vbox log dump

1. 2960.2a90: Log file opened: 4.3.22r98236 g_hStartupLog=00000000000000ac g_uNtVerCombined=0x611db110
2. 2960.2a90: \SystemRoot\System32\ntdll.dll:
3. 2960.2a90: CreationTime: 2014-01-25T00:33:12.706829300Z
4. 2960.2a90: LastWriteTime: 2013-08-29T02:16:35.515578900Z
5. 2960.2a90: ChangeTime: 2014-01-29T17:15:35.467793400Z
6. 2960.2a90: FileAttributes: 0x20
7. 2960.2a90: Size: 0x1a6dc0
8. 2960.2a90: NT Headers: 0xe0
9. 2960.2a90: Timestamp: 0x521eaf24
10. 2960.2a90: Machine: 0x8664 - amd64
11. 2960.2a90: Timestamp: 0x521eaf24
12. 2960.2a90: Image Version: 6.1
13. 2960.2a90: SizeOfImage: 0x1a9000 (1740800)
14. 2960.2a90: Resource Dir: 0x151000 LB 0x560d8
15. 2960.2a90: ProductName: Microsoft® Windows® Operating System
16. 2960.2a90: ProductVersion: 6.1.7601.18247
17. 2960.2a90: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
18. 2960.2a90: FileDescription: NT Layer DLL
19. 2960.2a90: \SystemRoot\System32\kernel32.dll:
20. 2960.2a90: CreationTime: 2014-04-09T07:01:11.358819100Z
21. 2960.2a90: LastWriteTime: 2014-03-04T09:44:00.336000000Z
22. 2960.2a90: ChangeTime: 2014-04-16T11:10:37.479585100Z
23. 2960.2a90: FileAttributes: 0x20
24. 2960.2a90: Size: 0x11c000
25. 2960.2a90: NT Headers: 0xe8
26. 2960.2a90: Timestamp: 0x5315a059
27. 2960.2a90: Machine: 0x8664 - amd64
28. 2960.2a90: Timestamp: 0x5315a059
29. 2960.2a90: Image Version: 6.1
30. 2960.2a90: SizeOfImage: 0x11f000 (1175552)
31. 2960.2a90: Resource Dir: 0x116000 LB 0x528
32. 2960.2a90: ProductName: Microsoft® Windows® Operating System
33. 2960.2a90: ProductVersion: 6.1.7601.18409
34. 2960.2a90: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
35. 2960.2a90: FileDescription: Windows NT BASE API Client DLL
36. 2960.2a90: \SystemRoot\System32\KernelBase.dll:
37. 2960.2a90: CreationTime: 2014-05-15T09:03:07.863530100Z
38. 2960.2a90: LastWriteTime: 2014-03-04T09:44:00.336000000Z
39. 2960.2a90: ChangeTime: 2014-05-21T11:23:10.606315600Z
40. 2960.2a90: FileAttributes: 0x20
41. 2960.2a90: Size: 0x67c00
42. 2960.2a90: NT Headers: 0xe8
43. 2960.2a90: Timestamp: 0x5315a05a
44. 2960.2a90: Machine: 0x8664 - amd64
45. 2960.2a90: Timestamp: 0x5315a05a
46. 2960.2a90: Image Version: 6.1
47. 2960.2a90: SizeOfImage: 0x6c000 (442368)
48. 2960.2a90: Resource Dir: 0x6a000 LB 0x530
49. 2960.2a90: ProductName: Microsoft® Windows® Operating System
50. 2960.2a90: ProductVersion: 6.1.7601.18409
51. 2960.2a90: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
52. 2960.2a90: FileDescription: Windows NT BASE API Client DLL
53. 2960.2a90: \SystemRoot\System32\apisetschema.dll:
54. 2960.2a90: CreationTime: 2014-01-25T00:37:06.161182200Z
55. 2960.2a90: LastWriteTime: 2013-08-02T02:12:20.275000000Z
56. 2960.2a90: ChangeTime: 2014-01-25T19:49:28.726511400Z
57. 2960.2a90: FileAttributes: 0x20
58. 2960.2a90: Size: 0x1a00
59. 2960.2a90: NT Headers: 0xc0
60. 2960.2a90: Timestamp: 0x51fb15ca
61. 2960.2a90: Machine: 0x8664 - amd64
62. 2960.2a90: Timestamp: 0x51fb15ca
63. 2960.2a90: Image Version: 6.1
64. 2960.2a90: SizeOfImage: 0x50000 (327680)
65. 2960.2a90: Resource Dir: 0x30000 LB 0x3f8
66. 2960.2a90: ProductName: Microsoft® Windows® Operating System
67. 2960.2a90: ProductVersion: 6.1.7601.18229
68. 2960.2a90: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
69. 2960.2a90: FileDescription: ApiSet Schema DLL
70. 2960.2a90: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71. 2960.2a90: supR3HardenedWinFindAdversaries: 0x100
72. 2960.2a90: \SystemRoot\System32\drivers\avgrkx64.sys:
73. 2960.2a90: CreationTime: 2014-06-18T20:03:20.000000000Z
74. 2960.2a90: LastWriteTime: 2014-06-18T20:03:20.000000000Z
75. 2960.2a90: ChangeTime: 2014-10-20T11:55:29.921577000Z
76. 2960.2a90: FileAttributes: 0x20
77. 2960.2a90: Size: 0x7b18
78. 2960.2a90: NT Headers: 0xe8
79. 2960.2a90: Timestamp: 0x53a1e275
80. 2960.2a90: Machine: 0x8664 - amd64
81. 2960.2a90: Timestamp: 0x53a1e275
82. 2960.2a90: Image Version: 6.1
83. 2960.2a90: SizeOfImage: 0xa000 (40960)
84. 2960.2a90: Resource Dir: 0x9000 LB 0x500
85. 2960.2a90: ProductName: AVG Internet Security
86. 2960.2a90: ProductVersion: 15.0.0.5201
87. 2960.2a90: FileVersion: 15.0.0.5201
88. 2960.2a90: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
89. 2960.2a90: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
90. 2960.2a90: FileDescription: AVG Anti-Rootkit Driver
91. 2960.2a90: \SystemRoot\System32\drivers\avgmfx64.sys:
92. 2960.2a90: CreationTime: 2014-10-05T21:41:40.000000000Z
93. 2960.2a90: LastWriteTime: 2014-10-05T21:41:40.000000000Z
94. 2960.2a90: ChangeTime: 2014-11-12T10:33:53.163971400Z
95. 2960.2a90: FileAttributes: 0x20
96. 2960.2a90: Size: 0x1e518
97. 2960.2a90: NT Headers: 0xe0
98. 2960.2a90: Timestamp: 0x54319ef0
99. 2960.2a90: Machine: 0x8664 - amd64
100. 2960.2a90: Timestamp: 0x54319ef0
101. 2960.2a90: Image Version: 6.1
102. 2960.2a90: SizeOfImage: 0x22000 (139264)
103. 2960.2a90: Resource Dir: 0x20000 LB 0x528
104. 2960.2a90: ProductName: AVG Internet Security
105. 2960.2a90: ProductVersion: 15.0.0.5551
106. 2960.2a90: FileVersion: 15.0.0.5551
107. 2960.2a90: SpecialBuild: AvgVC10_2014_1005_213919(5551), SVNRev 4864070b033d85893c4f701583bf0badb2f61dbf (release/AVG2015-Oct_release), av
108. 2960.2a90: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
109. 2960.2a90: FileDescription: AVG Resident Shield Minifilter Driver
110. 2960.2a90: \SystemRoot\System32\drivers\avgidsdrivera.sys:
111. 2960.2a90: CreationTime: 2014-12-08T21:24:26.000000000Z
112. 2960.2a90: LastWriteTime: 2014-12-08T21:24:26.000000000Z
113. 2960.2a90: ChangeTime: 2015-01-13T11:54:54.004942100Z
114. 2960.2a90: FileAttributes: 0x20
115. 2960.2a90: Size: 0x3fb18
116. 2960.2a90: NT Headers: 0xe0
117. 2960.2a90: Timestamp: 0x548608f5
118. 2960.2a90: Machine: 0x8664 - amd64
119. 2960.2a90: Timestamp: 0x548608f5
120. 2960.2a90: Image Version: 6.1
121. 2960.2a90: SizeOfImage: 0x47000 (290816)
122. 2960.2a90: Resource Dir: 0x45000 LB 0x55c
123. 2960.2a90: ProductName: AVG Internet Security
124. 2960.2a90: ProductVersion: 15.0.0.5642
125. 2960.2a90: FileVersion: 15.0.0.5642
126. 2960.2a90: SpecialBuild: AvCompile_2014_1208_212110(5642), SVNRev c4b202d2c03162c81be83a912a90c4bbe409dba7 (release/SmallUpdate2015-01_release), av
127. 2960.2a90: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
128. 2960.2a90: FileDescription: AVG IDS Application Activity Monitor Driver.
