1158: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2521. 1eb8.1158: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2522. 1eb8.1158: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2523. 1eb8.1158: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2524. 1eb8.1158: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2525. 1eb8.1158: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
  2526. 1eb8.1158: supR3HardenedDllNotificationCallback: load 00007ffd53230000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
  2527. 1eb8.1158: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
  2528. 1eb8.1158: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53230000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
  2529. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57940000 'C:\WINDOWS\system32\user32.dll'
  2530. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  2531. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2532. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56420000 'C:\WINDOWS\system32\shell32.dll'
  2533. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2534. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2535. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57f10000 'C:\WINDOWS\system32\ole32.dll'
  2536. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [redoing WinVerifyTrust]
  2537. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2538. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2539. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
  2540. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2541. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd58800000 'C:\WINDOWS\system32\MSCTF.dll'
  2542. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  2543. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2544. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56420000 'C:\WINDOWS\system32\shell32.dll'
  2545. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  2546. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2547. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56420000 'C:\WINDOWS\system32\shell32.dll'
  2548. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2549. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2550. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57f10000 'C:\WINDOWS\system32\ole32.dll'
  2551. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2552. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2553. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57cd0000 'C:\WINDOWS\system32\OLEAUT32.dll'
  2554. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000940 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
  2555. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  2556. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  2557. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=423F3447A3399AF560C707709A03AE5E23FA1CAD
  2558. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2559. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2560. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
  2561. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2562. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2563. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
  2564. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
  2565. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
  2566. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
  2567. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
  2568. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
  2569. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad0 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  2570. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  2571. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  2572. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E264B83DD0BC4A26011E964C5856C40BC4FD6A4
  2573. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  2574. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2575. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2576. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2577. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
  2578. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2579. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2580. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
  2581. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
  2582. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  2583. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2584. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2585. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  2586. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2587. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2588. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2589. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2590. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  2591. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2592. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2593. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  2594. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2595. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
  2596. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  2597. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd4b210000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
  2598. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  2599. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd49d70000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
  2600. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
  2601. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2602. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55c90000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
  2603. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd49d70000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
  2604. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac0 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
  2605. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  2606. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  2607. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34CAAFAC191912291EB7000AE3D54335A7FD4C18
  2608. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2609. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2610. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
  2611. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2612. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2613. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  2614. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
  2615. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
  2616. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2617. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2618. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2619. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2620. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2621. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
  2622. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd4aaf0000 LB 0x00015000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
  2623. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
  2624. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4aaf0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
  2625. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2626. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55c90000 'api-ms-win-core-localization-l1-2-0.dll'
  2627. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2628. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55c90000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
  2629. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b74 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
  2630. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  2631. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  2632. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92F5EA7DEF5292B930D85382B83309F563FFA69F
  2633. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2634. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2635. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
  2636. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2637. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2638. 1eb8.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
  2639. 1eb8.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
  2640. 1eb8.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
  2641. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
  2642. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
  2643. 1eb8.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  2644. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2645. 1eb8.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2646. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2647. 1eb8.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
  2648. 1eb8.1e40: supR3HardenedDllNotificationCallback: load 00007ffd4ab10000 LB 0x000fb000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
  2649. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
  2650. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4ab10000 'C:\WINDOWS\system32\wbem\fastprox.dll'
  2651. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [redir]
  2652. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [redoing WinVerifyTrust]
  2653. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000055c pwszName=\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
  2654. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  2655. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  2656. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6522FA6F02EF4787F28DA6C27054084E2173E41
  2657. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2658. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2659. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
  2660. 1eb8.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2661. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
  2662. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2663. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd533a0000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
  2664. 1eb8.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  2665. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2666. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\SYSTEM32\WINMM.dll'
  2667. 1eb8.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2668. 1eb8.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2669. 1eb8.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
  2670. 1eb8.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2671. 1eb8.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
  2672. 1eb8.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  2673. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2674. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2675. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
  2676. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
  2677. 1eb8.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2678. 1eb8.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
  2679. 1eb8.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
  2680. 1eb8.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
  2681. 1eb8.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
  2682. 1eb8.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
  2683. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2684. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2685. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2686. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2687. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  2688. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  2689. 1eb8.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  2690. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2691. 1eb8.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2692. 1eb8.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2693. 1eb8.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  2694. 1eb8.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
  2695. 1eb8.25e8: supR3HardenedDllNotificationCallback: load 000000005e940000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
  2696. 1eb8.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
  2697. 1eb8.25e8: supR3HardenedDllNotificationCallback: load 00007ffd30570000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
  2698. 1eb8.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  2699. 1eb8.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd30570000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
  2700. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2701. 1eb8.24b0: \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys: Owner is administrators group.
  2702. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2703. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys)
  2704. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
  2705. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [avoiding WinVerifyTrust]
  2706. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2707. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys)
  2708. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys
  2709. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
  2710. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2711. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys)
  2712. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys
  2713. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
  2714. 1eb8.24b0: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
  2715. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
  2716. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
  2717. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys)
  2718. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys
  2719. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
  2720. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2721. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
  2722. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
  2723. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys)
  2724. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys
  2725. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
  2726. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
  2727. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
  2728. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'.
  2729. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2730. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
  2731. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
  2732. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys)
  2733. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys
  2734. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
  2735. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
  2736. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'.
  2737. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2738. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
  2739. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
  2740. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys)
  2741. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys
  2742. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2743. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2744. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'.
  2745. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
  2746. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'hal.dll'.
  2747. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
  2748. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
  2749. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ci.dll'.
  2750. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msrpc.sys'.
  2751. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe)
  2752. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe
  2753. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2754. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2755. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2756. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
  2757. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
  2758. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
  2759. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2760. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2761. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2762. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2763. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2764. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2765. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2766. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2767. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2768. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
  2769. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
  2770. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
  2771. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume4\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
  2772. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ci.dll'.
  2773. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2774. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ci.dll)
  2775. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ci.dll
  2776. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
  2777. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
  2778. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'.
  2779. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2780. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
  2781. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kdcom.dll)
  2782. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kdcom.dll
  2783. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
  2784. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume4\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
  2785. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'.
  2786. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2787. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL)
  2788. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL
  2789. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
  2790. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
  2791. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\hal.dll'.
  2792. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2793. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
  2794. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
  2795. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\hal.dll)
  2796. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\hal.dll
  2797. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
  2798. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
  2799. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'.
  2800. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2801. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
  2802. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\PSHED.DLL)
  2803. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\PSHED.DLL
  2804. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
  2805. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
  2806. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
  2807. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
  2808. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
  2809. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
  2810. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2811. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2812. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2813. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
  2814. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
  2815. 1eb8.7c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'.
  2816. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
  2817. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys)
  2818. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys
  2819. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
  2820. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
  2821. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
  2822. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2823. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2824. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2825. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2826. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2827. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2828. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
  2829. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
  2830. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
  2831. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2832. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2833. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2834. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
  2835. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
  2836. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
  2837. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
  2838. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
  2839. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
  2840. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2841. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2842. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2843. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2844. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2845. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2846. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
  2847. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
  2848. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
  2849. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2850. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2851. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2852. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
  2853. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
  2854. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
  2855. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2856. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys'
  2857. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2858. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys'
  2859. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2860. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys'
  2861. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2862. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys'
  2863. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2864. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys'
  2865. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2866. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2867. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'
  2868. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2869. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2870. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'
  2871. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2872. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2873. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\hal.dll'
  2874. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2875. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2876. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'
  2877. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2878. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2879. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'
  2880. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2881. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2882. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ci.dll'
  2883. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2884. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2885. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'
  2886. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2887. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2888. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'
  2889. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2890. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  2891. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'
  2892. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2893. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2894. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
  2895. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2896. 1eb8.7c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  2897. 1eb8.7c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
  2898. 1eb8.7c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  2899. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2900. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2901. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2902. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2903. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  2904. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  2905. 1eb8.7c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  2906. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2907. 1eb8.7c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2908. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2909. 1eb8.7c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  2910. 1eb8.7c0: supR3HardenedDllNotificationCallback: load 00007ffd53190000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