129. 2960.2a90: \SystemRoot\System32\drivers\avgidsha.sys:
130. 2960.2a90: CreationTime: 2014-11-18T21:42:04.000000000Z
131. 2960.2a90: LastWriteTime: 2014-11-18T21:42:04.000000000Z
132. 2960.2a90: ChangeTime: 2015-01-13T11:54:52.834940500Z
133. 2960.2a90: FileAttributes: 0x20
134. 2960.2a90: Size: 0x31b18
135. 2960.2a90: NT Headers: 0xd8
136. 2960.2a90: Timestamp: 0x546baf19
137. 2960.2a90: Machine: 0x8664 - amd64
138. 2960.2a90: Timestamp: 0x546baf19
139. 2960.2a90: Image Version: 6.1
140. 2960.2a90: SizeOfImage: 0x34000 (212992)
141. 2960.2a90: Resource Dir: 0x32000 LB 0x51c
142. 2960.2a90: ProductName: AVG Internet Security
143. 2960.2a90: ProductVersion: 15.0.0.5609
144. 2960.2a90: FileVersion: 15.0.0.5609
145. 2960.2a90: SpecialBuild: AvCompile_2014_1118_213845(5609), SVNRev 577d73f85381cf1fdda6100f13aaebfd7b98a82e (av/devel), av
146. 2960.2a90: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
147. 2960.2a90: FileDescription: AVG Application Activity Monitor Helper Driver
148. 2960.2a90: \SystemRoot\System32\drivers\avgtdia.sys:
149. 2960.2a90: CreationTime: 2014-10-10T15:14:32.000000000Z
150. 2960.2a90: LastWriteTime: 2014-10-10T15:14:32.000000000Z
151. 2960.2a90: ChangeTime: 2014-11-12T10:33:59.447330800Z
152. 2960.2a90: FileAttributes: 0x20
153. 2960.2a90: Size: 0x42f18
154. 2960.2a90: NT Headers: 0xd0
155. 2960.2a90: Timestamp: 0x5437dbab
156. 2960.2a90: Machine: 0x8664 - amd64
157. 2960.2a90: Timestamp: 0x5437dbab
158. 2960.2a90: Image Version: 6.1
159. 2960.2a90: SizeOfImage: 0x46000 (286720)
160. 2960.2a90: Resource Dir: 0x44000 LB 0x514
161. 2960.2a90: ProductName: AVG Internet Security
162. 2960.2a90: ProductVersion: 15.0.0.5553
163. 2960.2a90: FileVersion: 15.0.0.5553
164. 2960.2a90: SpecialBuild: AvgVC10_2014_1010_150458(5553), SVNRev 2af0a3718af0737c526906f8e68ce2f178d6117c (release/AVG2015-Oct_release), av
165. 2960.2a90: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
166. 2960.2a90: FileDescription: AVG Network connection watcher
167. 2960.2a90: \SystemRoot\System32\drivers\avgloga.sys:
168. 2960.2a90: CreationTime: 2014-07-18T14:53:26.000000000Z
169. 2960.2a90: LastWriteTime: 2014-07-18T14:53:26.000000000Z
170. 2960.2a90: ChangeTime: 2014-10-20T11:55:29.409547700Z
171. 2960.2a90: FileAttributes: 0x20
172. 2960.2a90: Size: 0x4c918
173. 2960.2a90: NT Headers: 0xe8
174. 2960.2a90: Timestamp: 0x53c926d0
175. 2960.2a90: Machine: 0x8664 - amd64
176. 2960.2a90: Timestamp: 0x53c926d0
177. 2960.2a90: Image Version: 6.1
178. 2960.2a90: SizeOfImage: 0x4f000 (323584)
179. 2960.2a90: Resource Dir: 0x4d000 LB 0x4f0
180. 2960.2a90: ProductName: AVG Internet Security
181. 2960.2a90: ProductVersion: 15.0.0.5253
182. 2960.2a90: FileVersion: 15.0.0.5253
183. 2960.2a90: SpecialBuild: AvgVC10_2014_0718_154537(5253), SVNRev 448c6021b34489e17d581606b6584bfbd09f8224 (release/AVG2015_beta), av
184. 2960.2a90: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
185. 2960.2a90: FileDescription: AVG Logging Driver
186. 2960.2a90: \SystemRoot\System32\drivers\avgldx64.sys:
187. 2960.2a90: CreationTime: 2014-08-28T21:47:24.000000000Z
188. 2960.2a90: LastWriteTime: 2014-08-28T21:47:24.000000000Z
189. 2960.2a90: ChangeTime: 2014-11-12T10:33:50.737832600Z
190. 2960.2a90: FileAttributes: 0x20
191. 2960.2a90: Size: 0x3b718
192. 2960.2a90: NT Headers: 0xd0
193. 2960.2a90: Timestamp: 0x53ff8749
194. 2960.2a90: Machine: 0x8664 - amd64
195. 2960.2a90: Timestamp: 0x53ff8749
196. 2960.2a90: Image Version: 6.1
197. 2960.2a90: SizeOfImage: 0x40000 (262144)
198. 2960.2a90: Resource Dir: 0x3e000 LB 0x504
199. 2960.2a90: ProductName: AVG Internet Security
200. 2960.2a90: ProductVersion: 15.0.0.5500
201. 2960.2a90: FileVersion: 15.0.0.5500
202. 2960.2a90: SpecialBuild: AvgVC10_2014_0828_213614(5500), SVNRev d9a34f8a555118351dc28a5971fe7707eb760d16 (release/AVG2015-GMS_beta), av
203. 2960.2a90: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
204. 2960.2a90: FileDescription: AVG AVI Loader Driver
205. 2960.2a90: \SystemRoot\System32\drivers\avgdiska.sys:
206. 2960.2a90: CreationTime: 2014-06-18T20:03:34.000000000Z
207. 2960.2a90: LastWriteTime: 2014-06-18T20:03:34.000000000Z
208. 2960.2a90: ChangeTime: 2014-10-20T11:55:39.749139100Z
209. 2960.2a90: FileAttributes: 0x20
210. 2960.2a90: Size: 0x25718
211. 2960.2a90: NT Headers: 0xd0
212. 2960.2a90: Timestamp: 0x53a1e281
213. 2960.2a90: Machine: 0x8664 - amd64
214. 2960.2a90: Timestamp: 0x53a1e281
215. 2960.2a90: Image Version: 6.1
216. 2960.2a90: SizeOfImage: 0x29000 (167936)
217. 2960.2a90: Resource Dir: 0x27000 LB 0x4fc
218. 2960.2a90: ProductName: AVG Internet Security
219. 2960.2a90: ProductVersion: 15.0.0.5201
220. 2960.2a90: FileVersion: 15.0.0.5201
221. 2960.2a90: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
222. 2960.2a90: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
223. 2960.2a90: FileDescription: AVG File Vault Driver
224. 2960.2a90: Calling main()
225. 2960.2a90: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
226. 2960.2a90: SUPR3HardenedMain: Respawn #1
227. 2960.2a90: System32: \Device\HarddiskVolume2\Windows\System32
228. 2960.2a90: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
229. 2960.2a90: KnownDllPath: C:\Windows\system32
230. 2960.2a90: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
231. 2960.2a90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
232. 2960.2a90: supR3HardNtEnableThreadCreation:
233. 2960.2a90: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076dcc340 pvNtTerminateThread=0000000076df17e0
234. 2960.2a90: supR3HardenedWinDoReSpawn(1): New child 2a74.2908 [kernel32].
235. 2960.2a90: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd5000 cbPeb=0x380
236. 2960.2a90: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076da0000 uNtDllChildAddr=0000000076da0000
237. 2960.2a90: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076dcc340
238. 2960.2a90: supR3HardenedWinSetupChildInit: Start child.
239. 2960.2a90: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
240. 2960.2a90: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 64 sleeps
241. 2960.2a90: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
242. 2960.2a90: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
243. 2960.2a90: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
244. 2960.2a90: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
245. 2960.2a90: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
246. 2960.2a90: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
247. 2960.2a90: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
248. 2960.2a90: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
249. 2960.2a90: 0000000000051000-ffffffffffea1fff 0x0001/0x0000 0x0000000
250. 2960.2a90: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000
251. 2960.2a90: 00000000002fc000-00000000002f8fff 0x0104/0x0004 0x0020000
252. 2960.2a90: 00000000002ff000-00000000002fdfff 0x0004/0x0004 0x0020000
253. 2960.2a90: 0000000000300000-ffffffff8985ffff 0x0001/0x0000 0x0000000
254. 2960.2a90: *0000000076da0000-0000000076d9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
255. 2960.2a90: 0000000076da1000-0000000076c9efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
256. 2960.2a90: 0000000076ea3000-0000000076e73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
257. 2960.2a90: 0000000076ed2000-0000000076ec9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
258. 2960.2a90: 0000000076eda000-0000000076ed8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
259. 2960.2a90: 0000000076edb000-0000000076ed7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
260. 2960.2a90: 0000000076ede000-0000000076e72fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
261. 2960.2a90: 0000000076f49000-000000006eeb1fff 0x0001/0x0000 0x0000000
262. 2960.2a90: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
263. 2960.2a90: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
264. 2960.2a90: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
265. 2960.2a90: 000000007fff0000-ffffffffc090ffff 0x0001/0x0000 0x0000000
266. 2960.2a90: *000000013f6d0000-000000013f6cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
267. 2960.2a90: 000000013f6d1000-000000013f64cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
268. 2960.2a90: 000000013f755000-000000013f753fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
269. 2960.2a90: 000000013f756000-000000013f718fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
270. 2960.2a90: 000000013f793000-000000013f791fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
271. 2960.2a90: 000000013f794000-000000013f792fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
272. 2960.2a90: 000000013f795000-000000013f792fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
273. 2960.2a90: 000000013f797000-000000013f795fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274. 2960.2a90: 000000013f798000-000000013f796fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
275. 2960.2a90: 000000013f799000-000000013f794fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
276. 2960.2a90: 000000013f79d000-000000013f763fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
277. 2960.2a90: 000000013f7d6000-fffff8037feebfff 0x0001/0x0000 0x0000000
278. 2960.2a90: *000007feff0c0000-000007feff0befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
279. 2960.2a90: 000007feff0c1000-000007fdfe1d1fff 0x0001/0x0000 0x0000000
280. 2960.2a90: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
281. 2960.2a90: 000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
282. 2960.2a90: *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
283. 2960.2a90: 000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
284. 2960.2a90: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
285. 2960.2a90: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
286. 2960.2a90: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
287. 2960.2a90: VirtualBox.exe: timestamp 0x54dcccba (rc=VINF_SUCCESS)
288. 2960.2a90: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
289. 2960.2a90: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
290. 2960.2a90: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
291. 2960.2a90: supR3HardNtChildPurify: Done after 536 ms and 0 fixes (loop #0).