  2911. 1eb8.7c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  2912. 1eb8.7c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53190000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
  2913. 1eb8.263c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2914. 1eb8.263c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2915. 1eb8.263c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  2916. 1eb8.263c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2917. 1eb8.263c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
  2918. 1eb8.263c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  2919. 1eb8.263c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2920. 1eb8.263c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2921. 1eb8.263c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2922. 1eb8.263c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2923. 1eb8.263c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  2924. 1eb8.263c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2925. 1eb8.263c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2926. 1eb8.263c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2927. 1eb8.263c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  2928. 1eb8.263c: supR3HardenedDllNotificationCallback: load 00007ffd530f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
  2929. 1eb8.263c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  2930. 1eb8.263c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
  2931. 1eb8.98c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2932. 1eb8.98c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2933. 1eb8.98c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  2934. 1eb8.98c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2935. 1eb8.98c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
  2936. 1eb8.98c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  2937. 1eb8.98c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2938. 1eb8.98c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2939. 1eb8.98c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2940. 1eb8.98c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2941. 1eb8.98c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
  2942. 1eb8.98c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2943. 1eb8.98c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2944. 1eb8.98c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2945. 1eb8.98c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  2946. 1eb8.98c: supR3HardenedDllNotificationCallback: load 00007ffd530e0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
  2947. 1eb8.98c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  2948. 1eb8.98c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
  2949. 1eb8.2330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2950. 1eb8.2330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2951. 1eb8.2330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  2952. 1eb8.2330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2953. 1eb8.2330: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
  2954. 1eb8.2330: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  2955. 1eb8.2330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2956. 1eb8.2330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2957. 1eb8.2330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2958. 1eb8.2330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2959. 1eb8.2330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2960. 1eb8.2330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2961. 1eb8.2330: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2962. 1eb8.2330: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  2963. 1eb8.2330: supR3HardenedDllNotificationCallback: load 00007ffd53080000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
  2964. 1eb8.2330: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  2965. 1eb8.2330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53080000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
  2966. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  2967. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2968. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56420000 'C:\WINDOWS\system32/Shell32.dll'
  2969. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  2970. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2971. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd30570000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
  2972. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2973. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2974. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2975. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  2976. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  2977. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
  2978. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
  2979. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2980. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2981. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2982. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2983. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2984. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2985. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2986. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2987. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2988. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2989. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2990. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2991. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2992. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2993. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2994. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd4f3b0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
  2995. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2996. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f3b0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
  2997. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd4f3b0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
  2998. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  2999. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3000. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  3001. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dsound.dll'.
  3002. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
  3003. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  3004. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxddu.dll'.
  3005. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vboxdd2.dll'.
  3006. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
  3007. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
  3008. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ws2_32.dll'.
  3009. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
  3010. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'iphlpapi.dll'.
  3011. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
  3012. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
  3013. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
  3014. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
  3015. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3016. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  3017. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3018. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3019. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
  3020. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
  3021. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
  3022. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
  3023. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3024. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3025. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  3026. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  3027. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  3028. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  3029. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  3030. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  3031. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll [redoing WinVerifyTrust]
  3032. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
  3033. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
  3034. 1eb8.24b0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'.
  3035. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  3036. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
  3037. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
  3038. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
  3039. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  3040. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  3041. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
  3042. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  3043. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  3044. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
  3045. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3046. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3047. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  3048. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3049. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3050. 1eb8.24b0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\setupapi.dll'
  3051. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3052. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3053. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
  3054. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
  3055. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3056. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  3057. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
  3058. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  3059. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
  3060. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  3061. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
  3062. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
  3063. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3064. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3065. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  3066. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  3067. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3068. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  3069. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  3070. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
  3071. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3072. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  3073. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  3074. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  3075. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
  3076. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
  3077. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
  3078. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
  3079. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  3080. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3081. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3082. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  3083. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  3084. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3085. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dsound.dll'...
  3086. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dsound.dll' -> '\Device\HarddiskVolume4\Windows\System32\dsound.dll' [rcNtRedir=0xc0150008]
  3087. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de8 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
  3088. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  3089. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  3090. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF2CE4B6EA46F5759902C86AAA15DD883AC6DD4E
  3091. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3092. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3093. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
  3094. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
  3095. 1eb8.24b0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\newdev.dll'.