292. 2a74.2908: Log file opened: 4.3.22r98236 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
293. 2a74.2908: supR3HardenedVmProcessInit: uNtDllAddr=0000000076da0000
294. 2960.2a90: supR3HardNtEnableThreadCreation:
295. 2a74.2908: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
296. 2a74.2908: New simple heap: #1 0000000000300000 LB 0x400000 (for 1740800 allocation)
297. 2a74.2908: System32: \Device\HarddiskVolume2\Windows\System32
298. 2a74.2908: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
299. 2a74.2908: KnownDllPath: C:\Windows\system32
300. 2a74.2908: supR3HardenedVmProcessInit: Opening vboxdrv stub...
301. 2a74.2908: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
302. 2a74.2908: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
303. 2a74.2908: Registered Dll notification callback with NTDLL.
304. 2a74.2908: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
305. 2a74.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
306. 2a74.2908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
307. 2a74.2908: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
308. 2a74.2908: supR3HardenedDllNotificationCallback: load 0000000076c80000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
309. 2a74.2908: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
310. 2a74.2908: supR3HardenedDllNotificationCallback: load 000007fefc9c0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
311. 2a74.2908: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
312. 2a74.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
313. 2a74.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c80000 'C:\Windows\system32\kernel32.dll'
314. 2a74.2908: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076dcc340 pvNtTerminateThread=0000000076df17e0
315. 2960.2a90: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 25 ms.
316. 2a74.2908: \SystemRoot\System32\ntdll.dll:
317. 2a74.2908: CreationTime: 2014-01-25T00:33:12.706829300Z
318. 2a74.2908: LastWriteTime: 2013-08-29T02:16:35.515578900Z
319. 2a74.2908: ChangeTime: 2014-01-29T17:15:35.467793400Z
320. 2a74.2908: FileAttributes: 0x20
321. 2a74.2908: Size: 0x1a6dc0
322. 2a74.2908: NT Headers: 0xe0
323. 2a74.2908: Timestamp: 0x521eaf24
324. 2a74.2908: Machine: 0x8664 - amd64
325. 2a74.2908: Timestamp: 0x521eaf24
326. 2a74.2908: Image Version: 6.1
327. 2a74.2908: SizeOfImage: 0x1a9000 (1740800)
328. 2a74.2908: Resource Dir: 0x151000 LB 0x560d8
329. 2a74.2908: ProductName: Microsoft® Windows® Operating System
330. 2a74.2908: ProductVersion: 6.1.7601.18247
331. 2a74.2908: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
332. 2a74.2908: FileDescription: NT Layer DLL
333. 2a74.2908: \SystemRoot\System32\kernel32.dll:
334. 2a74.2908: CreationTime: 2014-04-09T07:01:11.358819100Z
335. 2a74.2908: LastWriteTime: 2014-03-04T09:44:00.336000000Z
336. 2a74.2908: ChangeTime: 2014-04-16T11:10:37.479585100Z
337. 2a74.2908: FileAttributes: 0x20
338. 2a74.2908: Size: 0x11c000
339. 2a74.2908: NT Headers: 0xe8
340. 2a74.2908: Timestamp: 0x5315a059
341. 2a74.2908: Machine: 0x8664 - amd64
342. 2a74.2908: Timestamp: 0x5315a059
343. 2a74.2908: Image Version: 6.1
344. 2a74.2908: SizeOfImage: 0x11f000 (1175552)
345. 2a74.2908: Resource Dir: 0x116000 LB 0x528
346. 2a74.2908: ProductName: Microsoft® Windows® Operating System
347. 2a74.2908: ProductVersion: 6.1.7601.18409
348. 2a74.2908: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
349. 2a74.2908: FileDescription: Windows NT BASE API Client DLL
350. 2a74.2908: \SystemRoot\System32\KernelBase.dll:
351. 2a74.2908: CreationTime: 2014-05-15T09:03:07.863530100Z
352. 2a74.2908: LastWriteTime: 2014-03-04T09:44:00.336000000Z
353. 2a74.2908: ChangeTime: 2014-05-21T11:23:10.606315600Z
354. 2a74.2908: FileAttributes: 0x20
355. 2a74.2908: Size: 0x67c00
356. 2a74.2908: NT Headers: 0xe8
357. 2a74.2908: Timestamp: 0x5315a05a
358. 2a74.2908: Machine: 0x8664 - amd64
359. 2a74.2908: Timestamp: 0x5315a05a
360. 2a74.2908: Image Version: 6.1
361. 2a74.2908: SizeOfImage: 0x6c000 (442368)
362. 2a74.2908: Resource Dir: 0x6a000 LB 0x530
363. 2a74.2908: ProductName: Microsoft® Windows® Operating System
364. 2a74.2908: ProductVersion: 6.1.7601.18409
365. 2a74.2908: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
366. 2a74.2908: FileDescription: Windows NT BASE API Client DLL
367. 2a74.2908: \SystemRoot\System32\apisetschema.dll:
368. 2a74.2908: CreationTime: 2014-01-25T00:37:06.161182200Z
369. 2a74.2908: LastWriteTime: 2013-08-02T02:12:20.275000000Z
370. 2a74.2908: ChangeTime: 2014-01-25T19:49:28.726511400Z
371. 2a74.2908: FileAttributes: 0x20
372. 2a74.2908: Size: 0x1a00
373. 2a74.2908: NT Headers: 0xc0
374. 2a74.2908: Timestamp: 0x51fb15ca
375. 2a74.2908: Machine: 0x8664 - amd64
376. 2a74.2908: Timestamp: 0x51fb15ca
377. 2a74.2908: Image Version: 6.1
378. 2a74.2908: SizeOfImage: 0x50000 (327680)
379. 2a74.2908: Resource Dir: 0x30000 LB 0x3f8
380. 2a74.2908: ProductName: Microsoft® Windows® Operating System
381. 2a74.2908: ProductVersion: 6.1.7601.18229
382. 2a74.2908: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
383. 2a74.2908: FileDescription: ApiSet Schema DLL
384. 2a74.2908: NtOpenDirectoryObject failed on \Driver: 0xc0000022
385. 2a74.2908: supR3HardenedWinFindAdversaries: 0x100
386. 2a74.2908: \SystemRoot\System32\drivers\avgrkx64.sys:
387. 2a74.2908: CreationTime: 2014-06-18T20:03:20.000000000Z
388. 2a74.2908: LastWriteTime: 2014-06-18T20:03:20.000000000Z
389. 2a74.2908: ChangeTime: 2014-10-20T11:55:29.921577000Z
390. 2a74.2908: FileAttributes: 0x20
391. 2a74.2908: Size: 0x7b18
392. 2a74.2908: NT Headers: 0xe8
393. 2a74.2908: Timestamp: 0x53a1e275
394. 2a74.2908: Machine: 0x8664 - amd64
395. 2a74.2908: Timestamp: 0x53a1e275
396. 2a74.2908: Image Version: 6.1
397. 2a74.2908: SizeOfImage: 0xa000 (40960)
398. 2a74.2908: Resource Dir: 0x9000 LB 0x500
399. 2a74.2908: ProductName: AVG Internet Security
400. 2a74.2908: ProductVersion: 15.0.0.5201
401. 2a74.2908: FileVersion: 15.0.0.5201
402. 2a74.2908: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
403. 2a74.2908: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
404. 2a74.2908: FileDescription: AVG Anti-Rootkit Driver
405. 2a74.2908: \SystemRoot\System32\drivers\avgmfx64.sys:
406. 2a74.2908: CreationTime: 2014-10-05T21:41:40.000000000Z
407. 2a74.2908: LastWriteTime: 2014-10-05T21:41:40.000000000Z
408. 2a74.2908: ChangeTime: 2014-11-12T10:33:53.163971400Z
409. 2a74.2908: FileAttributes: 0x20
410. 2a74.2908: Size: 0x1e518
411. 2a74.2908: NT Headers: 0xe0
412. 2a74.2908: Timestamp: 0x54319ef0
413. 2a74.2908: Machine: 0x8664 - amd64
414. 2a74.2908: Timestamp: 0x54319ef0
415. 2a74.2908: Image Version: 6.1
416. 2a74.2908: SizeOfImage: 0x22000 (139264)
417. 2a74.2908: Resource Dir: 0x20000 LB 0x528
418. 2a74.2908: ProductName: AVG Internet Security
419. 2a74.2908: ProductVersion: 15.0.0.5551
420. 2a74.2908: FileVersion: 15.0.0.5551
421. 2a74.2908: SpecialBuild: AvgVC10_2014_1005_213919(5551), SVNRev 4864070b033d85893c4f701583bf0badb2f61dbf (release/AVG2015-Oct_release), av
422. 2a74.2908: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
423. 2a74.2908: FileDescription: AVG Resident Shield Minifilter Driver
424. 2a74.2908: \SystemRoot\System32\drivers\avgidsdrivera.sys:
425. 2a74.2908: CreationTime: 2014-12-08T21:24:26.000000000Z
426. 2a74.2908: LastWriteTime: 2014-12-08T21:24:26.000000000Z
427. 2a74.2908: ChangeTime: 2015-01-13T11:54:54.004942100Z
428. 2a74.2908: FileAttributes: 0x20
429. 2a74.2908: Size: 0x3fb18
430. 2a74.2908: NT Headers: 0xe0
431. 2a74.2908: Timestamp: 0x548608f5
432. 2a74.2908: Machine: 0x8664 - amd64
433. 2a74.2908: Timestamp: 0x548608f5
434. 2a74.2908: Image Version: 6.1
435. 2a74.2908: SizeOfImage: 0x47000 (290816)
436. 2a74.2908: Resource Dir: 0x45000 LB 0x55c
437. 2a74.2908: ProductName: AVG Internet Security
438. 2a74.2908: ProductVersion: 15.0.0.5642
439. 2a74.2908: FileVersion: 15.0.0.5642
440. 2a74.2908: SpecialBuild: AvCompile_2014_1208_212110(5642), SVNRev c4b202d2c03162c81be83a912a90c4bbe409dba7 (release/SmallUpdate2015-01_release), av
441. 2a74.2908: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
442. 2a74.2908: FileDescription: AVG IDS Application Activity Monitor Driver.