  3096. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3097. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  3098. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  3099. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
  3100. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
  3101. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
  3102. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
  3103. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\newdev.dll)
  3104. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\newdev.dll
  3105. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  3106. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  3107. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
  3108. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3109. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3110. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3111. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3112. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  3113. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  3114. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  3115. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  3116. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
  3117. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  3118. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  3119. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
  3120. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
  3121. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
  3122. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3123. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3124. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3125. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3126. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3127. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3128. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3129. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3130. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3131. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3132. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
  3133. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3134. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3135. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  3136. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  3137. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  3138. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
  3139. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
  3140. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
  3141. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
  3142. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  3143. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  3144. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
  3145. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
  3146. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3147. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3148. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3149. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
  3150. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll) WinVerifyTrust
  3151. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
  3152. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3153. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3154. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  3155. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3156. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3157. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3158. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3159. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3160. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3161. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3162. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3163. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3164. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3165. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3166. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3167. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3168. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
  3169. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
  3170. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  3171. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  3172. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
  3173. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
  3174. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\newdev.dll [avoiding WinVerifyTrust]
  3175. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
  3176. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3177. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll)
  3178. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
  3179. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd555f0000 LB 0x00046000 C:\WINDOWS\SYSTEM32\POWRPROF.dll [fFlags=0x0]
  3180. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
  3181. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd3ead0000 LB 0x0009d000 C:\WINDOWS\SYSTEM32\DSOUND.dll [fFlags=0x0]
  3182. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
  3183. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd4ef30000 LB 0x00016000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0]
  3184. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
  3185. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd4a600000 LB 0x00056000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
  3186. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\newdev.dll [avoiding WinVerifyTrust]
  3187. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd502d0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
  3188. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  3189. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd4f3b0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
  3190. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  3191. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd54b60000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
  3192. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
  3193. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd54b70000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
  3194. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
  3195. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd2fc80000 LB 0x008e1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
  3196. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
  3197. 1eb8.24b0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\devrtl.dll'.
  3198. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devrtl.dll' [rescheduled]
  3199. 1eb8.24b0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\newdev.dll'.
  3200. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rescheduled]
  3201. 1eb8.24b0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'.
  3202. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rescheduled]
  3203. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
  3204. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3205. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3206. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\DSOUND.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3207. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ead0000 'C:\WINDOWS\SYSTEM32\DSOUND.dll'
  3208. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2fc80000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
  3209. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3210. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  3211. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3212. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  3213. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd4a860000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
  3214. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  3215. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a860000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
  3216. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3217. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
  3218. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3219. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd325c0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
  3220. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3221. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  3222. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3223. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f3b0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
  3224. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3225. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3226. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  3227. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  3228. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
  3229. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
  3230. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3231. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3232. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  3233. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  3234. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3235. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
  3236. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd50e70000 LB 0x0001d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
  3237. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
  3238. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e70000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
  3239. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3240. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3241. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  3242. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  3243. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
  3244. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  3245. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3246. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3247. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  3248. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  3249. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3250. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  3251. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd4f420000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
  3252. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  3253. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f420000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
  3254. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3255. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3256. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  3257. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  3258. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
  3259. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  3260. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3261. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3262. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  3263. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  3264. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3265. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  3266. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd4a840000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
  3267. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  3268. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a840000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
  3269. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3270. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3271. 1eb8.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3272. 1eb8.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  3273. 1eb8.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
  3274. 1eb8.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  3275. 1eb8.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