443. 2a74.2908: \SystemRoot\System32\drivers\avgidsha.sys:
444. 2a74.2908: CreationTime: 2014-11-18T21:42:04.000000000Z
445. 2a74.2908: LastWriteTime: 2014-11-18T21:42:04.000000000Z
446. 2a74.2908: ChangeTime: 2015-01-13T11:54:52.834940500Z
447. 2a74.2908: FileAttributes: 0x20
448. 2a74.2908: Size: 0x31b18
449. 2a74.2908: NT Headers: 0xd8
450. 2a74.2908: Timestamp: 0x546baf19
451. 2a74.2908: Machine: 0x8664 - amd64
452. 2a74.2908: Timestamp: 0x546baf19
453. 2a74.2908: Image Version: 6.1
454. 2a74.2908: SizeOfImage: 0x34000 (212992)
455. 2a74.2908: Resource Dir: 0x32000 LB 0x51c
456. 2a74.2908: ProductName: AVG Internet Security
457. 2a74.2908: ProductVersion: 15.0.0.5609
458. 2a74.2908: FileVersion: 15.0.0.5609
459. 2a74.2908: SpecialBuild: AvCompile_2014_1118_213845(5609), SVNRev 577d73f85381cf1fdda6100f13aaebfd7b98a82e (av/devel), av
460. 2a74.2908: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
461. 2a74.2908: FileDescription: AVG Application Activity Monitor Helper Driver
462. 2a74.2908: \SystemRoot\System32\drivers\avgtdia.sys:
463. 2a74.2908: CreationTime: 2014-10-10T15:14:32.000000000Z
464. 2a74.2908: LastWriteTime: 2014-10-10T15:14:32.000000000Z
465. 2a74.2908: ChangeTime: 2014-11-12T10:33:59.447330800Z
466. 2a74.2908: FileAttributes: 0x20
467. 2a74.2908: Size: 0x42f18
468. 2a74.2908: NT Headers: 0xd0
469. 2a74.2908: Timestamp: 0x5437dbab
470. 2a74.2908: Machine: 0x8664 - amd64
471. 2a74.2908: Timestamp: 0x5437dbab
472. 2a74.2908: Image Version: 6.1
473. 2a74.2908: SizeOfImage: 0x46000 (286720)
474. 2a74.2908: Resource Dir: 0x44000 LB 0x514
475. 2a74.2908: ProductName: AVG Internet Security
476. 2a74.2908: ProductVersion: 15.0.0.5553
477. 2a74.2908: FileVersion: 15.0.0.5553
478. 2a74.2908: SpecialBuild: AvgVC10_2014_1010_150458(5553), SVNRev 2af0a3718af0737c526906f8e68ce2f178d6117c (release/AVG2015-Oct_release), av
479. 2a74.2908: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
480. 2a74.2908: FileDescription: AVG Network connection watcher
481. 2a74.2908: \SystemRoot\System32\drivers\avgloga.sys:
482. 2a74.2908: CreationTime: 2014-07-18T14:53:26.000000000Z
483. 2a74.2908: LastWriteTime: 2014-07-18T14:53:26.000000000Z
484. 2a74.2908: ChangeTime: 2014-10-20T11:55:29.409547700Z
485. 2a74.2908: FileAttributes: 0x20
486. 2a74.2908: Size: 0x4c918
487. 2a74.2908: NT Headers: 0xe8
488. 2a74.2908: Timestamp: 0x53c926d0
489. 2a74.2908: Machine: 0x8664 - amd64
490. 2a74.2908: Timestamp: 0x53c926d0
491. 2a74.2908: Image Version: 6.1
492. 2a74.2908: SizeOfImage: 0x4f000 (323584)
493. 2a74.2908: Resource Dir: 0x4d000 LB 0x4f0
494. 2a74.2908: ProductName: AVG Internet Security
495. 2a74.2908: ProductVersion: 15.0.0.5253
496. 2a74.2908: FileVersion: 15.0.0.5253
497. 2a74.2908: SpecialBuild: AvgVC10_2014_0718_154537(5253), SVNRev 448c6021b34489e17d581606b6584bfbd09f8224 (release/AVG2015_beta), av
498. 2a74.2908: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
499. 2a74.2908: FileDescription: AVG Logging Driver
500. 2a74.2908: \SystemRoot\System32\drivers\avgldx64.sys:
501. 2a74.2908: CreationTime: 2014-08-28T21:47:24.000000000Z
502. 2a74.2908: LastWriteTime: 2014-08-28T21:47:24.000000000Z
503. 2a74.2908: ChangeTime: 2014-11-12T10:33:50.737832600Z
504. 2a74.2908: FileAttributes: 0x20
505. 2a74.2908: Size: 0x3b718
506. 2a74.2908: NT Headers: 0xd0
507. 2a74.2908: Timestamp: 0x53ff8749
508. 2a74.2908: Machine: 0x8664 - amd64
509. 2a74.2908: Timestamp: 0x53ff8749
510. 2a74.2908: Image Version: 6.1
511. 2a74.2908: SizeOfImage: 0x40000 (262144)
512. 2a74.2908: Resource Dir: 0x3e000 LB 0x504
513. 2a74.2908: ProductName: AVG Internet Security
514. 2a74.2908: ProductVersion: 15.0.0.5500
515. 2a74.2908: FileVersion: 15.0.0.5500
516. 2a74.2908: SpecialBuild: AvgVC10_2014_0828_213614(5500), SVNRev d9a34f8a555118351dc28a5971fe7707eb760d16 (release/AVG2015-GMS_beta), av
517. 2a74.2908: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
518. 2a74.2908: FileDescription: AVG AVI Loader Driver
519. 2a74.2908: \SystemRoot\System32\drivers\avgdiska.sys:
520. 2a74.2908: CreationTime: 2014-06-18T20:03:34.000000000Z
521. 2a74.2908: LastWriteTime: 2014-06-18T20:03:34.000000000Z
522. 2a74.2908: ChangeTime: 2014-10-20T11:55:39.749139100Z
523. 2a74.2908: FileAttributes: 0x20
524. 2a74.2908: Size: 0x25718
525. 2a74.2908: NT Headers: 0xd0
526. 2a74.2908: Timestamp: 0x53a1e281
527. 2a74.2908: Machine: 0x8664 - amd64
528. 2a74.2908: Timestamp: 0x53a1e281
529. 2a74.2908: Image Version: 6.1
530. 2a74.2908: SizeOfImage: 0x29000 (167936)
531. 2a74.2908: Resource Dir: 0x27000 LB 0x4fc
532. 2a74.2908: ProductName: AVG Internet Security
533. 2a74.2908: ProductVersion: 15.0.0.5201
534. 2a74.2908: FileVersion: 15.0.0.5201
535. 2a74.2908: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
536. 2a74.2908: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
537. 2a74.2908: FileDescription: AVG File Vault Driver
538. 2a74.2908: Calling main()
539. 2a74.2908: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
540. 2a74.2908: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
541. 2a74.2908: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
542. 2a74.2908: SUPR3HardenedMain: Respawn #2
543. 2a74.2908: supR3HardNtEnableThreadCreation:
544. 2a74.2908: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
545. 2a74.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
546. 2a74.2908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
547. 2a74.2908: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
548. 2a74.2908: supR3HardenedDllNotificationCallback: load 000007fefc6b0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
549. 2a74.2908: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
550. 2a74.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6b0000 'C:\Windows\system32\apphelp.dll'
551. 2a74.2908: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076dcc340 pvNtTerminateThread=0000000076df17e0
552. 2a74.2908: supR3HardenedWinDoReSpawn(2): New child 299c.2548 [kernel32].
553. 2a74.2908: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
554. 2a74.2908: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076da0000 uNtDllChildAddr=0000000076da0000
555. 2a74.2908: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076dcc340
556. 2a74.2908: supR3HardenedWinSetupChildInit: Start child.
557. 2a74.2908: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
558. 2a74.2908: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
559. 2a74.2908: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
560. 2a74.2908: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
561. 2a74.2908: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
562. 2a74.2908: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
563. 2a74.2908: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
564. 2a74.2908: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
565. 2a74.2908: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
566. 2a74.2908: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
567. 2a74.2908: 0000000000051000-ffffffffffec1fff 0x0001/0x0000 0x0000000
568. 2a74.2908: *00000000001e0000-00000000000e3fff 0x0000/0x0004 0x0020000
569. 2a74.2908: 00000000002dc000-00000000002d8fff 0x0104/0x0004 0x0020000
570. 2a74.2908: 00000000002df000-00000000002ddfff 0x0004/0x0004 0x0020000
571. 2a74.2908: 00000000002e0000-ffffffff8981ffff 0x0001/0x0000 0x0000000
572. 2a74.2908: *0000000076da0000-0000000076d9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
573. 2a74.2908: 0000000076da1000-0000000076c9efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
574. 2a74.2908: 0000000076ea3000-0000000076e73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
575. 2a74.2908: 0000000076ed2000-0000000076ec9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
576. 2a74.2908: 0000000076eda000-0000000076ed8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
577. 2a74.2908: 0000000076edb000-0000000076ed7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
578. 2a74.2908: 0000000076ede000-0000000076e72fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
579. 2a74.2908: 0000000076f49000-000000006eeb1fff 0x0001/0x0000 0x0000000
580. 2a74.2908: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
581. 2a74.2908: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
582. 2a74.2908: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
583. 2a74.2908: 000000007fff0000-ffffffffc090ffff 0x0001/0x0000 0x0000000
584. 2a74.2908: *000000013f6d0000-000000013f6cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
585. 2a74.2908: 000000013f6d1000-000000013f64cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
586. 2a74.2908: 000000013f755000-000000013f753fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
587. 2a74.2908: 000000013f756000-000000013f718fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
588. 2a74.2908: 000000013f793000-000000013f791fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
589. 2a74.2908: 000000013f794000-000000013f792fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
590. 2a74.2908: 000000013f795000-000000013f792fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
591. 2a74.2908: 000000013f797000-000000013f795fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
592. 2a74.2908: 000000013f798000-000000013f796fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
593. 2a74.2908: 000000013f799000-000000013f794fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
594. 2a74.2908: 000000013f79d000-000000013f763fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
595. 2a74.2908: 000000013f7d6000-fffff8037feebfff 0x0001/0x0000 0x0000000
596. 2a74.2908: *000007feff0c0000-000007feff0befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
597. 2a74.2908: 000007feff0c1000-000007fdfe1d1fff 0x0001/0x0000 0x0000000
598. 2a74.2908: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
599. 2a74.2908: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
600. 2a74.2908: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
601. 2a74.2908: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
602. 2a74.2908: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
603. 2a74.2908: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
604. 2a74.2908: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
605. 2a74.2908: VirtualBox.exe: timestamp 0x54dcccba (rc=VINF_SUCCESS)
606. 2a74.2908: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
607. 2a74.2908: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
608. 2a74.2908: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
609. 2a74.2908: supR3HardNtChildPurify: Done after 557 ms and 0 fixes (loop #0).
610. 299c.2548: Log file opened: 4.3.22r98236 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
611. 299c.2548: supR3HardenedVmProcessInit: uNtDllAddr=0000000076da0000
612. 2a74.2908: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
613. 2a74.2908: supR3HardNtEnableThreadCreation:
614. 299c.2548: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
615. 299c.2548: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1740800 allocation)
616. 299c.2548: System32: \Device\HarddiskVolume2\Windows\System32
617. 299c.2548: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
618. 299c.2548: KnownDllPath: C:\Windows\system32
619. 299c.2548: supR3HardenedVmProcessInit: Opening vboxdrv...
620. 299c.2548: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
621. 299c.2548: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
622. 299c.2548: Registered Dll notification callback with NTDLL.
623. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
624. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
625. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
626. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
627. 299c.2548: supR3HardenedDllNotificationCallback: load 0000000076c80000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
628. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
629. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc9c0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
630. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
631. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
632. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c80000 'C:\Windows\system32\kernel32.dll'
633. 299c.2548: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076dcc340 pvNtTerminateThread=0000000076df17e0
634. 2a74.2908: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 38 ms.
635. 299c.2548: \SystemRoot\System32\ntdll.dll:
636. 299c.2548: CreationTime: 2014-01-25T00:33:12.706829300Z
637. 299c.2548: LastWriteTime: 2013-08-29T02:16:35.515578900Z
638. 299c.2548: ChangeTime: 2014-01-29T17:15:35.467793400Z
639. 299c.2548: FileAttributes: 0x20
640. 299c.2548: Size: 0x1a6dc0
641. 299c.2548: NT Headers: 0xe0
642. 299c.2548: Timestamp: 0x521eaf24
643. 299c.2548: Machine: 0x8664 - amd64
644. 299c.2548: Timestamp: 0x521eaf24
645. 299c.2548: Image Version: 6.1
646. 299c.2548: SizeOfImage: 0x1a9000 (1740800)
647. 299c.2548: Resource Dir: 0x151000 LB 0x560d8
648. 299c.2548: ProductName: Microsoft® Windows® Operating System
649. 299c.2548: ProductVersion: 6.1.7601.18247
650. 299c.2548: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
651. 299c.2548: FileDescription: NT Layer DLL
652. 299c.2548: \SystemRoot\System32\kernel32.dll:
653. 299c.2548: CreationTime: 2014-04-09T07:01:11.358819100Z
654. 299c.2548: LastWriteTime: 2014-03-04T09:44:00.336000000Z
655. 299c.2548: ChangeTime: 2014-04-16T11:10:37.479585100Z
656. 299c.2548: FileAttributes: 0x20
657. 299c.2548: Size: 0x11c000
658. 299c.2548: NT Headers: 0xe8
659. 299c.2548: Timestamp: 0x5315a059
660. 299c.2548: Machine: 0x8664 - amd64
661. 299c.2548: Timestamp: 0x5315a059
662. 299c.2548: Image Version: 6.1
663. 299c.2548: SizeOfImage: 0x11f000 (1175552)
664. 299c.2548: Resource Dir: 0x116000 LB 0x528
665. 299c.2548: ProductName: Microsoft® Windows® Operating System
666. 299c.2548: ProductVersion: 6.1.7601.18409
667. 299c.2548: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
668. 299c.2548: FileDescription: Windows NT BASE API Client DLL
669. 299c.2548: \SystemRoot\System32\KernelBase.dll:
670. 299c.2548: CreationTime: 2014-05-15T09:03:07.863530100Z
671. 299c.2548: LastWriteTime: 2014-03-04T09:44:00.336000000Z
672. 299c.2548: ChangeTime: 2014-05-21T11:23:10.606315600Z
673. 299c.2548: FileAttributes: 0x20
674. 299c.2548: Size: 0x67c00
675. 299c.2548: NT Headers: 0xe8
676. 299c.2548: Timestamp: 0x5315a05a
677. 299c.2548: Machine: 0x8664 - amd64
678. 299c.2548: Timestamp: 0x5315a05a
679. 299c.2548: Image Version: 6.1
680. 299c.2548: SizeOfImage: 0x6c000 (442368)
681. 299c.2548: Resource Dir: 0x6a000 LB 0x530
682. 299c.2548: ProductName: Microsoft® Windows® Operating System
683. 299c.2548: ProductVersion: 6.1.7601.18409
684. 299c.2548: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
685. 299c.2548: FileDescription: Windows NT BASE API Client DLL
686. 299c.2548: \SystemRoot\System32\apisetschema.dll:
687. 299c.2548: CreationTime: 2014-01-25T00:37:06.161182200Z
688. 299c.2548: LastWriteTime: 2013-08-02T02:12:20.275000000Z
689. 299c.2548: ChangeTime: 2014-01-25T19:49:28.726511400Z