  3276. 1eb8.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  3277. 1eb8.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3278. 1eb8.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3279. 1eb8.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  3280. 1eb8.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  3281. 1eb8.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3282. 1eb8.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  3283. 1eb8.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  3284. 1eb8.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3285. 1eb8.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  3286. 1eb8.1138: supR3HardenedDllNotificationCallback: load 00007ffd502c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
  3287. 1eb8.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  3288. 1eb8.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd502c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
  3289. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3290. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3291. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  3292. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  3293. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  3294. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
  3295. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
  3296. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
  3297. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  3298. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3299. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3300. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  3301. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3302. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3303. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3304. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3305. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
  3306. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3307. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3308. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  3309. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  3310. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3311. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  3312. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd446a0000 LB 0x000c4000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
  3313. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  3314. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd446a0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
  3315. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
  3316. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3317. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54b70000 'C:\WINDOWS\system32/Iphlpapi.dll'
  3318. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  3319. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
  3320. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
  3321. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
  3322. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd54b20000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
  3323. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
  3324. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  3325. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
  3326. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
  3327. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
  3328. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
  3329. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd54b40000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
  3330. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
  3331. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f08 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
  3332. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  3333. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  3334. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7A32ED884F605C3353300D1165178C01A252E7
  3335. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  3336. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  3337. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
  3338. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  3339. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  3340. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  3341. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3342. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3343. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  3344. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  3345. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3346. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3347. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3348. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3349. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
  3350. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3351. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
  3352. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000efc pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
  3353. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  3354. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  3355. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=852EBF87DB04C5286E131027705696EE75673482
  3356. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3357. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3358. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
  3359. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3360. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
  3361. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3362. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3363. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3364. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
  3365. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
  3366. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
  3367. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  3368. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
  3369. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
  3370. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [redoing WinVerifyTrust]
  3371. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3372. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3373. 1eb8.24b0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll'
  3374. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3375. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3376. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3377. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3378. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3379. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  3380. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd53a30000 LB 0x00070000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
  3381. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  3382. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53a30000 'C:\WINDOWS\System32\MMDevApi.dll'
  3383. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  3384. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3385. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53a30000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
  3386. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  3387. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3388. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3389. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fb0 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3390. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  3391. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  3392. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D0975C289FEE943955B8CE81B02A0395FAA747
  3393. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3394. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3395. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
  3396. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3397. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3398. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
  3399. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
  3400. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
  3401. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
  3402. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
  3403. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
  3404. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3405. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
  3406. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
  3407. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3408. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3409. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
  3410. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
  3411. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
  3412. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
  3413. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3414. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3415. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3416. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
  3417. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
  3418. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3419. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3420. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  3421. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3422. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3423. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
  3424. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
  3425. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  3426. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3427. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3428. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3429. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3430. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3431. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3432. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
  3433. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
  3434. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd50f10000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
  3435. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
  3436. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd51010000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
  3437. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
  3438. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd50e90000 LB 0x0003e000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
  3439. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3440. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e90000 'C:\WINDOWS\system32\wdmaud.drv'
  3441. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3442. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3443. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e90000 'C:\WINDOWS\system32\wdmaud.drv'
  3444. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3445. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3446. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e90000 'C:\WINDOWS\system32\wdmaud.drv'
  3447. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3448. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3449. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e90000 'C:\WINDOWS\system32\wdmaud.drv'
  3450. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3451. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3452. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e90000 'C:\WINDOWS\system32\wdmaud.drv'
  3453. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3454. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3455. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3456. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  3457. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
  3458. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
  3459. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
  3460. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
  3461. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
  3462. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  3463. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  3464. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
  3465. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3466. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3467. 1eb8.24b0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
  3468. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
  3469. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
  3470. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  3471. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3472. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3473. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  3474. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3475. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3476. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3477. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3478. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3479. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
  3480. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd48370000 LB 0x0007e000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
  3481. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
  3482. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48370000 'C:\WINDOWS\system32\AUDIOSES.DLL'
  3483. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3484. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3485. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e90000 'C:\WINDOWS\system32\wdmaud.drv'
  3486. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
  3487. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3488. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e90000 'C:\WINDOWS\system32\wdmaud.drv'
  3489. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50e90000 'C:\WINDOWS\system32\wdmaud.drv'
  3490. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f0c pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3491. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  3492. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  3493. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC41C5E1A841A83249581F1B29E14A708B8981A9
  3494. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3495. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3496. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
  3497. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3498. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3499. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  3500. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
  3501. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
  3502. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
  3503. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
  3504. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3505. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
  3506. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
  3507. 1eb8.24b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  3508. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
  3509. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
  3510. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3511. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3512. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3513. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
  3514. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
  3515. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3516. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3517. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3518. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3519. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3520. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3521. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3522. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3523. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3524. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3525. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
  3526. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd53450000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
  3527. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
  3528. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd53900000 LB 0x0000b000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
  3529. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3530. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3531. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3532. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3533. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3534. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3535. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3536. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3537. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3538. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3539. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3540. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3541. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3542. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3543. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3544. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3545. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3546. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
  3547. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3548. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3549. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3550. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3551. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53900000 'C:\WINDOWS\system32\msacm32.drv'
  3552. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e18 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
  3553. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  3554. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  3555. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0F2984C30BFC77017EA7B9BF6F656853E29D991
  3556. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3557. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3558. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
  3559. 1eb8.24b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3560. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3561. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  3562. 1eb8.24b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
  3563. 1eb8.24b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
  3564. 1eb8.24b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
  3565. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3566. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3567. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3568. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3569. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3570. 1eb8.24b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3571. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3572. 1eb8.24b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
  3573. 1eb8.24b0: supR3HardenedDllNotificationCallback: load 00007ffd53810000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
  3574. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
  3575. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53810000 'C:\WINDOWS\system32\midimap.dll'
  3576. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
  3577. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3578. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53810000 'C:\WINDOWS\system32\midimap.dll'
  3579. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
  3580. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3581. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53810000 'C:\WINDOWS\system32\midimap.dll'
  3582. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
  3583. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3584. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd53810000 'C:\WINDOWS\system32\midimap.dll'
  3585. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3586. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3587. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3588. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3589. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3590. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  3591. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3592. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3593. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
  3594. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3595. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ead0000 'C:\WINDOWS\System32\dsound.dll'
  3596. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3597. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3598. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3599. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3600. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd530b0000 'C:\WINDOWS\system32\winmm.dll'
  3601. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd30570000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
  3602. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3603. 1eb8.24b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  3604. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3605. 1eb8.24b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd580b0000 'C:\WINDOWS\system32/kernel32.dll'
  3606. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56420000 'C:\WINDOWS\system32\shell32.dll'
  3607. 1eb8.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56420000 'C:\WINDOWS\system32\shell32.dll'
  3608. 1eb8.27ec: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
  3609. 1eb8.27ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
  3610. 1eb8.27ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
  3611. 1eb8.27ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
  3612. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001168 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
  3613. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  3614. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  3615. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55e60000 'C:\Windows\System32\WINTRUST.DLL'
  3616. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\CRYPT32.dll'
  3617. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C2912B1AF73A6796732D1488D75007F742A3299
  3618. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54fb0000 'C:\WINDOWS\system32\rsaenh.dll'
  3619. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55ec0000 'C:\WINDOWS\system32\crypt32.dll'
  3620. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2887595~31bf3856ad364e35~amd64~~6.3.2.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
  3621. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3622. 1eb8.27ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
  3623. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011dc pwszName=\Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3624. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d41580
  3625. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d41580
  3626. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=882660021C5C46F94BCA4950939CB4299A48B320
  3627. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  3628. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000d40bc0
  3629. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d40bc0
  3630. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=882660021C5C46F94BCA4950939CB4299A48B320
  3631. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  3632. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000d40ec0
  3633. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d40ec0
  3634. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=8F0427D3066A071F19F0E4BBFF2618C4E8F3AB057068CC3C3F3F1FA2BB834E15
  3635. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  3636. 1eb8.27ec: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  3637. 1eb8.27ec: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume4\Windows\System32\BfLLR.dll) WinVerifyTrust
  3638. 1eb8.27ec: Error (rc=0):
  3639. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll: Not signed.