690. 299c.2548: FileAttributes: 0x20
691. 299c.2548: Size: 0x1a00
692. 299c.2548: NT Headers: 0xc0
693. 299c.2548: Timestamp: 0x51fb15ca
694. 299c.2548: Machine: 0x8664 - amd64
695. 299c.2548: Timestamp: 0x51fb15ca
696. 299c.2548: Image Version: 6.1
697. 299c.2548: SizeOfImage: 0x50000 (327680)
698. 299c.2548: Resource Dir: 0x30000 LB 0x3f8
699. 299c.2548: ProductName: Microsoft® Windows® Operating System
700. 299c.2548: ProductVersion: 6.1.7601.18229
701. 299c.2548: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
702. 299c.2548: FileDescription: ApiSet Schema DLL
703. 299c.2548: NtOpenDirectoryObject failed on \Driver: 0xc0000022
704. 299c.2548: supR3HardenedWinFindAdversaries: 0x100
705. 299c.2548: \SystemRoot\System32\drivers\avgrkx64.sys:
706. 299c.2548: CreationTime: 2014-06-18T20:03:20.000000000Z
707. 299c.2548: LastWriteTime: 2014-06-18T20:03:20.000000000Z
708. 299c.2548: ChangeTime: 2014-10-20T11:55:29.921577000Z
709. 299c.2548: FileAttributes: 0x20
710. 299c.2548: Size: 0x7b18
711. 299c.2548: NT Headers: 0xe8
712. 299c.2548: Timestamp: 0x53a1e275
713. 299c.2548: Machine: 0x8664 - amd64
714. 299c.2548: Timestamp: 0x53a1e275
715. 299c.2548: Image Version: 6.1
716. 299c.2548: SizeOfImage: 0xa000 (40960)
717. 299c.2548: Resource Dir: 0x9000 LB 0x500
718. 299c.2548: ProductName: AVG Internet Security
719. 299c.2548: ProductVersion: 15.0.0.5201
720. 299c.2548: FileVersion: 15.0.0.5201
721. 299c.2548: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
722. 299c.2548: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
723. 299c.2548: FileDescription: AVG Anti-Rootkit Driver
724. 299c.2548: \SystemRoot\System32\drivers\avgmfx64.sys:
725. 299c.2548: CreationTime: 2014-10-05T21:41:40.000000000Z
726. 299c.2548: LastWriteTime: 2014-10-05T21:41:40.000000000Z
727. 299c.2548: ChangeTime: 2014-11-12T10:33:53.163971400Z
728. 299c.2548: FileAttributes: 0x20
729. 299c.2548: Size: 0x1e518
730. 299c.2548: NT Headers: 0xe0
731. 299c.2548: Timestamp: 0x54319ef0
732. 299c.2548: Machine: 0x8664 - amd64
733. 299c.2548: Timestamp: 0x54319ef0
734. 299c.2548: Image Version: 6.1
735. 299c.2548: SizeOfImage: 0x22000 (139264)
736. 299c.2548: Resource Dir: 0x20000 LB 0x528
737. 299c.2548: ProductName: AVG Internet Security
738. 299c.2548: ProductVersion: 15.0.0.5551
739. 299c.2548: FileVersion: 15.0.0.5551
740. 299c.2548: SpecialBuild: AvgVC10_2014_1005_213919(5551), SVNRev 4864070b033d85893c4f701583bf0badb2f61dbf (release/AVG2015-Oct_release), av
741. 299c.2548: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
742. 299c.2548: FileDescription: AVG Resident Shield Minifilter Driver
743. 299c.2548: \SystemRoot\System32\drivers\avgidsdrivera.sys:
744. 299c.2548: CreationTime: 2014-12-08T21:24:26.000000000Z
745. 299c.2548: LastWriteTime: 2014-12-08T21:24:26.000000000Z
746. 299c.2548: ChangeTime: 2015-01-13T11:54:54.004942100Z
747. 299c.2548: FileAttributes: 0x20
748. 299c.2548: Size: 0x3fb18
749. 299c.2548: NT Headers: 0xe0
750. 299c.2548: Timestamp: 0x548608f5
751. 299c.2548: Machine: 0x8664 - amd64
752. 299c.2548: Timestamp: 0x548608f5
753. 299c.2548: Image Version: 6.1
754. 299c.2548: SizeOfImage: 0x47000 (290816)
755. 299c.2548: Resource Dir: 0x45000 LB 0x55c
756. 299c.2548: ProductName: AVG Internet Security
757. 299c.2548: ProductVersion: 15.0.0.5642
758. 299c.2548: FileVersion: 15.0.0.5642
759. 299c.2548: SpecialBuild: AvCompile_2014_1208_212110(5642), SVNRev c4b202d2c03162c81be83a912a90c4bbe409dba7 (release/SmallUpdate2015-01_release), av
760. 299c.2548: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
761. 299c.2548: FileDescription: AVG IDS Application Activity Monitor Driver.
762. 299c.2548: \SystemRoot\System32\drivers\avgidsha.sys:
763. 299c.2548: CreationTime: 2014-11-18T21:42:04.000000000Z
764. 299c.2548: LastWriteTime: 2014-11-18T21:42:04.000000000Z
765. 299c.2548: ChangeTime: 2015-01-13T11:54:52.834940500Z
766. 299c.2548: FileAttributes: 0x20
767. 299c.2548: Size: 0x31b18
768. 299c.2548: NT Headers: 0xd8
769. 299c.2548: Timestamp: 0x546baf19
770. 299c.2548: Machine: 0x8664 - amd64
771. 299c.2548: Timestamp: 0x546baf19
772. 299c.2548: Image Version: 6.1
773. 299c.2548: SizeOfImage: 0x34000 (212992)
774. 299c.2548: Resource Dir: 0x32000 LB 0x51c
775. 299c.2548: ProductName: AVG Internet Security
776. 299c.2548: ProductVersion: 15.0.0.5609
777. 299c.2548: FileVersion: 15.0.0.5609
778. 299c.2548: SpecialBuild: AvCompile_2014_1118_213845(5609), SVNRev 577d73f85381cf1fdda6100f13aaebfd7b98a82e (av/devel), av
779. 299c.2548: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
780. 299c.2548: FileDescription: AVG Application Activity Monitor Helper Driver
781. 299c.2548: \SystemRoot\System32\drivers\avgtdia.sys:
782. 299c.2548: CreationTime: 2014-10-10T15:14:32.000000000Z
783. 299c.2548: LastWriteTime: 2014-10-10T15:14:32.000000000Z
784. 299c.2548: ChangeTime: 2014-11-12T10:33:59.447330800Z
785. 299c.2548: FileAttributes: 0x20
786. 299c.2548: Size: 0x42f18
787. 299c.2548: NT Headers: 0xd0
788. 299c.2548: Timestamp: 0x5437dbab
789. 299c.2548: Machine: 0x8664 - amd64
790. 299c.2548: Timestamp: 0x5437dbab
791. 299c.2548: Image Version: 6.1
792. 299c.2548: SizeOfImage: 0x46000 (286720)
793. 299c.2548: Resource Dir: 0x44000 LB 0x514
794. 299c.2548: ProductName: AVG Internet Security
795. 299c.2548: ProductVersion: 15.0.0.5553
796. 299c.2548: FileVersion: 15.0.0.5553
797. 299c.2548: SpecialBuild: AvgVC10_2014_1010_150458(5553), SVNRev 2af0a3718af0737c526906f8e68ce2f178d6117c (release/AVG2015-Oct_release), av
798. 299c.2548: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
799. 299c.2548: FileDescription: AVG Network connection watcher
800. 299c.2548: \SystemRoot\System32\drivers\avgloga.sys:
801. 299c.2548: CreationTime: 2014-07-18T14:53:26.000000000Z
802. 299c.2548: LastWriteTime: 2014-07-18T14:53:26.000000000Z
803. 299c.2548: ChangeTime: 2014-10-20T11:55:29.409547700Z
804. 299c.2548: FileAttributes: 0x20
805. 299c.2548: Size: 0x4c918
806. 299c.2548: NT Headers: 0xe8
807. 299c.2548: Timestamp: 0x53c926d0
808. 299c.2548: Machine: 0x8664 - amd64
809. 299c.2548: Timestamp: 0x53c926d0
810. 299c.2548: Image Version: 6.1
811. 299c.2548: SizeOfImage: 0x4f000 (323584)
812. 299c.2548: Resource Dir: 0x4d000 LB 0x4f0
813. 299c.2548: ProductName: AVG Internet Security
814. 299c.2548: ProductVersion: 15.0.0.5253
815. 299c.2548: FileVersion: 15.0.0.5253
816. 299c.2548: SpecialBuild: AvgVC10_2014_0718_154537(5253), SVNRev 448c6021b34489e17d581606b6584bfbd09f8224 (release/AVG2015_beta), av
817. 299c.2548: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
818. 299c.2548: FileDescription: AVG Logging Driver
819. 299c.2548: \SystemRoot\System32\drivers\avgldx64.sys:
820. 299c.2548: CreationTime: 2014-08-28T21:47:24.000000000Z
821. 299c.2548: LastWriteTime: 2014-08-28T21:47:24.000000000Z
822. 299c.2548: ChangeTime: 2014-11-12T10:33:50.737832600Z
823. 299c.2548: FileAttributes: 0x20
824. 299c.2548: Size: 0x3b718
825. 299c.2548: NT Headers: 0xd0
826. 299c.2548: Timestamp: 0x53ff8749
827. 299c.2548: Machine: 0x8664 - amd64
828. 299c.2548: Timestamp: 0x53ff8749
829. 299c.2548: Image Version: 6.1
830. 299c.2548: SizeOfImage: 0x40000 (262144)
831. 299c.2548: Resource Dir: 0x3e000 LB 0x504
832. 299c.2548: ProductName: AVG Internet Security
833. 299c.2548: ProductVersion: 15.0.0.5500
834. 299c.2548: FileVersion: 15.0.0.5500
835. 299c.2548: SpecialBuild: AvgVC10_2014_0828_213614(5500), SVNRev d9a34f8a555118351dc28a5971fe7707eb760d16 (release/AVG2015-GMS_beta), av
836. 299c.2548: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
837. 299c.2548: FileDescription: AVG AVI Loader Driver
838. 299c.2548: \SystemRoot\System32\drivers\avgdiska.sys:
839. 299c.2548: CreationTime: 2014-06-18T20:03:34.000000000Z
840. 299c.2548: LastWriteTime: 2014-06-18T20:03:34.000000000Z
841. 299c.2548: ChangeTime: 2014-10-20T11:55:39.749139100Z
842. 299c.2548: FileAttributes: 0x20
843. 299c.2548: Size: 0x25718
844. 299c.2548: NT Headers: 0xd0
845. 299c.2548: Timestamp: 0x53a1e281
846. 299c.2548: Machine: 0x8664 - amd64
847. 299c.2548: Timestamp: 0x53a1e281
848. 299c.2548: Image Version: 6.1
849. 299c.2548: SizeOfImage: 0x29000 (167936)
850. 299c.2548: Resource Dir: 0x27000 LB 0x4fc
851. 299c.2548: ProductName: AVG Internet Security
852. 299c.2548: ProductVersion: 15.0.0.5201
853. 299c.2548: FileVersion: 15.0.0.5201
854. 299c.2548: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
855. 299c.2548: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
856. 299c.2548: FileDescription: AVG File Vault Driver
857. 299c.2548: Calling main()
858. 299c.2548: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
859. 299c.2548: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
860. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
861. 299c.2548: SUPR3HardenedMain: Final process, opening VBoxDrv...
862. 299c.2548: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002e0000 LB 0x400000)
863. 299c.2548: supR3HardNtEnableThreadCreation:
864. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
865. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
866. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794330:C:\Windows\system32 [calling]
867. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
868. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefe690000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
869. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
870. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
871. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
872. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe690000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
873. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
874. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
875. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe690000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
876. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe690000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
877. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
878. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
879. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
880. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
881. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
882. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
883. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
884. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
885. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
886. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
887. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
888. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
889. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
890. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
891. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
892. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
893. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
894. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
895. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
896. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
897. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
898. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
899. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
900. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
901. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
902. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
903. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
904. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
905. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
906. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
907. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794330:C:\Windows\system32 [calling]
908. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
909. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc930000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
910. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
911. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd4a0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
912. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
913. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefcab0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
914. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
915. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc870000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
916. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
917. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
918. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
919. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc930000 'C:\Windows\system32\Wintrust.dll'
920. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
921. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
922. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
923. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
924. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc0b0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
925. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
926. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc0b0000 'C:\Windows\system32\CRYPTSP.dll'
927. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
928. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
929. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
930. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
931. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
932. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
933. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
934. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
935. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefbdb0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
936. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
937. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdb0000 'C:\Windows\system32\rsaenh.dll'
938. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
939. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
940. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
941. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
942. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
943. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
944. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
945. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
946. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
947. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
948. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
949. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
950. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefdeb0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
951. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
952. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
953. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
954. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
955. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
956. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
957. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
958. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdeb0000 'C:\Windows\system32\ADVAPI32.dll'
959. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
960. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
961. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
962. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
963. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
964. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
965. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
966. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
967. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
968. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
969. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc710000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
970. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
971. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc710000 'C:\Windows\system32\CRYPTBASE.dll'
972. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
973. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
974. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c80000 'C:\Windows\system32\kernel32.dll'
975. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
976. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
977. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc930000 'C:\Windows\system32\WINTRUST.DLL'
978. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
979. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
980. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\Windows\system32\CRYPT32.dll'
981. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
982. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
983. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
984. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
985. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
986. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
987. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
988. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
989. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
990. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
991. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
992. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
993. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd540000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
994. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
995. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\imagehlp.dll'
996. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
997. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
998. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc0b0000 'C:\Windows\system32\CRYPTSP.dll'
999. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1000. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1001. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1002. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1003. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1004. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1005. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
1006. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1007. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1008. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
1009. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
1010. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1011. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1012. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
1013. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
1014. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
1015. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1016. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1017. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1018. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
1019. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
1020. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1021. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1022. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1023. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
1024. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
1025. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1026. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1027. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1028. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1029. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1030. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1031. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1032. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1033. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1034. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1035. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1036. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1037. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1038. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1039. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1040. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1041. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1042. 299c.2548: supR3HardenedDllNotificationCallback: load 0000000076b80000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1043. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1044. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefdc90000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1045. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1046. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd7a0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
1047. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
1048. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefdde0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
1049. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
1050. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1051. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1052. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\gdi32.dll'
1053. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1054. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1055. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
1056. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1057. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1058. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1059. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1060. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1061. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1062. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1063. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
1064. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1065. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1066. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1067. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1068. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1069. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1070. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1071. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1072. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1073. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1074. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1075. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1076. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1077. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1078. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1079. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1080. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1081. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1082. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1083. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1084. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1085. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1086. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd350000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
1087. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1088. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd1f0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1089. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
1090. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\Windows\system32\IMM32.DLL'
1091. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b80000 'C:\Windows\system32\USER32.dll'
1092. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
1093. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1094. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
1095. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
1096. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1097. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1098. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1099. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1100. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1101. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1102. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1103. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1104. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1105. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
1106. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1107. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1108. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1109. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc2d0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
1110. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1111. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1112. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc2a0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
1113. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1114. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2d0000 'C:\Windows\system32\ncrypt.dll'
1115. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1116. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
1117. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
1118. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1119. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1120. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1121. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1122. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1123. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1124. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1125. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1126. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1127. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefbca0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
1128. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1129. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbca0000 'C:\Windows\system32\bcryptprimitives.dll'
1130. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1131. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1132. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2a0000 'C:\Windows\system32\bcrypt.dll'
1133. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1134. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1135. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
1136. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
1137. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1138. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1139. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1140. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1141. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
1142. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
1143. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1144. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1145. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1146. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1147. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1148. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1149. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1150. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1151. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1152. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1153. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1154. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefca60000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1155. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1156. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc880000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1157. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1158. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca60000 'C:\Windows\system32\USERENV.dll'
1159. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1160. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1161. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1162. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1163. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1164. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1165. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1166. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1167. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1168. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1169. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1170. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1171. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1172. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1173. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1174. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1175. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefbad0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1176. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1177. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbad0000 'C:\Windows\system32\GPAPI.dll'
1178. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1179. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1180. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1181. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1182. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc30000 'C:\Windows\system32\rpcrt4.dll'
1183. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1184. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1185. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1186. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1187. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1188. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1189. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1190. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1191. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1192. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1193. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1194. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1195. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1196. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1197. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1198. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1199. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1200. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1201. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1202. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1203. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1204. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1205. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1206. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1207. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1208. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1209. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1210. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1211. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1212. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fef82f0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1213. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1214. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefcd60000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1215. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1216. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1217. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1218. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1219. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1220. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1221. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1222. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1223. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1224. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1225. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1226. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1227. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1228. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1229. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1230. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1231. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1232. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1233. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1234. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1235. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1236. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1237. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1238. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1239. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1240. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1241. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1242. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1243. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1244. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1245. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1246. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82f0000 'C:\Windows\system32\cryptnet.dll'
1247. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1248. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1249. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1250. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1251. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc880000 'C:\Windows\system32\profapi.dll'
1252. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1253. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1254. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1255. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1256. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1257. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1259. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1260. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1261. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1262. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1263. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1264. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1265. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1266. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1267. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1268. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd7b0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1269. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1270. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7b0000 'C:\Windows\system32\SHLWAPI.dll'
1271. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1272. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002983c70
1273. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1274. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
1275. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1276. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1277. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1278. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1279. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1280. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1281. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1282. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1283. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdeb0000 'C:\Windows\system32\ADVAPI32.dll'
1284. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1285. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1286. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1287. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1288. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
1289. 299c.2548: g_pfnWinVerifyTrust=000007fefc931010
1290. 299c.2548: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1291. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1292. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1293. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1294. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=95ACBEABDF95D4540C2AEE45F9DA915B1B77FD1D
1295. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3004394~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1296. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1297. 299c.2548: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1298. 299c.2548: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1299. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1300. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1301. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1302. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=108407301192217C74BC9FE609CA642A66DBE98B
1303. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3004394~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1304. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1305. 299c.2548: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1306. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b8 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1307. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1308. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1309. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1310. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1311. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1312. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1313. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1314. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1315. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1316. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1317. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1318. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1319. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1320. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1321. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1322. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1323. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
1324. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3004394~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1325. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1326. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1327. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000268 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1328. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1329. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1330. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1331. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1332. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1333. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1334. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1335. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1336. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1337. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1338. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1339. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1340. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1341. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1342. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1343. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1344. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1345. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1346. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1347. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1348. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1349. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1350. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1351. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1352. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1353. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1354. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1355. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1356. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1357. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1358. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1359. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F12D3394983F702C1F70874F040CE64DD7AAD14
1360. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_50_for_KB3023607~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1361. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1362. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1363. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1364. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1365. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1366. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1367. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1368. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1369. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1370. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1371. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1372. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1373. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1374. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1375. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1376. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1377. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1378. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1379. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1380. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1381. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1382. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1383. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1384. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1385. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1386. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1387. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
1388. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1389. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1390. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1391. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1392. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1393. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1394. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
1395. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1396. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1397. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1398. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1399. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1400. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1401. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1402. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1403. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1404. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1405. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1406. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1407. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1408. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1409. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1410. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1411. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1412. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1413. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1414. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1415. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1416. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1417. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1418. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1419. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1420. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1421. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1422. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1423. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1424. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1425. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1426. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1427. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1428. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1429. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
1430. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1431. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1432. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1433. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1434. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1435. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1436. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1437. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FE601E1BC89E11CA16D1CA31315BC348EFAF0C74
1438. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1439. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1440. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1441. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1442. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1443. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1444. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1445. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1446. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1447. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1448. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1449. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1450. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1451. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1452. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1453. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1454. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1455. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1456. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1457. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1458. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1459. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1460. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1461. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1462. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1463. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1464. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1465. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1466. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
1467. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1468. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1469. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1470. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1471. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1472. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1473. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
1474. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1475. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1476. 299c.2548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1477. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1478. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002a20030:C:\Windows\system32 [calling]
1479. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\Windows\system32\crypt32.dll'
1480. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x2bb310e1299ee900 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call
1481. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x1e8a2ea9a3f7e300 CN=Generic Root Trust CA
1482. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1483. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1484. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1485. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x130be4bf0783d200 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
1486. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1487. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xf6dec8b9c8511520 C=GB, CN=Default CA
1488. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1489. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1490. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1491. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1492. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
1493. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1494. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1495. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1496. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1497. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1498. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1499. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1500. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1501. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1502. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1503. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xc3f08e9b8780ab00 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II
1504. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1505. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1506. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1507. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
1508. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1509. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1510. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1511. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1512. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1513. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1514. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x5534b165029017e7 C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
1515. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1516. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1517. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1518. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x6b1d5e81c965198 L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
1519. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1520. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1521. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1522. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1523. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1524. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1525. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1526. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1527. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1528. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1529. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1530. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
1531. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1532. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1533. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
1534. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1535. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
1536. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1537. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
1538. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
1539. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1540. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1541. 299c.2548: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1542. 299c.2548: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=62
1543. 299c.2548: SUPR3HardenedMain: Load Runtime...