  3640. 1eb8.27ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3641. 1eb8.27ec: Error (rc=0):
  3642. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3643. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3644. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3645. 1eb8.27ec: Error (rc=0):
  3646. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3647. 1eb8.27ec: Error (rc=0):
  3648. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3649. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3650. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3651. 1eb8.27ec: Error (rc=0):
  3652. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3653. 1eb8.27ec: Error (rc=0):
  3654. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3655. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3656. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3657. 1eb8.27ec: Error (rc=0):
  3658. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3659. 1eb8.27ec: Error (rc=0):
  3660. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3661. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3662. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3663. 1eb8.27ec: Error (rc=0):
  3664. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3665. 1eb8.27ec: Error (rc=0):
  3666. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3667. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3668. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3669. 1eb8.27ec: Error (rc=0):
  3670. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3671. 1eb8.27ec: Error (rc=0):
  3672. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3673. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3674. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3675. 1eb8.27ec: Error (rc=0):
  3676. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3677. 1eb8.27ec: Error (rc=0):
  3678. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3679. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3680. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3681. 1eb8.27ec: Error (rc=0):
  3682. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3683. 1eb8.27ec: Error (rc=0):
  3684. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3685. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3686. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3687. 1eb8.27ec: Error (rc=0):
  3688. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3689. 1eb8.27ec: Error (rc=0):
  3690. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3691. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3692. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3693. 1eb8.27ec: Error (rc=0):
  3694. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3695. 1eb8.27ec: Error (rc=0):
  3696. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3697. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3698. 1eb8.1238: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
  3699. 1eb8.1238: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3700. 1eb8.1238: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd51010000 'C:\WINDOWS\system32\avrt.dll'
  3701. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3702. 1eb8.27ec: Error (rc=0):
  3703. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3704. 1eb8.27ec: Error (rc=0):
  3705. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3706. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3707. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3708. 1eb8.27ec: Error (rc=0):
  3709. 1eb8.27ec: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume4\Windows\System32\BfLLR.dll
  3710. 1eb8.27ec: Error (rc=0):
  3711. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\BfLLR.dll' (C:\WINDOWS\system32\BfLLR.dll): rcNt=0xc0000190
  3712. 1eb8.27ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\BfLLR.dll'
  3713. 1eb8.1138: supR3HardenedDllNotificationCallback: Unload 00007ffd502c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
  3714. 1eb8.2330: supR3HardenedDllNotificationCallback: Unload 00007ffd53080000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
  3715. 1eb8.98c: supR3HardenedDllNotificationCallback: Unload 00007ffd530e0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
  3716. 1eb8.263c: supR3HardenedDllNotificationCallback: Unload 00007ffd530f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
  3717. 1eb8.7c0: supR3HardenedDllNotificationCallback: Unload 00007ffd53190000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
  3718. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd4a840000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
  3719. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd4f420000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
  3720. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd50e70000 LB 0x0001d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
  3721. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd4a860000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
  3722. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd2fc80000 LB 0x008e1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
  3723. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd502d0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
  3724. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd4a600000 LB 0x00056000 C:\WINDOWS\SYSTEM32\newdev.dll [flags=0x0]
  3725. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd4ef30000 LB 0x00016000 C:\WINDOWS\SYSTEM32\devrtl.DLL [flags=0x0]
  3726. 1eb8.24b0: supR3HardenedDllNotificationCallback: Unload 00007ffd4f3b0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
  3727. 1eb8.1e40: supR3HardenedDllNotificationCallback: Unload 00007ffd53230000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
  3728. 1eb8.1e40: supR3HardenedDllNotificationCallback: Unload 00007ffd4ab10000 LB 0x000fb000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
  3729. 1eb8.1e40: supR3HardenedDllNotificationCallback: Unload 00007ffd4aaf0000 LB 0x00015000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
  3730. 1eb8.1e40: supR3HardenedDllNotificationCallback: Unload 00007ffd49d70000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
  3731. 1eb8.1e40: supR3HardenedDllNotificationCallback: Unload 00007ffd4b210000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
  3732. 1eb8.1e40: supR3HardenedDllNotificationCallback: Unload 00007ffd325c0000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
  3733. 1eb8.1e40: supR3HardenedDllNotificationCallback: Unload 00007ffd58730000 LB 0x00007000 C:\WINDOWS\system32\PSAPI.DLL [flags=0x0]
  3734. 1eb8.1e40: Terminating the normal way: rcExit=0
  3735. bdc.668: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 64185 ms, the end);
  3736. 2760.d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 64840 ms, the end);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!