1544. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1545. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1546. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1547. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1548. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1549. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1550. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1551. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1552. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1553. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1554. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1555. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1556. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1557. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1558. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1559. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1560. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1561. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1562. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1563. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1564. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1565. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1566. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1567. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1568. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1569. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1570. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1571. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1572. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1573. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1574. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1575. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1576. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1577. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1578. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1579. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1580. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1581. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1582. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1583. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1584. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1585. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1586. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
1587. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1588. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1589. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1590. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1591. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1592. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1593. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1594. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084a370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1595. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1596. 299c.2548: supR3HardenedDllNotificationCallback: load 000007feecec0000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1597. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1598. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1599. 299c.2548: supR3HardenedDllNotificationCallback: load 0000000068160000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1600. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1601. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1602. 299c.2548: supR3HardenedDllNotificationCallback: load 00000000680c0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1603. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1604. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd300000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1605. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1606. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd790000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1607. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1608. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1609. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1610. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1611. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1612. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1613. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1614. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1615. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1616. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1617. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1618. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1619. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1620. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1621. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1622. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1623. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1624. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1625. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1626. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1627. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1628. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1629. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1630. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1631. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1632. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1633. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1634. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1635. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1636. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1637. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1638. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1639. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1640. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1641. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1642. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1643. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1644. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1645. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1646. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1647. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1648. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1649. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1650. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1651. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1652. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000794b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\; [calling]
1653. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1654. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1655. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1656. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecec0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1657. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1658. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002a23a30:C:\Windows\system32 [calling]
1659. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc930000 'C:\Windows\system32\Wintrust.dll'
1660. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1661. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002a23a30:C:\Windows\system32 [calling]
1662. 299c.2548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\Windows\system32\crypt32.dll'
1663. 299c.2548: SUPR3HardenedMain: Load TrustedMain...
1664. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1665. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1666. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1667. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1668. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1669. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1670. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1671. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1672. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1673. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1674. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1675. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1676. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1677. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1678. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1679. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1680. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1681. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1682. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1683. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1684. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1685. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1686. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1687. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1688. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1689. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1690. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1691. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1692. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1693. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1695. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1696. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1697. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1698. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1699. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1700. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1701. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1702. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1703. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1704. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1705. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1706. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1707. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1708. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1709. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1710. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1711. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1712. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1713. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1714. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1715. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1716. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1717. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1718. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1719. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1720. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1721. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1722. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1723. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1724. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1725. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1726. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1727. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1728. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1729. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1730. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1731. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1732. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1733. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1734. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1735. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1736. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1737. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1738. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1739. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1740. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1741. 299c.2548: \Device\HarddiskVolume2\Windows\System32\shell32.dll: Owner is administrators group.
1742. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1743. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1744. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1745. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=143C412748B7A9CF95D5BA245639946F054EE138
1746. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1747. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002983c70
1748. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1749. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=143C412748B7A9CF95D5BA245639946F054EE138
1750. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1751. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000029849f0
1752. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029849f0
1753. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=4B3474E1585D113BCEE0039F0648CFC3313C57BBACBF43921CFB32FA8ED48466
1754. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1755. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1756. 299c.2548: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
1757. 299c.2548: Error (rc=0):
1758. 299c.2548: supR3HardenedScreenImage/Imports: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\shell32.dll: Not signed.
1759. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1760. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1761. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1762. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1763. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1764. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1765. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1766. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1767. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1768. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1769. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1770. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1771. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1772. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1773. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1774. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1775. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1776. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1777. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1778. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1779. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1780. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1781. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1782. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1783. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1784. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1785. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1786. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1787. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1788. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1789. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1790. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1791. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1792. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1793. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1794. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1795. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1796. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1797. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1798. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1799. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1800. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1801. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1802. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1803. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1804. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1805. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1806. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1807. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1808. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1809. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1810. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1811. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1812. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1813. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1814. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1815. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1816. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1817. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1818. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1819. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1820. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1821. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1822. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000414 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1823. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1824. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1825. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1826. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1827. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1828. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1829. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1830. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1831. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1832. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1833. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1834. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
1835. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1836. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1837. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1838. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1839. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1840. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1841. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1842. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1843. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1844. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1845. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1846. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1847. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1848. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1849. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1850. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1851. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1852. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
1853. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1854. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1855. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1856. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000042c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1857. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1858. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1859. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1860. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1861. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1862. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1863. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1864. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1865. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
1866. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1867. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1868. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1869. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1870. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1871. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1872. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1873. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1874. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1875. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1876. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1877. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1878. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1879. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1880. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1881. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1882. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1883. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1884. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1885. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1886. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1887. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1888. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1889. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1890. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1891. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1892. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1893. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1894. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1895. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1896. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1897. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1898. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1899. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1900. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1901. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1902. 299c.2548: Error (rc=0):
1903. 299c.2548: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Windows\System32\shell32.dll
1904. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1905. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1906. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1907. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1908. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1909. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1910. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1911. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1912. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1913. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1914. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1915. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1916. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1917. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1918. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1919. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1920. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1921. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1922. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
1923. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1924. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1925. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1926. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1927. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1928. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1929. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1930. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1931. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1932. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1933. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1934. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1935. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1936. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1937. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1938. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1939. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1940. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1941. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1942. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1943. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1944. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1945. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1946. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1947. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1948. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1949. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1950. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1951. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1952. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1953. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1954. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1955. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1956. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1957. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1958. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1959. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1960. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1961. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1962. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1963. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1964. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1965. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1966. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1967. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1968. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1969. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1970. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1971. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1972. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1973. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1974. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1975. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1976. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1977. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1978. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1979. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1980. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1981. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1982. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1983. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1984. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1985. 299c.2548: Error (rc=0):
1986. 299c.2548: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\shell32.dll
1987. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1988. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1989. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000428 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1990. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
1991. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
1992. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
1993. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1994. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1995. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1996. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1997. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1998. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
1999. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
2000. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2001. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2002. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2003. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2004. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2005. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2006. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2007. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2008. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2009. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2010. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2011. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2012. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2013. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2014. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2015. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2016. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2017. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2018. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2019. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2020. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2021. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2022. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2023. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2024. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2025. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2026. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2027. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2028. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2029. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2030. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2031. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2032. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2033. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2034. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2035. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2036. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2037. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
2038. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
2039. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
2040. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
2041. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2042. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2043. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2044. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2045. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
2046. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2047. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2048. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2049. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
2050. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
2051. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
2052. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
2053. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
2054. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2055. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
2056. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
2057. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2058. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2059. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
2060. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2061. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
2062. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
2063. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2064. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2065. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2066. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
2067. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
2068. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
2069. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
2070. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
2071. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
2072. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
2073. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2074. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2075. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
2076. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2077. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
2078. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2079. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2080. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2081. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2082. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2083. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2084. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2085. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2086. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2087. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2088. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2089. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2090. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2091. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000041c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
2092. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
2093. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
2094. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
2095. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
2096. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2097. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2098. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
2099. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
2100. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2101. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2102. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2103. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2104. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2105. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2106. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2107. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2108. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2109. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2110. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2111. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2112. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2113. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2114. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000164 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2115. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002983c70
2116. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002983c70
2117. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
2118. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2119. 299c.2548: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2120. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2121. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2122. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2123. 299c.2548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
2124. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2125. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2126. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2127. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2128. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2129. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2130. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2131. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2132. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2133. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2134. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2135. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2136. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2137. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2138. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2139. 299c.2548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2140. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2141. 299c.2548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2142. 299c.2548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000084a370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2143. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2144. 299c.2548: supR3HardenedDllNotificationCallback: load 000007feec640000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2145. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2146. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2147. 299c.2548: supR3HardenedDllNotificationCallback: load 000007feee130000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
2148. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2149. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
2150. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fef6df0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
2151. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
2152. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
2153. 299c.2548: supR3HardenedDllNotificationCallback: load 000007feee030000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
2154. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
2155. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2156. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefe680000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2157. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2158. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefcdc0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2159. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2160. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefc980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2161. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2162. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefdd00000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2163. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2164. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd580000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2165. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2166. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefca40000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2167. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2168. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2169. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefaa50000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2170. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2171. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2172. 299c.2548: supR3HardenedDllNotificationCallback: load 0000000067de0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
2173. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2174. 299c.2548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2175. 299c.2548: supR3HardenedDllNotificationCallback: load 00000000606c0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
2176. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2177. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefd380000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2178. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2179. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2180. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2181. 299c.2548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2182. 299c.2548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
2183. 299c.2548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2184. 299c.2548: supR3HardenedDllNotificationCallback: load 000007fefa050000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
2185. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
2186. 299c.2548: supR3HardenedDllNotificationCallback: load 000007ff788c0000 LB 0x00dba000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2187. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2188. 299c.2548: Error (rc=0):
2189. 299c.2548: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Windows\System32\shell32.dll
2190. 299c.2548: Fatal error:
2191. 299c.2548: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\Windows\system32\SHELL32.dll' / '\??\C:\Windows\system32\SHELL32.dll': 0xc0000190
2192. 2a74.2908: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 907 ms, the end);
2193. 2960.2a90: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1522 ms, the end);